90Articles
8Categories
2025-07-15Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
15 Jul KEVCISA Issues Alert on Actively Exploited Wing FTP Server VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Wing FTP Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that threat actors are actively exploiting the security flaw in the wild. Critical Security Flaw Enables Sy…GBHACKERS.COM
15 JulCritical RCE Vulnerability Found in Symantec Endpoint Management PlatformSecurity researchers at LRQA have uncovered a critical remote code execution (RCE) vulnerability in Broadcom’s Symantec Endpoint Management Suite, formerly known as Altiris, that could allow unauthenticated attackers to execute arbitrary code on vulnerable systems. The flaw…GBHACKERS.COM
15 JulImageMagick Vulnerability Enables RCE via Malicious File Name PatternsA critical vulnerability in ImageMagick’s image processing library has been disclosed, enabling remote code execution through carefully crafted filename templates. Tracked as CVE-2025-53101, the flaw stems from a stack buffer underwrite in the MagickCore/image.c module. By specif…GBHACKERS.COM
15 JulPoC Released for High-Severity Git CLI Vulnerability Allowing Arbitrary File WritesA critical vulnerability in Git’s command-line interface has been disclosed with public proof-of-concept exploits available, allowing arbitrary file writes and remote code execution on Linux and macOS systems. CVE-2025-48384 affects Git installations using git clone &#…GBHACKERS.COM
15 JulLaRecipe Tool with 2.3M Downloads Found Vulnerable to Full Server TakeoverA critical security vulnerability has been discovered in LaRecipe, a popular Laravel documentation package with over 2.3 million downloads, that could allow attackers to completely compromise affected servers. The vulnerability, identified as CVE-2025-53833, enables Server-Side T…GBHACKERS.COM
15 JulKafbat UI Vulnerabilities Allow Arbitrary Code Execution via JMX ServicesA critical security vulnerability has been discovered in Kafbat UI, a popular web-based interface for managing Apache Kafka clusters, allowing unauthenticated attackers to execute arbitrary code on affected systems through unsafe deserialization attacks. Critical Vulnerability De…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 21[−]
15 Jul161: mgIn this episode we talk with mg ( https://x.com/ MG ), the brilliant (and notorious) hacker and hardware engineer behind the OMG Cable. A seemingly ordinary USB cable with extraordinary offensive capabilities. Learn more about mg at: o.mg.lol Sponsors Support for this show comes …DARKNETDIARIES.COM
15 JulHow defenders use the dark webThe term “dark web” may paint a picture in our head of threat actors lurking underground, on the shrouded parts of the internet where illicit activity and cybercrime thrive. What has come to be known as the dark web, however, has multifaceted use cases. It is also frequented by e…CSOONLINE.COM
15 JulAI poisoning and the CISO’s crisis of trustIn May 2025, the NSA, CISA, and FBI issued a joint bulletin authored with the cooperation of the governments of Australia, New Zealand, and the United Kingdom confirming that adversarial actors are poisoning AI systems across sectors by corrupting the data that trains them. The m…CSOONLINE.COM
15 JulRansomware Group Claims Attack on BelkDragonForce says it stole more than 150 gigabytes of data from US department store chain Belk in a May cyberattack. The post Ransomware Group Claims Attack on Belk appeared first on SecurityWeek .SECURITYWEEK.COM
15 JulGovernment Organizations Targeted via AWS Lambda URL Endpoint ExploitsUnit 42 researchers from Palo Alto Networks have been monitoring a sophisticated threat cluster designated CL-STA-1020, which has been systematically targeting governmental entities across Southeast Asia. This operation focuses on extracting sensitive data from government agencie…GBHACKERS.COM
15 JulNorth Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack CampaignThe North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, pe…THEHACKERNEWS.COM
15 JulPreventing Zero-Click AI Threats: Insights from EchoLeakA zero-click exploit called EchoLeak reveals how AI assistants like Microsoft 365 Copilot can be manipulated to leak sensitive data without user interaction. This entry breaks down how the attack works, why it matters, and what defenses are available to proactively mitigate this …TRENDMICRO.COM
15 JulApache Tomcat Coyote Flaw Allows Attackers to Launch DoS AttacksThe Apache Software Foundation has revealed a vulnerability in the Tomcat Coyote module, specifically within the Maven artifact org.apache.tomcat:tomcat-coyote, that could enable malicious actors to orchestrate denial-of-service (DoS) attacks. This flaw stems from an uncontrolled…GBHACKERS.COM
15 JulGetting Started with Security Basics on the Way to Finding a Specialization - ASW #339What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each with different areas of focus despite having shared vocabularies and the (hopefully!) shared goal of protecting software, data, and …YOUTUBE.COM
15 JulNorth Korean Hackers Exploit Zoom Invites in Attacks on Crypto CompaniesCybersecurity firm SentinelOne has exposed an ongoing malware campaign orchestrated by North Korean threat actors, known for their persistent “fake interview” scams. This operation continues to leverage spear-phishing tactics aimed at individuals and organizations wit…GBHACKERS.COM
15 Jul14 Hackers Arrested in Massive Tax Fraud Scheme, Authorities ConfirmAuthorities have arrested 14 individuals in a coordinated international operation targeting a sophisticated tax fraud scheme that exploited stolen personal data to submit fraudulent claims worth over £1 million. The arrests demonstrate the growing collaboration between UK and Rom…GBHACKERS.COM
15 JulAsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the GlobeCybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT, which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. "AsyncRAT has cemented its place as a cornerstone of m…THEHACKERNEWS.COM
15 JulNorth Korean Hackers Exploit 67 Malicious npm Packages to Spread XORIndex MalwareThe Socket Threat Research Team has discovered a new software supply chain attack that uses a malware loader called XORIndex that had not been previously reported, marking a major uptick in North Korean cyber operations. This activity builds on the Contagious Interview campaign p…GBHACKERS.COM
15 JulUK launches vulnerability research program for external expertssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/uk-launches-vulnerability-research-program-for-external-experts/SH.ITJUST.WORKS
15 JulHow phishers are weaponizing SVG images in zero-click, evasive campaignsThreat actors are shifting from conventional phishing tricks, which used malicious links and document macros, to benign-looking image files embedded with stealthy browser redirects. According to an Ontinue discovery, newer campaigns are using Scalable Vector Graphics (SVG) — typi…CSOONLINE.COM
15 JulGrok 4 mit Jailbreak-Angriff geknacktsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/07/shutterstock_2650257123.jpg?quality=50&strip=all 6000w, https://b2b-contenthub.com/wp-content/uploads/2025/07/shutterstock_2650257123.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
15 JulCISA Releases Six Industrial Control Systems AdvisoriesCISA released six Industrial Control Systems (ICS) advisories on July 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-196-01 Hitachi Energy Asset Suite ICSA-25-196-02 ABB RMC-100 ICSA-25-1…CISA.GOV
15 JulPolice disrupt “Diskstation” ransomware gang attacking NAS devicesAn international law enforcement action dismantled a Romanian ransomware gang known as 'Diskstation,' which encrypted the systems of several companies in the Lombardy region, paralyzing their businesses. [...]BLEEPINGCOMPUTER.COM
15 JulControlPlane Local Privilege Escalation Vulnerability on macOSA technical exploration of Local Privilege Escalation Vulnerability in ControlPlane on macOS.QUARKSLAB.COM
15 JulCongratulations to the MSRC 2025 Most Valuable Security Researchers!The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this ye…MSRC.MICROSOFT.COM
15 JulRisky Biz Soap Box: Prowler, the open cloud security platformIn this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, founder of open source multi-cloud security product Prowler. Toni explains how Prowler came to be, and how its journey followed his own learning about the cloud. The pair a…RISKY.BIZ
📢 SECURITY ADVISORIES 7[−]
15 JulDOGE Denizen Marko Elez Leaked API Key for xAIMarko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fil…KREBSONSECURITY.COM
15 JulCISA Flags Remote Linking Protocol Flaws Allowing Attackers to Hijack Train Brake SystemsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority security alert warning of serious vulnerabilities in railway brake control systems that could allow attackers to commandeer train operations and potentially cause catastrophic accidents. The al…GBHACKERS.COM
15 JulNCC Advises Immediate Windows 11 Upgrade to Strengthen Cyberattack DefensesThe National Cyber Security Centre (NCSC) has unveiled its latest recommended configuration packs for Microsoft Windows operating systems, designed to streamline the deployment of baseline security settings. These packs distill essential configurations into a minimal set that bal…GBHACKERS.COM
15 JulFederal IT Contractor to Pay $14.75M for False Cybersecurity Services ClaimsHill ASC Inc., operating as Hill Associates and based in Rockville, Maryland, has agreed to a multimillion-dollar settlement with the U.S. Department of Justice to address allegations of violating the False Claims Act through improper billing practices under a General Services Ad…GBHACKERS.COM
15 JulAI meltdowns, Gigabyte, NCSC, Rowhammer, Gravity Form, Grok, AsyncRat, Josh Marpet... - SWN #494AI meltdowns, Gigabyte, NCSC, Rowhammer, Gravity Form, Grok, AsyncRat, Josh Marpet and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-494YOUTUBE.COM
🔥 INCIDENT REPORTING 11[−]
15 JulMaReads - 74,453 breached accountsIn June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.HAVEIBEENPWNED.COM
15 JulSesame Workshop Regains Control of Elmo’s Hacked X Account After Racist PostsThe account was compromised over the weekend and Elmo’s 650,000 followers were given antisemitic threats and a reference to the Jeffrey Epstein investigation. The post Sesame Workshop Regains Control of Elmo’s Hacked X Account After Racist Posts appeared first on SecurityWeek .SECURITYWEEK.COM
15 JulRansomware Threat Grows as Attackers Move Into VMware and LinuxLinux has been the reliable backbone of business infrastructure for many years; it powers 96% of the top million web servers worldwide and more than 80% of workloads in public clouds. Its reputation for reliability and inherent security has long shielded it from the intense scrut…GBHACKERS.COM
15 JulSecuring Agentic AI: How to Protect the Invisible Identity AccessAI agents promise to automate everything from financial reconciliations to incident response. Yet every time an AI agent spins up a workflow, it has to authenticate somewhere; often with a high-privilege API key, OAuth token, or service account that defenders can’t easily see. Th…THEHACKERNEWS.COM
15 JulHacktivists Launch Attacks on ICS Systems to Exfiltrate Sensitive InformationHacktivists’ attacks on Industrial Control Systems (ICS) are becoming more intense in a noticeable evolution of ideologically motivated cyber operations. They have progressed from simple Distributed Denial of Service (DDoS) attacks and website vandalism to more complex intr…GBHACKERS.COM
15 JulInterlock ransomware adopts FileFix method to deliver malwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/interlock-ransomware-adopts-filefix-method-to-deliver-malware/SH.ITJUST.WORKS
15 JulData Breach at Debt Settlement Firm Impacts 160,000 PeoplePennsylvania-based Century Support Services is disclosing a data breach after its systems were hacked in November 2024. The post Data Breach at Debt Settlement Firm Impacts 160,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
15 JulGLOBAL GROUP RaaS Adds AI-Powered Negotiation Feature for Ransom DemandsA newly surfaced Ransomware-as-a-Service operation, dubbed GLOBAL GROUP, has begun deploying an AI‐driven negotiation tool that elevates the psychological pressure on victims and streamlines extortion workflows for affiliates. Security researchers at EclecticIQ first identified G…GBHACKERS.COM
15 JulNewly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation ToolsCybersecurity researchers have shed light on a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP that has targeted a wide range of sectors in Australia, Brazil, Europe, and the United States since its emergence in early June 2025. GLOBAL GROUP was "promoted on the …THEHACKERNEWS.COM
15 JulRansomware Attack on Albemarle County Exposes Residents’ Personal InformationAlbemarle County, Virginia, discovered irregularities in its IT infrastructure under a sophisticated ransomware attack. The breach was quickly recognized by cybersecurity experts as a ransomware deployment, a type of malware that encrypts data and demands payment to decrypt it. T…GBHACKERS.COM
15 JulUkrainian hackers claim to have destroyed servers of Russian drone makerA coalition of Ukrainian hackers breached and wiped systems belonging to Gaskar Group, a Moscow-based drone maker.TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 29[−]
15 JulISC Stormcast For Tuesday, July 15th, 2025 https://isc.sans.edu/podcastdetail/9526, (Tue, Jul 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 JulRed Bull-Themed Phishing Attacks Target Job Seekers’ CredentialsA few significant investments in email filtering, authentication procedures, and endpoint protection, attackers are constantly improving their techniques to circumvent automated security measures in a time when phishing is still a major cyberthreat. A recent campaign identified b…GBHACKERS.COM
15 JulMITRE Unveils AADAPT Framework to Tackle Cryptocurrency ThreatsThe MITRE AADAPT framework provides documentation for identifying, investigating, and responding to weaknesses in digital asset payments. The post MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats appeared first on SecurityWeek .SECURITYWEEK.COM
15 JulCBI Uncovers Noida Tech Support Scam Targeting Victims in UK and AustraliaThe Central Bureau of Investigation (CBI) has made a major breakthrough in Operation Chakra-V by taking down a sophisticated global cybercrime network that was primarily targeting people in Australia and the United Kingdom with tech support frauds. This operation highlights the e…GBHACKERS.COM
15 JulZip Security Raises $13.5 Million in Series A FundingZip Security’s Series A funding round led by Ballistic Ventures will help the company grow its engineering and go-to-market teams. The post Zip Security Raises $13.5 Million in Series A Funding appeared first on SecurityWeek .SECURITYWEEK.COM
15 JulCybercriminals Clone CNN, BBC, and CNBC Sites to Lure Victims into Investment FraudResearchers have unveiled a sprawling cybercrime syndicate orchestrating an elaborate phishing and investment fraud campaign by cloning legitimate news outlets such as CNN, BBC, CNBC, News24, and ABC News. This operation leverages domain spoofing and typosquatting techniques to f…GBHACKERS.COM
15 JulKeylogger Data Stored in an ADS, (Tue, Jul 15th)If many malware samples try to be "filess" (read: they try to reduce their filesystem footprint to the bare minimum), another technique remains interesting: Alternate Data Streams or "ADS"[ 1 ]. This NTFS feature allows files to contain multiple data streams, enabling h…ISC.SANS.EDU
15 JulBritish Citizen Sentenced for Islamophobic WiFi Hack at UK Train StationsJohn Andreas Wik, a 37-year-old resident of Limes Road in Beckenham, has been handed a 24-month prison sentence, suspended for two years, after admitting to orchestrating an Islamophobic hack of free WiFi landing pages at multiple train stations across Britain. The sentence, pass…GBHACKERS.COM
15 JulMITRE Launches AADAPT Framework to Counter Real-World Attacks on Digital Asset SystemsThe MITRE Corporation has unveiled its comprehensive AADAPT™ framework (Adversarial Actions in Digital Asset Payment Technologies), a specialized knowledge base designed to catalog and counter sophisticated attacks targeting digital asset management systems, cryptocurrency exchan…GBHACKERS.COM
15 JulState-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian GovernmentsGovernmental organizations in Southeast Asia are the target of a new campaign that aims to collect sensitive information by means of a previously undocumented Windows backdoor dubbed HazyBeacon. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker CL-STA-…THEHACKERNEWS.COM
15 JulNew AsyncRAT Forks Discovered Featuring Screamer Tool and USB Malware SpreaderCybersecurity researchers have identified two sophisticated AsyncRAT variants that expand the remote access trojan’s capabilities with a psychological warfare component and enhanced propagation mechanisms. The newly discovered forks introduce a “Screamer” plugin…GBHACKERS.COM
15 JulBaitTrap Reveals Global Web of 17,000+ Fraud-Promoting Fake News SitesCybersecurity firm CTM360 has unveiled an extensive network of over 17,000 Baiting News Sites (BNS), engineered by cybercriminals to disseminate investment fraud on a global scale. These deceptive platforms, identified through CTM360’s proprietary WebHunt monitoring system,…GBHACKERS.COM
15 JulChasing Ghosts Over RDP: Lateral Movement in Tiny Bitmaps | by Mat Cyb3rF0x Fuchs | Jul, 2025 | Mediumsubmitted by kid to cybersecurity 1 points | 0 comments https://medium.com/@mathias.fuchs/chasing-ghosts-over-rdp-lateral-movement-in-tiny-bitmaps-328d2babd8ecSH.ITJUST.WORKS
15 JulAsyncRAT evolves as ESET tracks its most popular malware forks - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2025/07/15/asyncrat-forks-eset-research/SH.ITJUST.WORKS
15 JulNew Grok AI model surprises experts by checking Elon Musk’s views before answering - Ars Technicasubmitted by kid to cybersecurity 1 points | 0 comments https://arstechnica.com/information-technology/2025/07/new-grok-ai-model-surprises-experts-by-checking-elon-musks-views-before-answering/SH.ITJUST.WORKS
15 JulDDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 TotalCloudflare has published its quarterly DDoS threat report for Q2 2025 and the company says it has blocked millions of attacks. The post DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total appeared first on SecurityWeek .SECURITYWEEK.COM
15 JulNorth Korea-linked actors spread XORIndex malware via 67 malicious npm packagessubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/179950/hacking/north-korea-linked-actors-spread-xorindex-malware-via-67-malicious-npm-packages.htmlSH.ITJUST.WORKS
15 JulMITRE Launches AADAPT Framework to Counter Real-World Attacks on Digital Asset Systemssubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/mitre-launches-aadapt-framework/SH.ITJUST.WORKS
15 JulOpenAI's ChatGPT-powered browser is codenamed 'Aura'submitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/artificial-intelligence/openais-chatgpt-powered-browser-is-codenamed-aura/SH.ITJUST.WORKS
15 JulOctalyn Stealer Harvests VPN Configs, Passwords, and Cookies in Organized Folder StructureThe Octalyn Forensic Toolkit, which is openly accessible on GitHub, has been revealed as a powerful credential stealer that poses as a research tool for red teaming and digital forensics. This is a worrying development for cybersecurity. Developed with a C++-based payload module …GBHACKERS.COM
15 JulIranian Threat Actors Target U.S. Critical Infrastructure, Including Water SystemsIran’s Islamic Revolutionary Guard Corps (IRGC) has increased its asymmetric cyber operations in response to recent U.S. attacks on Iranian nuclear sites. Intelligence Group 13 has emerged as a major aggressor in attacking critical infrastructure in the United States. This …GBHACKERS.COM
15 JulDShield Honeypot Scanning Hits Record High with Over 1 Million Logs in a Single DayDShield honeypots have reported previously unheard-of log quantities in a startling increase in cyber reconnaissance activity, with some subnets producing over a million entries in a single day. This surge, observed across multiple honeypot instances including residential and arc…GBHACKERS.COM
15 JulThreat Actors Use SVG Smuggling for Browser-Native RedirectionObfuscated JavaScript code is embedded within SVG files for browser-native redirection to malicious pages. The post Threat Actors Use SVG Smuggling for Browser-Native Redirection appeared first on SecurityWeek .SECURITYWEEK.COM
15 JulA Leader in the 2025 Gartner Magic Quadrant for EPP — 3 Years RunningRedefining endpoint security with Cortex XDR a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for third consecutive year. The post A Leader in the 2025 Gartner Magic Quadrant for EPP — 3 Years Running appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
15 JulVirtual Event Preview: Cloud & Data Security Summit 2025 – Tackling Exposed Attack Surfaces in the CloudVirtual event brings together leading experts, practitioners, and innovators for a full day of insightful discussions and tactical guidance on evolving threats and real-world defense strategies in cloud security. The post Virtual Event Preview: Cloud & Data Security Summit 20…SECURITYWEEK.COM
15 JulMicrosoft Explains How Security Copilot in Intune and Entra Supports Security and IT TeamsMicrosoft has detailed how its Security Copilot, an AI-powered tool, is transforming security and IT operations by embedding generative AI directly into daily workflows, aligning with Zero Trust principles to enable faster threat response and decision-making. Launched last year, …GBHACKERS.COM
15 JulThe Only Vendor Named a SASE Leader for the Third TimePalo Alto Networks is the only vendor to be named a Leader for the third time in the 2025 Gartner® Magic Quadrant™ for SASE platforms. The post The Only Vendor Named a SASE Leader for the Third Time appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
15 JulNorth Korean XORIndex malware hidden in 67 malicious npm packagesNorth Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. [...]BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
15 JulAndroid malware Konfety uses malformed APKs to evade detectionA new variant of the Konfety Android malware emerged with a malformed ZIP structure along with other obfuscation methods that allow it to evade analysis and detection. [...]BLEEPINGCOMPUTER.COM
15 JulWhat you need to know about CVSS to protect your IT assetsThe CVSS base metrics from version 1.0 through 4.0. How to read CVSS scores, and why you shouldn't stop at the Base ScoreKASPERSKY.COM
🎙️ PODCASTS 1[−]
15 JulThe AI Fix #59: Grok thinks it’s Mecha Hitler, and AIs can think strategicallyIn episode 59 of The AI Fix, our hosts ponder whether AIs need a “disagreement dial”, Mark wonders what he could do with an AI-powered “drug design engine”, Graham plays Wolfenstein instead of working, a robot graduates from high school, and a popular rock group is unmasked as an…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 13[−]
15 JulOpenAI's ChatGPT-powered browser is codenamed 'Aura'OpenAI is following Perplexity and is working on its own AI-powered browser codenamed "Aura." [...]BLEEPINGCOMPUTER.COM
15 JulDOGE staffer with access to Americans’ personal data leaked private xAI API keyThe researcher who found the exposed key said it “raises questions” about how DOGE handles sensitive data.TECHCRUNCH.COM
15 JulSIM scammer’s sentence increased to 12 years, after failing to pay back victim $20 millionRead more in my article on the Hot for Security blog.BITDEFENDER.COM
15 JulQuelle surprise! Twitter faces criminal probe in FranceA criminal investigation into Twitter has been initiated by French prosecutors, over allegations that its algorithm is manipulated for the purposes of "foreign interference."GRAHAMCLULEY.COM
15 JulHyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global SectorsCloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. "Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed," …THEHACKERNEWS.COM
15 JulSweet 16: Sophos named a Leader (again) in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection PlatformsFor the 16th consecutive report, Sophos has been recognized by Gartner as a Leader in the Endpoint Protection Platforms (EPP) category.SOPHOS.COM
15 JulWindows KB5064489 emergency update fixes Azure VM launch issuesMicrosoft has released an emergency update to fix a bug that prevents Azure virtual machines from launching when the Trusted Launch setting is disabled and Virtualization-Based Security (VBS) is enabled. [...]BLEEPINGCOMPUTER.COM
15 JulAbacus dark web drug market goes offline in suspected exit scamAbacus Market, the largest Western darknet marketplace supporting Bitcoin payments, has shut down its public infrastructure in a move suspected to be an exit scam. [...]BLEEPINGCOMPUTER.COM
15 JulMeta fixes bug that could leak users’ AI prompts and generated contentThe tech giant fixed the security flaw, netting a security researcher $10,000 for privately disclosing the bug.TECHCRUNCH.COM
15 JulOpenAI's image model gets built-in style feature on ChatGPTOpenAI's image gen model, which is available via ChatGPT for free, now lets you easily create AI images even if you're not familiar with trends or prompt engineering. [...]BLEEPINGCOMPUTER.COM
15 JulUS Army soldier pleads guilty to hacking telcos and extortionCameron Wagenius had already pleaded guilty to other charges earlier this year.TECHCRUNCH.COM
15 JulUnmasking AsyncRAT: Navigating the labyrinth of forksESET researchers map out the labyrinthine relationships among the vast hierarchy of AsyncRAT variantsWELIVESECURITY.COM