🚨 CISA KEV 1[−]
10 Jul KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-5777 Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability These types of vulnerabilities are frequent attack vectors f…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
10 JulWarning to ServiceNow admins: Fix your access control lists nowA vulnerability in the way ServiceNow manages user access control lists can easily allow a threat actor to steal sensitive data, says a security vendor, who urges admins to review their custom and standard data configuration tables to beef up security.. Researchers at Varonis tol…CIO.COM
10 JulCritical mcp‑remote Vulnerability Enables LLM Clients to Remote Code ExecutionThe JFrog Security Research team has discovered a critical security vulnerability in mcp-remote, a widely used tool that enables Large Language Model clients to communicate with remote servers, potentially allowing attackers to achieve full system compromise through remote code e…GBHACKERS.COM
10 JulServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLsA high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 (CVSS score: 8.2), has been described as a case of data inference in Now Platform…THEHACKERNEWS.COM
10 JulHackers Exploit GeoServer RCE Flaw to Deploy Cryptocurrency MinersThe AhnLab Security Intelligence Center (ASEC) has confirmed that unpatched GeoServer instances are still facing relentless attacks by threat actors exploiting a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2024-36401. GeoServer, an open-source Geographic…GBHACKERS.COM
10 JulAMD discloses new CPU flaws that can enable data leaks via timing attacksAMD has disclosed four new processor vulnerabilities that could allow attackers to steal sensitive data from enterprise systems through timing-based side-channel attacks. The vulnerabilities, designated AMD-SB-7029 and known as Transient Scheduler Attacks, affect a broad range of…CSOONLINE.COM
10 JulServiceNow Platform Vulnerability Enables Attackers to Exfiltrate Sensitive DataSecurity researchers have identified a critical vulnerability in ServiceNow’s widely-used enterprise platform that could enable attackers to extract sensitive data including personally identifiable information (PII), credentials, and financial records. The flaw, dubbed R…GBHACKERS.COM
10 JulCVE-2025-6514 Threatens LLM clientssubmitted by kid to cybersecurity 1 points | 0 comments https://jfrog.com/blog/2025-6514-critical-mcp-remote-rce-vulnerability/SH.ITJUST.WORKS
10 JulCritical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ DownloadsCybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system (OS) commands. The vulnerability, tracked as CVE-2025-6514, carries a CVSS score of 9.6 out of 10.0. "The vuln…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 21[−]
10 JulMcDonald’s AI Hiring Bot Exposed with ‘123456’ Password — Millions of Job‑Seekers’ Data at RiskA shocking security vulnerability in McDonald’s AI-powered hiring system has exposed the personal information of millions of job applicants, after security researchers discovered they could access the entire database using the laughably weak password “123456.” T…GBHACKERS.COM
10 JulMCP is fueling agentic AI — and introducing new security risksModel Context Protocol (MCP) was created in late 2024 by OpenAI’s top competitor Anthropic. It was so good as a means for providing a standardized way to connect AI models to various data sources and tools that OpenAI adopted it as a standard, as have most other big AI players an…CSOONLINE.COM
10 JulRuckus Networks leaves severe flaws unpatched in management devicessubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/ruckus-networks-leaves-severe-flaws-unpatched-in-management-devices/INFOSEC.PUB
10 JulResearchers Trick ChatGPT into Leaking Windows Product KeysSecurity researchers have successfully demonstrated a sophisticated method to bypass ChatGPT’s protective guardrails, tricking the AI into revealing legitimate Windows product keys through what appears to be a harmless guessing game. This discovery highlights critical vulne…GBHACKERS.COM
10 JulNew “Opossum” Attack Breaches Secure TLS by Injecting Malicious MessagesA newly discovered man-in-the-middle exploit dubbed “Opossum” has demonstrated the unsettling ability to compromise secure communications over Transport Layer Security (TLS) by injecting unauthorized messages into an active session. Researchers warn that Opossum targets a wide ra…GBHACKERS.COM
10 JulCritical Ruckus Wireless Flaws Threaten Enterprise Wi‑Fi SecurityMultiple critical vulnerabilities discovered in Ruckus Wireless management products pose severe security risks to enterprise networks, with issues ranging from authentication bypass to remote code execution that could lead to complete system compromise. The vulnerabilities affect…GBHACKERS.COM
10 JulMillions of Cars Exposed to Remote Hacking via PerfektBlue AttackPCA Cyber Security has discovered critical vulnerabilities in the BlueSDK Bluetooth stack that could have allowed remote code execution on car systems. The post Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack appeared first on SecurityWeek .SECURITYWEEK.COM
10 JulCritical Bluetooth Protocol Vulnerabilities Expose Devices to RCE AttacksSecurity researchers have disclosed a critical set of Bluetooth vulnerabilities dubbed “PerfektBlue” that affect millions of vehicles and other devices using OpenSynergy’s BlueSDK framework. The vulnerabilities can be chained together to achieve remote code exec…GBHACKERS.COM
10 JulFour Hackers Arrested by UK Police After Attacks on M&S Co‑op and HarrodsUK law enforcement authorities have made significant progress in their investigation into cyber attacks targeting some of Britain’s most prominent retailers, with four individuals now in custody following coordinated arrests across the West Midlands and London. The National…GBHACKERS.COM
10 JulA Vulnerability in FortiWeb Could Allow for SQL Injectionsubmitted by kid to cybersecurity 2 points | 0 comments https://www.cisecurity.org/advisory/a-vulnerability-in-fortiweb-could-allow-for-sql-injection_2025-063SH.ITJUST.WORKS
10 JulFBI's CJIS demystified: Best practices for passwords, MFA & access controlFBI's Criminal Justice Information Services (CJIS) compliance isn't optional when handling law enforcement data. From MFA to password hygiene, see how Specops Software helps meet FBI standards while also securing your Windows Active Directory. [...]BLEEPINGCOMPUTER.COM
10 JulNorth American APT Uses Exchange Zero-Day to Attack Chinasubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/north-american-apt-exchange-zero-day-attacks-chinaSH.ITJUST.WORKS
10 JuleSIM Hack Allows for Cloning, SpyingDetails have been disclosed for an eSIM hacking method that could impact many, but the industry is taking action. The post eSIM Hack Allows for Cloning, Spying appeared first on SecurityWeek .SECURITYWEEK.COM
10 JulPerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda carsFour vulnerabilities dubbed PerfektBlue and affecting the BlueSDK Bluetooth stack from OpenSynergy can be exploited to achieve remote code execution and potentially allow access to critical elements in vehicles from multiple vendors, including Mercedes-Benz AG, Volkswagen, and Sk…BLEEPINGCOMPUTER.COM
10 JulCISA Releases Thirteen Industrial Control Systems AdvisoriesCISA released thirteen Industrial Control Systems (ICS) advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-191-01 Siemens SINEC NMS ICSA-25-191-02 Siemens Solid Edge ICSA-2…CISA.GOV
10 JulNews alert: INE Security debuts advanced eMAPT certification to close mobile security talent gapCary, NC, July 10, 2025, CyberNewsire — INE Security , a leading provider of cybersecurity education and cybersecurity certifications, today launched its significantly enhanced eMAPT (Mobile Application Penetration Testing) certification . The updated certification delivers the i…LASTWATCHDOG.COM
10 JulThe Solidity Language open-source package was used in a $500,000 crypto heistsubmitted by Pro to cybersecurity 1 points | 0 comments https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/INFOSEC.PUB
10 JulThe Solidity Language open-source package was used in a $500,000 crypto heistsubmitted by Pro to cybersecurity 1 points | 0 comments https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/SH.ITJUST.WORKS
10 JulCyberattacks on User Logins Jump 156%, Fueled by Infostealers and Phishing ToolkitsIdentity-driven assaults have increased by a shocking 156% between 2023 and 2025, making up 59% of all confirmed threat instances in Q1 2025, according to data conducted by eSentire’s Threat Response Unit (TRU). This dramatic shift from traditional asset-focused exploits to…GBHACKERS.COM
10 JulHackers Exploit GitHub to Distribute Malware Disguised as VPN SoftwareCYFIRMA has discovered a sophisticated cyberattack campaign in which threat actors are using GitHub to host and disseminate malware masquerading as genuine software. Masquerading as “Free VPN for PC” and “Minecraft Skin Changer,” these malicious payloads are designed to trick use…GBHACKERS.COM
10 JulWeaponized AI Extension Used by Hackers to Swipe $500,000 in CryptoA Russian blockchain engineer lost over $500,000 in cryptocurrency holdings in June 2025 after being the victim of a carefully planned cyberattack, serving as a terrifying reminder of the perils that might exist in open-source ecosystems. The attack, investigated by cybersecurity…GBHACKERS.COM
📋 SECURITY BULLETINS 1[−]
10 JulJuly Patch Tuesday offers 127 fixesThe seventh month is always a big one for Microsoft, and this year is no exceptionSOPHOS.COM
📢 SECURITY ADVISORIES 8[−]
10 JulUS Treasury Department sanctions individuals and entities over illegal IT worker schemeThe US Department of the Treasury’s Office of Foreign Assets Control (OFAC) Tuesday imposed sanctions on two individuals and four companies involved in schemes to provide US companies with illegal remote IT workers whose income would, it said, generate revenue for the Democratic …CSOONLINE.COM
10 JulThe Czech Republic bans DeepSeek in state administration over cybersecurity concernssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://apnews.com/article/czech-china-deepseek-ban-104f58035294f9f6ca988119732b8620 cross-posted from: lemmy.sdf.org/post/38295658 Archived The Czech Republic has banned the use of any products by the Chinese AI sta…INFOSEC.PUB
10 JulThe Czech Republic bans DeepSeek in state administration over cybersecurity concernssubmitted by Hotznplotzn to cybersecurity 3 points | 0 comments https://apnews.com/article/czech-china-deepseek-ban-104f58035294f9f6ca988119732b8620 cross-posted from: lemmy.sdf.org/post/38295658 Archived The Czech Republic has banned the use of any products by the Chinese AI sta…SH.ITJUST.WORKS
10 JulCISA Warns ValveLink Products May Expose Sensitive System InformationThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security advisory warning that multiple vulnerabilities in Emerson ValveLink Products could allow attackers to access sensitive system information and execute unauthorized code. The alert, designate…GBHACKERS.COM
10 JulSchneider Electric Flaws Expose Systems to OS Command Injection AttacksSchneider Electric, a global leader in industrial technology and sustainability, has issued a critical security notification revealing multiple vulnerabilities in its EcoStruxure IT Data Center Expert (DCE) software, a scalable monitoring solution for data center equipment. Relea…GBHACKERS.COM
🔥 INCIDENT REPORTING 15[−]
10 Jul“Ransomware, was ist das?”width="5175" height="2910" sizes="(max-width: 5175px) 100vw, 5175px"> Gefahr nicht erkannt, Gefahr nicht gebannt. Leremy – shutterstock.com KI-Anbieter Cohesity hat 1.000 Mitarbeitende in Deutschland zum Thema IT-Sicherheit befragt. Die erschreckendsten Ergebnisse im Überblick: 3…CSOONLINE.COM
10 JulRansomware Activity Spikes Amid Qilin’s New Wave of Targeted AttacksThe Qilin group emerged as the leading player in the ransomware ecosystem, which saw a notable rise in activity during June 2025 in a startling escalation of cyber dangers. According to the latest Deep Web and Dark Web trend report, Qilin outpaced all other ransomware collectives…GBHACKERS.COM
10 JulFour Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and HarrodsThe U.K. National Crime Agency (NCA) on Thursday announced that four people have been arrested in connection with cyber attacks targeting major retailers Marks & Spencer, Co-op, and Harrods. The arrested individuals include two men aged 19, a third aged 17, and a 20-year-old …THEHACKERNEWS.COM
10 JulHackerangriff legt Ameos-Kliniken lahmsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/07/ameos_bhv_bp_eingang.png?quality=50&strip=all 1600w, https://b2b-contenthub.com/wp-content/uploads/2025/07/ameos_bhv_bp_eingang.png?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-…CSOONLINE.COM
10 JulQantas Confirms 5.7 Million Impacted by Data BreachHackers compromised names, addresses, email address, phone numbers, and other information pertaining to Qantas customers. The post Qantas Confirms 5.7 Million Impacted by Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
10 JulFour arrested in UK over M&S, Co-op, Harrod cyberattacksThe UK's National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods. [...]BLEEPINGCOMPUTER.COM
10 JulFour Arrested in UK Over M&S, Co-op CyberattacksThree teens and a woman have been arrested by the UK’s NCA over the hacking of M&S, Co-op and Harrods. The post Four Arrested in UK Over M&S, Co-op Cyberattacks appeared first on SecurityWeek .SECURITYWEEK.COM
10 JulRansomware Attack Stops Nova Scotia Power Meter Readings - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/ransomware-nova-scotia-power-meter/SH.ITJUST.WORKS
10 JulIngram Micro Restores Systems Impacted by RansomwareIngram Micro has restored operations across all countries and regions after disconnecting systems to contain a ransomware attack. The post Ingram Micro Restores Systems Impacted by Ransomware appeared first on SecurityWeek .SECURITYWEEK.COM
10 JulSatanLock Next in Line for Ransomware Group Shutdownssubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/threat-intelligence/satanlock-ransomware-group-shutdownsSH.ITJUST.WORKS
10 JulFrench police arrest Russian basketball player accused of ransomware: reportDaniil Kasatkin was reportedly arrested in a Paris airport on June 21 at the request of U.S. authorities.TECHCRUNCH.COM
10 JulRussian pro basketball player arrested for alleged role in ransomware attacksRussian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States for allegedly acting as a negotiator for a ransomware gang. [...]BLEEPINGCOMPUTER.COM
10 JulSafePay Ransomware Uses RDP and VPN Access to Infiltrate Organizational NetworksSafePay ransomware has become one of the most active and destructive threat actors in Q1 2025, a shocking development in the cybersecurity scene. According to the Acronis Threat Research Unit (TRU), SafePay has aggressively targeted over 200 victims worldwide, including managed s…GBHACKERS.COM
10 JulAlert: Scattered Spider is Targeting the Aviation SectorThe US FBI and cybersecurity experts are warning that the Scattered Spider extortion gang has shifted its focus to the aviation and transportation sectors, BleepingComputer reports.KNOWBE4.COM
10 JulFour arrested in UK over M&S, Co-op, Harrods cyberattacksThe UK's National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 28[−]
10 JulAMD warns of new Meltdown, Spectre-like bugs affecting CPUssubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.theregister.com/2025/07/09/amd_tsa_side_channel/INFOSEC.PUB
10 JulSSH Tunneling in Action: direct-tcp requests [Guest Diary], (Wed, Jul 9th)[This is a Guest Diary by Sihui Neo, an ISC intern as part of the SANS.edu BACS program]
ISC.SANS.EDU
10 JulISC Stormcast For Thursday, July 10th, 2025 https://isc.sans.edu/podcastdetail/9520, (Thu, Jul 10th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
10 JulQantas tells customers what data was stolen during break-insubmitted by vk6flab to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/07/09/qantas_begins_telling_customers_data/?td=rt-3a What’s the corporate phrase again? “We’re sorry for any inconvenience this has caused our valued customers.”SH.ITJUST.WORKS
10 JulGitPhish: New Tool Automates GitHub Device Code Phishing AttacksSecurity researchers revealed the dangers of GitHub Device Code Phishing—a technique that leverages the OAuth 2.0 Device Authorization Grant flow. This method can turn a simple eight-digit code and a phone call into a full compromise of an organization’s GitHub repositories and s…GBHACKERS.COM
10 JulMassive Scraper Botnet of 3,600+ Devices Targets US and UK WebsitesGreyNoise has discovered an undiscovered version of a scraper botnet with more than 3,600 distinct IP addresses worldwide, which is a major cybersecurity development. This botnet, first observed on April 19, 2025, exhibits a distinct behavioral footprint that makes it stand out, …GBHACKERS.COM
10 JulAirMDR Raises $15.5 Million for MDR SolutionAI-powered MDR provider AirMDR has raised $15.5 million in funding (seed and infusion investment) to support its R&D efforts. The post AirMDR Raises $15.5 Million for MDR Solution appeared first on SecurityWeek .SECURITYWEEK.COM
10 JulWhat Can Businesses Do About Ethical Dilemmas Posed by AI?AI-made decisions are in many ways shaping and governing human lives. Companies have a moral, social, and fiduciary duty to responsibly lead its take-up. The post What Can Businesses Do About Ethical Dilemmas Posed by AI? appeared first on SecurityWeek .SECURITYWEEK.COM
10 JulGitLab Vulnerabilities Allow Execution of Malicious Actions via Content InjectionGitLab has released critical security patches addressing four vulnerabilities, including a high-severity cross-site scripting flaw that could enable attackers to execute malicious actions on behalf of users through content injection. The company has issued patch releases 18.1.2, …GBHACKERS.COM
10 JulUsing Signal Groups for ActivismGood tutorial by Micah Lee. It includes some nonobvious use cases.SCHNEIER.COM
10 JulMost Cryptocurrency Stocks Are Rising. Join ALR MINER And Earn $8,700 In BTC Every DayNow, many global cryptocurrency investors view Bitcoin as a financial product for long-term investment rather than a simple speculative product. At the same time, the continued rise in Bitcoin prices reflects the shift in market sentiment and the recent important victory of the S…GBHACKERS.COM
10 JulBrave Browser For Android via F‑Droid: Now Fully AvailableBrave has taken a significant step toward empowering privacy-conscious Android users by making its browser fully available through its own F-Droid repository, providing an alternative distribution method that bypasses Google Play Store entirely. According to the recent report, th…GBHACKERS.COM
10 JulRhadamanthys Infostealer Uses ClickFix Technique to Steal Login CredentialsThe Rhadamanthys Stealer, a highly modular information-stealing virus that was first discovered in 2022, has made a comeback with a clever and dishonest delivery method called ClickFix Captcha. This is a terrifying development for cybersecurity experts. This technique disguises m…GBHACKERS.COM
10 JulBooz Allen Invests in Machine Identity Firm Corsha‘Machine identities’, often used interchangeably with ‘non-human identities’ (NHIs), have been increasing rapidly since the start of digital transformation. The post Booz Allen Invests in Machine Identity Firm Corsha appeared first on SecurityWeek .SECURITYWEEK.COM
10 JulSchlechte Security-Noten für EU-Behördenwidth="1895" height="1065" sizes="(max-width: 1895px) 100vw, 1895px"> Aufgrund der sensiblen Informationen, die sie verarbeiten, sind EU-Institutionen ein attraktives Ziel für potenzielle Angreifer. symbiot – shutterstock.com Trotz neuer Initiativen der Europäischen Kommission zu…CSOONLINE.COM
10 JulINE Security Launches Enhanced eMAPT CertificationCary, North Carolina, July 10th, 2025, CyberNewsWire Industry’s Most Comprehensive Mobile Application Penetration Testing Program Addresses Real-World Mobile Security Challenges. INE Security, a leading provider of cybersecurity education and cybersecurity certifications, t…GBHACKERS.COM
10 JulServer with Rockerbox Tax Firm Data Exposed 286GB of Recordssubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/rockerbox-server-tax-firm-exposed-sensitive-records/SH.ITJUST.WORKS
10 JulPay2Key’s Resurgence: Iranian Cyber Warfare Targets the Westsubmitted by kid to cybersecurity 1 points | 0 comments https://www.morphisec.com/blog/pay2key-resurgence-iranian-cyber-warfare/SH.ITJUST.WORKS
10 JulExport to PDF allows local file inclusion/path traversal in Microsoft 365 - hn securitysubmitted by kid to cybersecurity 1 points | 0 comments https://security.humanativaspa.it/export-to-pdf-allows-local-file-inclusion-path-traversal-in-microsoft-365/SH.ITJUST.WORKS
10 JulGitHub Abused to Spread Malware Disguised as Free VPN - CYFIRMAsubmitted by kid to cybersecurity 1 points | 0 comments https://www.cyfirma.com/research/github-abused-to-spread-malware-disguised-as-free-vpn/SH.ITJUST.WORKS
10 Jul5 Takeaways: Senate Banking Committee Hearing on Digital Assetssubmitted by kid to cybersecurity 1 points | 0 comments https://www.chainalysis.com/blog/senate-banking-committee-hearing-takeaways-july-2025/SH.ITJUST.WORKS
10 JulMore than $40 million stolen from GMX crypto platform | The Record from Recorded Future Newssubmitted by kid to cybersecurity 2 points | 0 comments https://therecord.media/gmx-exchange-cryptocurrency-stolenSH.ITJUST.WORKS
10 JulForrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ reportEmploying a Zero Trust strategy is an effective way to modernize security infrastructure to protect against ever evolving security challenges. The post Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report appeared first on Microsoft Security Blog .MICROSOFT.COM
10 JulUS Sanctions Key Threat Actors Tied to North Korea’s Remote IT Worker SchemeThe Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury has taken a strong stance against cyber-enabled financial schemes that support North Korea’s illicit weapons programs by imposing sanctions on Song Kum Hyok, a malevolent cyber actor connecte…GBHACKERS.COM
10 JulDucex Packer for Android Evades Detection with Heavy Obfuscation TechniquesThe team at ANY.RUN recently reviewed a powerful Android packer called Ducex, which is linked to the infamous Triada malware, and criticized it for its sophisticated obfuscation methods. First identified within a fake Telegram app, Ducex serves as a protective shell for Triada, o…GBHACKERS.COM
10 JulWeaponized Termius App Delivers Latest ZuRu Malware to macOS UsersA sophisticated variant of the macOS.ZuRu malware, first identified by a Chinese blogger in July 2021, has resurfaced with a new method of attack targeting macOS users through a trojanized version of the popular cross-platform SSH client Termius. Initially spread via poisoned Bai…GBHACKERS.COM
10 JulAI Attacks Are Coming in a Big Way Now!AI is going to allow better, faster, and more pervasive attacks.KNOWBE4.COM
10 JulCitrixbleed 2, Hardware Hacking, and Failed Bans - PSW #882This week in the security news: * Citrixbleed 2 and so many failures * Ruckus leads the way on how not to handle vulnerabilities * When you have no egress * Applocker bypass * So you bought earbuds from TikTok * More gadgets and the crazy radio * Cheap drones and android apps * B…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
10 JulNew ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS AppCybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed mas…THEHACKERNEWS.COM
10 JulFake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and DiscordCryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems. "These malicious operations impersonate AI, gaming, and Web…THEHACKERNEWS.COM
📡 INFOSEC NEWS 7[−]
10 JulWhat Security Leaders Need to Know About AI Governance for SaaSGenerative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provi…THEHACKERNEWS.COM
10 JulAMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUsSemiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information disclosure. The attacks, called Transient Scheduler Attacks (TSA), manifests in the form of a speculative side channel in its CPUs that leverage…THEHACKERNEWS.COM
10 JulAuthorities arrest four hackers linked to UK retail hacking spreeThe U.K. National Crime Agency said the suspects are in custody in relation to the hacks targeting Marks & Spencer, Harrods, and the Co-op.TECHCRUNCH.COM
10 JulHow extensions from Open VSX were used to steal cryptocurrencyWe explain how a blockchain developer lost US$500 000 to a malicious extension named Solidity Language from the Open VSX marketplace, and how to protect yourself from similar attacks.KASPERSKY.COM
10 JulSophos Central firewall management updatePerformance improvements and a new health check feature.SOPHOS.COM
10 JulUK Charges Four in ‘Scattered Spider’ Ransom GroupAuthorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.KREBSONSECURITY.COM
10 JulWindows 11 now uses JScript9Legacy engine for improved securityMicrosoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. [...]BLEEPINGCOMPUTER.COM