🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
4 JulCritical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major DistrosCybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is bel…THEHACKERNEWS.COM
4 JulCritical HIKVISION applyCT Flaw Allows Remote Code ExecutionA newly disclosed vulnerability, tracked as CVE-2025-34067, has been identified in HIKVISION’s widely deployed security management platform, applyCT (also known as HikCentral). This critical flaw allows unauthenticated remote code execution (RCE), putting countless surveill…GBHACKERS.COM
4 JulNext.js Vulnerability Allows Attackers to Trigger DoS via Cache PoisoningA critical vulnerability, tracked as CVE-2025-49826, has been discovered and addressed in the popular React-based web framework, Next.js. The flaw, present in versions >=15.1.0 and <15.1.8, allowed attackers to exploit a cache poisoning bug, potentially leading to a Deni…GBHACKERS.COM
4 JulKritische Schwachstelle in Cisco Unified CM entdecktBereits zum zweiten Mal in einer Woche muss Cisco eine Schwachstelle mit höchsten Schweregrad melden. JarTee – shutterstock.com Cisco meldete kürzlich eine Schwachstelle mit höchster Schweregradbewertung (CVSS 10 von 10) in seinen Produkten Unified Communications Manager (Unified…CSOONLINE.COM
4 JulApache APISIX Vulnerability Enables Cross-Issuer Access Under MisconfigurationsA newly disclosed vulnerability, CVE-2025-46647, has been identified in the openid-connect plugin of Apache APISIX, a widely used open-source API gateway. This flaw, rated as important, could allow attackers to gain unauthorized access across different identity issuers …GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 13[−]
4 JulNew Chinese Fake Marketplace e-Commerce Phishing Campaign Spoofs Thousands of Websites of Popular Retail Brands, Abuses Online Payment Services, Security Firm Findssubmitted by Hotznplotzn to cybersecurity 2 points | 0 comments https://www.silentpush.com/blog/fake-marketplace cross-posted from: lemmy.sdf.org/post/37950350 Archived [Security firm] Silent Push Threat Analysts followed a tip from Mexican journalist Ignacio Gómez Villaseñor abo…INFOSEC.PUB
4 JulNew Chinese Fake Marketplace e-Commerce Phishing Campaign Spoofs Thousands of Websites of Popular Retail Brands, Abuses Online Payment Services, Security Firm Findssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.silentpush.com/blog/fake-marketplace Archived [Security firm] Silent Push Threat Analysts followed a tip from Mexican journalist Ignacio Gómez Villaseñor about a threat actor targeting “Hot Sale 2025,” an…SH.ITJUST.WORKS
4 JulResearchers Defeat Content Security Policy Protections via HTML InjectionIn a breakthrough that challenges the perceived safety of nonce-based Content Security Policy (CSP), security researchers have demonstrated a practical method to bypass these protections by combining HTML injection, CSS-based nonce leakage, and browser cache manipulation. The Set…GBHACKERS.COM
4 JulCybersecurity in the supply chain: strategies for managing fourth-party risksFourth-party vendors have become a serious supply chain cybersecurity blind spot. Unlike third parties with direct contractual relationships, fourth parties — the suppliers your vendors rely on — often operate in the shadows, leaving organizations with little visibility and limit…CSOONLINE.COM
4 JulMultiple PHP Vulnerabilities Enables SQLi and DoS Attacks – Update NowSecurity researchers have disclosed two significant vulnerabilities in PHP, the popular server-side scripting language, that could allow attackers to launch SQL injection (SQLi) and Denial of Service (DoS) attacks. According to the report, Administrators and developers are urged …GBHACKERS.COM
4 JulMassive Android Ad Fraud ‘IconAds’ Uses Google Play to Target and Exploit UsersHUMAN’s Satori Threat Intelligence and Research Team has dismantled a sprawling ad fraud operation named IconAds, which infiltrated the Google Play Store with 352 malicious apps. At its peak, this scheme generated a staggering 1.2 billion bid requests daily, flooding users’ scree…GBHACKERS.COM
4 JulHackers Exploit Java Debug Wire Protocol Servers to Deploy Cryptomining PayloadsA sophisticated cyberattack targeting unsecured Java Debug Wire Protocol (JDWP) interfaces on honeypot servers running TeamCity, a popular CI/CD application, has been discovered, according to a startling disclosure from the Wiz Research Team. The team observed that within mere ho…GBHACKERS.COM
4 JulResearchers Discover New Method to Identify Azure Arc in Enterprise Environments and Maintain PersistenceSecurity researchers have discovered novel ways to identify and take advantage of Microsoft Azure Arc in business settings, which is a major advancement in cybersecurity and may reveal weaknesses in this hybrid management system. Introduced in 2019, Azure Arc extends Azure’s nati…GBHACKERS.COM
4 JulWritable File in Lenovo Path Lets Attackers Evade AppLocker RestrictionsA security researcher has uncovered a significant vulnerability affecting Lenovo computers: a writable file within the Windows directory that can be exploited to bypass AppLocker restrictions. The file in question, C:\Windows\MFGSTAT.zip, is present on many Lenovo machines that s…GBHACKERS.COM
4 JulScattered Spider Enhances Tactics to Exploit Legitimate Tools for Evasion and PersistenceScattered Spider, also tracked under aliases such as UNC3944, Scatter Swine, and Muddled Libra, has emerged as a formidable financially motivated cybercriminal group since at least May 2022. Initially known for targeting telecommunications and tech firms with phishing and SIM-swa…GBHACKERS.COM
4 JulVerified, but vulnerable: Malicious extensions exploit IDE trust badgesDevelopers across popular integrated development environments (IDEs) like Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor are at risk of running malicious extensions marked as “verified.” A new report from OX Security revealed that attackers can manipulate verificati…CSOONLINE.COM
4 JulNightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech SectorsCybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in…THEHACKERNEWS.COM
4 JulAI and Cybersecurity: A Deep Dive into Enterprise Applications and Digital Sovereignty with Krish BanerjeeIn this episode of Cybersecurity Today, host Jim Love engages in a comprehensive conversation with Krish Banerjee, the Canada Managing Director at Accenture for AI and Data. They delve into the stark difference between perceived and actual preparedness for cybersecurity in the fa…CYBERSECURITYTODAY.LIBSYN.COM
📋 SECURITY BULLETINS 1[−]
4 JulGrafana releases critical security update for Image Renderer pluginsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/grafana-releases-critical-security-update-for-image-renderer-plugin/SH.ITJUST.WORKS
📢 SECURITY ADVISORIES 3[−]
4 JulDobrindt will mehr in Cybersicherheit investierenBundesinnenminister Alexander Dobrindt will den Schutz vor Cyberangriffen verstärken. hotocosmos1 – shutterstock.com Bundesinnenminister Alexander Dobrindt (CSU) hat verstärkte Maßnahmen gegen Cyberangriffe angekündigt. “Uns geht es darum, dass wir einen Cyber Dome für Deutschlan…CSOONLINE.COM
4 JulMalicious SEO Plugins on WordPress Can Lead to Site TakeoverA new wave of cyberattacks is targeting WordPress websites through malicious SEO plugins that can lead to complete site takeover. Security analysts have uncovered sophisticated malware campaigns where attackers disguise their plugins to blend seamlessly with legitimate site compo…GBHACKERS.COM
4 JulWhy Cybersecurity Experts Need Quantum Skills Now!As quantum computing rapidly advances, today's cybersecurity experts face a ticking clock. In this short, Aaran explains why mastering AI supervision, quantum threat modeling, and quantum-resilient encryption is no longer optional—it's essential. With threats evolving faster than…YOUTUBE.COM
🔥 INCIDENT REPORTING 11[−]
4 JulCatwatchful Android Spyware Leaks Credentials of 62,000+ UsersA major security lapse has exposed the credentials of over 62,000 users of Catwatchful, a full-featured Android spyware app that openly markets itself as a tool for covert surveillance. The breach, discovered by a security researcher, highlights the persistent risks posed by stal…GBHACKERS.COM
4 JulIn Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator ProbedNoteworthy stories that might have slipped under the radar: drug cartel hires hacker to identify FBI informants, prison time for Russian ransomware developer, ransomware negotiator investigated. The post In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ra…SECURITYWEEK.COM
4 JulSquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents AreEvery security practitioner knows that employees are the weakest link in an organization, butthis is no longer the case. SquareX’s research reveals that Browser AI Agents are more likely tofall prey to cyberattacks than employees, making them the new weakest link that enterprises…GBHACKERS.COM
4 JulHunters International ransomware group shuts down – but will it regroup under a new guise?The notorious Hunters International ransomware-as-a-service operation has announced that it has shut down, in a message posted on its dark web leak site. In a statement on its extortion site, the ransomware group says that it has not only "decided to close the Hunters Internation…BITDEFENDER.COM
4 JulIdeaLab confirms data stolen in ransomware attack last yearsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/idealab-confirms-data-stolen-in-ransomware-attack-last-year/SH.ITJUST.WORKS
4 JulIngram Micro suffers global outage as internal systems inaccessibleIT giant Ingram Micro is experiencing a global outage that is impacting its websites and internal systems, with customers concerned that it may be a cyberattack after the company remains silent on the cause of the issues. [...]BLEEPINGCOMPUTER.COM
4 JulHacker leaks Telefónica data allegedly stolen in a new breachA hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. [...]BLEEPINGCOMPUTER.COM
4 JulTechnical difficulties or cyber attack? Ingram Micro’s website goes down just in time for the holiday weekendNothing says "Holiday Weekend" like a mysterious IT outage.GRAHAMCLULEY.COM
4 JulHacker leaks Telefónica data allegedly stolen in a new breachsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hacker-leaks-telef-nica-data-allegedly-stolen-in-a-new-breach/SH.ITJUST.WORKS
4 JulHunters International Ransomware Is Not Shutting Down, It’s Rebranding - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/ransomware-hunters-international/SH.ITJUST.WORKS
4 JulNorth Korea, ransomware, social engineering, AI, Apple, Drugs & Iran - SWN #491North Korea, ransomware, social engineering, AI, Apple, Drugs & Iran on this edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-491YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 22[−]
4 JulNew “123 | Stealer” Malware Rented on Dark Web for $120/MonthA new credential-stealing malware, dubbed “123 | Stealer,” has surfaced on underground cybercrime forums, with the threat actor known as #koneko offering the tool for rent at $120 per month. The malware, which is being marketed as a powerful and flexible informat…GBHACKERS.COM
4 JulCybercriminals Use Fake Cloudflare Verification Screens to Deceive Users into Running MalwareThreat actors have developed a clever social engineering technique to disseminate malware by posing as trustworthy security measures, which is a terrifying new development in the realm of cybercrime. Cybersecurity researchers have uncovered a malicious campaign that leverages fak…GBHACKERS.COM
4 JulHackers Abuse Legitimate Inno Setup Installer to Deliver MalwareCybercriminals are increasingly weaponizing legitimate software installer frameworks like Inno Setup to distribute malware, turning user-friendly tools into covert vehicles for malicious payloads. Originally designed to simplify software deployment on Windows, Inno Setup has beco…GBHACKERS.COM
4 JulInstagram Now Rotating TLS Certificates Daily with 1-Week ValidityInstagram has begun rotating its TLS certificates on a daily basis, with each certificate valid for just over a week. This approach, which goes far beyond current industry standards, was discovered during routine network debugging and has since been confirmed through systematic m…GBHACKERS.COM
4 JulNorth Korean Hackers Target Crypto Firms with Novel macOS Malware - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/north-korea-crypto-macos-malware/SH.ITJUST.WORKS
4 JulLinux Users Urged to Patch Critical Sudo CVE - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/linux-users-urged-to-patch/SH.ITJUST.WORKS
4 JulRecruiting software maker exposes nearly 26M resumes | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/talenthook-data-leak-exposes-millions/SH.ITJUST.WORKS
4 JulNew Fake Marketplace From China Mimics Top Retail Brands for Fraudsubmitted by kid to cybersecurity 3 points | 0 comments https://hackread.com/china-fake-marketplace-mimics-top-retail-brands-fraud/SH.ITJUST.WORKS
4 JulhackArcanasubmitted by kid to cybersecurity 1 points | 0 comments https://hackarcana.com/article/yet-another-zip-trickSH.ITJUST.WORKS
4 JulNew Hpingbot Abusing Pastebin for Payload Delivery and Hping3 Tool to Launch DDoS Attackssubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/new-hpingbot-abusing-pastebin-for-payload-delivery-and-hping3-tool/SH.ITJUST.WORKS
4 JulOkta observes v0 AI tool used to build phishing sites | Oktasubmitted by kid to cybersecurity 1 points | 0 comments https://www.okta.com/newsroom/articles/okta-observes-v0-ai-tool-used-to-build-phishing-sites/SH.ITJUST.WORKS
4 JulHackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malwaresubmitted by kid to cybersecurity 7 points | 2 comments https://cybersecuritynews.com/hackers-use-fake-cloudflare-verification-screen/SH.ITJUST.WORKS
4 JulWhen ThreatLocker Meets the Dance Floor 💃 #CyberConfessionsWhen cybersecurity analyst Jackie McGuire hit the dance floor at Zero Trust World, she didn’t hold back—and neither did her knees. This behind-the-scenes moment captures the hilarious reality of what happens after the keynotes and panels. From deep ThreatLocker insights to unforg…YOUTUBE.COM
4 JulBSidesSLC 2025submitted by ashar to security_cpe 1 points | 0 comments https://youtube.com/playlist?list=PLqVzh0_XpLfS_Sr8GkzLKXkJA-mmT62fR BSidesSLC 2025 Welcome to BSidesSLC 2025! This playlist features all recorded talks from this year’s conference, held in Salt Lake City, Utah. From red te…INFOSEC.PUB
4 JulSecurity Teams Are Drowning in Startup HypeSecurity pros are drowning in flashy demos and overfunded noise. In this short, cybersecurity expert Paul Nguyen exposes how the venture capital boom is overwhelming CISOs with companies that shouldn’t even exist. From small tools turned startups to the real challenge of separati…YOUTUBE.COM
4 JulIs ChatGPT Creating a Lazy Generation? #AIeducationCybersecurity expert Joshua Marpet shares a blunt take on how students are using ChatGPT to cheat in school. Instead of learning, they’re just copying answers and chasing checkmarks. This short highlights a growing concern in tech and education: are we raising a generation that v…YOUTUBE.COM
4 JulUkraine’s Cyber Survival Isn’t Strategy… It’s Instinct 🚨 #CyberWarUkraine’s digital backbone didn’t collapse under attack—it evolved. This short reveals how resilience wasn’t a strategy, it was survival. From cloud migration to real-time threat sharing and aggressive attribution, Ukraine shifted from defense to disruption. Civilian cyber talent…YOUTUBE.COM
4 JulBringing ChatGPT to Court: Genius or Disaster? ⚖️🤯When a regular person brought ChatGPT into a courtroom as legal counsel, no one expected what happened next. Judges weren’t just unimpressed—they shut it down fast. In this short clip, cybersecurity pros react to the wild story of someone trying to use AI for self-representation …YOUTUBE.COM
4 JulDark, Stormy... and Totally WRONG!Cybersecurity professor Doug White hilariously shuts down one of the oldest writing clichés ever used: “It was a dark and stormy night...” In this clip, he explains why this infamous line is a no-go for students writing security papers — and his reaction is priceless. From academ…YOUTUBE.COM
4 JulVixen Panda? 4chan? This Is Getting Crazy!Nation-state hackers aren’t just targeting governments anymore — they’re coming for everyone. In this shocking clip, cybersecurity expert Doug White reveals how online threats have evolved, mentioning mysterious actors like "Vixen Panda" and unexpected platforms like 4chan. This …YOUTUBE.COM
4 JulFriday Squid Blogging: How Squid Skin Distorts LightNew research . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
4 JulAccident Waiting To Happen: 40 Plants, 0 SecurityDozens of water treatment plants are exposing live control dashboards online—no passwords, no security. This short reveals how 40+ systems are open to anyone with a browser, allowing dangerous access to chlorine feeds and pump controls. No hacks, just shocking misconfigurations. …YOUTUBE.COM
🎙️ PODCASTS 1[−]
4 JulHow to get into cybersecurity | Unlocked 403 cybersecurity podcast (S2E3)Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-paced field.WELIVESECURITY.COM
📡 INFOSEC NEWS 6[−]
4 JulGoogle Ordered to Pay $314M for Misusing Android Users' Cellular Data Without PermissionGoogle has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they were idle to passively send information to the company. The verdict marks an end to a legal class-action complaint tha…THEHACKERNEWS.COM
4 JulYour AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop ItGenerative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leak—and most teams don’t even realize it. If you’re …THEHACKERNEWS.COM
4 JulCatwatchful stalkerware app spills secrets of 62,000 users – including its own adminAnother scummy stalkerware app has spilled its guts, revealing the details of its 62,000 users - and data from thousands of victims' infected devices.GRAHAMCLULEY.COM
4 JulChatGPT Deep Research tests new connectors for more contextChatGPT Deep Research, which is an AI research tool to automate research, is getting support for new connectors (integrations), including Slack. [...]BLEEPINGCOMPUTER.COM
4 JulGoogle's AI video maker Veo 3 is now available via $20 GeminiGoogle says Veo 3, which is the company's state-of-the-art video generator, is now shipping to everyone using the Gemini app with a $20 subscription. [...]BLEEPINGCOMPUTER.COM
4 JulTask scams: Why you should never pay to get paidSome schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.WELIVESECURITY.COM