93Articles
8Categories
2025-07-18Date
🚨 CISA KEV 3[−]
18 Jul KEVSignal App Clone Vulnerability Actively Exploited for Password TheftA critical vulnerability in TeleMessageTM SGNL, an enterprise messaging platform modeled after Signal, is being actively exploited by threat actors to steal passwords and sensitive data from government agencies and enterprises. The flaw, tracked as CVE-2025-48927, was added to CI…GBHACKERS.COM
18 Jul KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber …CISA.GOV
18 Jul KEVThreat actors scanning for apps incorporating vulnerable Spring Boot toolEnterprise admins who haven’t yet mitigated a two-month-old vulnerability in apps that incorporate the open source Spring Boot tool could be in trouble: Attempts to exploit the hole are still ongoing. Spring Boot is a tool helps developers use Java-based frameworks to create micr…CSOONLINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 16[−]
18 JulLenovo Protection Driver Flaw Enables Privilege Escalation and Code ExecutionA critical security vulnerability has been discovered in Lenovo’s protection driver software, affecting millions of users across desktop and laptop systems. The flaw, identified as CVE-2025-4657, allows local attackers with elevated privileges to execute arbitrary code thro…GBHACKERS.COM
18 JulThreat Actors Exploit Ivanti Connect Secure Flaws to Deploy Cobalt Strike BeaconThreat actors have been actively exploiting vulnerabilities in Ivanti Connect Secure, specifically CVE-2025-0282 and CVE-2025-22457, to deploy advanced malware including MDifyLoader and Cobalt Strike Beacon. These attacks, observed from December 2024 through July 2025, build on p…GBHACKERS.COM
18 JulCritical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud ServicesCybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been code…THEHACKERNEWS.COM
18 JulGrafana Flaws Allow User Redirection and Code Execution in DashboardsGrafana Labs has released critical security patches addressing two significant vulnerabilities that could enable attackers to redirect users to malicious websites and execute arbitrary code within dashboard environments. The security update addresses CVE-2025-6023, a high-severit…GBHACKERS.COM
18 JulUbiquiti UniFi Vulnerability Lets Hackers Inject Malicious CommandsA critical security vulnerability has been discovered in Ubiquiti’s UniFi Access devices that could allow malicious actors to inject and execute arbitrary commands on affected systems. The vulnerability, designated as CVE-2025-27212, affects multiple UniFi Access products a…GBHACKERS.COM
18 JulCisco warns of another critical RCE flaw in ISE, urges immediate patchingCisco has dropped another maximum severity advisory detailing an unauthenticated remote code execution (RCE) flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The networking equipment giant warned that the flaw, much similar to a critical bu…CSOONLINE.COM
18 JulSophos Intercept X for Windows Flaws Enable Arbitrary Code ExecutionSophos has disclosed three critical security vulnerabilities in its Intercept X for Windows endpoint security solution that could allow attackers to execute arbitrary code and gain system-level privileges on affected systems. The vulnerabilities, designated CVE-2024-13972, CVE-20…GBHACKERS.COM
18 JulHackers scanning for TeleMessage Signal clone flaw exposing passwordsResearchers are seeing exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and other sensitive data. [...]BLEEPINGCOMPUTER.COM
18 JulCVE-2025-49747 Azure Machine Learning Elevation of Privilege VulnerabilityMissing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
18 JulCVE-2025-49746 Azure Machine Learning Elevation of Privilege VulnerabilityImproper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
18 JulCVE-2025-47995 Azure Machine Learning Elevation of Privilege VulnerabilityWeak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
18 JulCVE-2025-47158 Azure DevOps Server Elevation of Privilege VulnerabilityAuthentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
18 JulCVE-2025-53762 Microsoft Purview Elevation of Privilege VulnerabilityPermissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
18 JulIvanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike AttacksCybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances. According to a report published by JPCERT/CC today, the threat actors…THEHACKERNEWS.COM
18 JulCrushFTP zero-day exploited in attacks to gain admin access on serversCrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. [...]BLEEPINGCOMPUTER.COM
18 JulNew CrushFTP zero-day exploited in attacks to hijack serversCrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnerable servers. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
18 JulNews Alert: SquareX, Fortune 500 CISOs to debut bowser security guide at Black Hat USA 2025Palo Alto, Calif., July 17, 2025, CyberNewswire — SquareX announced the official launch of The Browser Security Field Manual at Black Hat USA 2025. In addition to a comprehensive practical guide to the latest TTPs attackers are using to target … (more…) The post News Alert:…LASTWATCHDOG.COM
18 JulOffice-Supportende: Makro-Desaster verhindernsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/07/Wachiwit-shutterstock_1453251818-NR_16z9.jpg?quality=50&strip=all 4576w, https://b2b-contenthub.com/wp-content/uploads/2025/07/Wachiwit-shutterstock_1453251818-NR_16z9.jpg?resize=300%2C168&quality=50&strip=…CSOONLINE.COM
18 JulHackers Abuse DNS Blind Spots to Stealthily Deliver MalwareCybersecurity researchers have uncovered a sophisticated technique where threat actors are exploiting DNS infrastructure to covertly store and distribute malware, turning the internet’s domain name system into an unwitting accomplice for malicious activities. The discovery …GBHACKERS.COM
18 JulMicrosoft Entra ID Flaw Enables Privilege Escalation to Global AdminSecurity researchers have uncovered a critical vulnerability in Microsoft Entra ID that allows attackers to escalate privileges and gain Global Administrator access, potentially compromising entire organizational environments. This flaw represents a significant security risk for …GBHACKERS.COM
18 JulBIND 9 Vulnerabilities Enable Cache Poisoning and Service DisruptionThe Internet Systems Consortium (ISC) has disclosed two critical security vulnerabilities in BIND 9, one of the most widely used DNS software implementations worldwide. Published on July 16, 2025, these vulnerabilities could allow attackers to poison DNS caches and disrupt DNS re…GBHACKERS.COM
18 Jul8 trends transforming the MDR market todayThe managed detection and response (MDR) market is having a moment. With traditional log collection and correlation tools struggling to keep up, and staffing for 24×7 coverage always a challenge, MDR provided by a specialist security provider is becoming an attractive choice for …CSOONLINE.COM
18 Jul10 Best XDR (Extended Detection & Response) Solutions 2025In 2025, the cybersecurity landscape is more fragmented and perilous than ever before. Organizations face an explosion of data sources, an increasing attack surface spanning endpoints, networks, cloud environments, and identities, and a relentless onslaught of sophisticated, mult…GBHACKERS.COM
18 Jul‘Daemon Ex Plist’ Vulnerability Grants Root Access on macOSA newly disclosed vulnerability dubbed “Daemon Ex Plist” allows attackers to escalate privileges from standard user to root access on macOS systems, exploiting a timing flaw in how the operating system handles daemon configuration files. Security researcher Egor Filat…GBHACKERS.COM
18 JulClément Domingo: “We are not using AI correctly to defend ourselves”Following Kaspersky Horizon on 1 July in Madrid, Clément Domingo, ethical hacker and cybersecurity evangelist, explains the cybercrime landscape now looks like the legitimate startup world: structured organizations with affiliates and even team-building culture. How a criminal st…CSOONLINE.COM
18 JulCritical Nvidia Toolkit Flaw Exposes AI Cloud Services to HackingWiz researchers discovered NVIDIAScape, an Nvidia Container Toolkit flaw that can be exploited for full control of the host machine. The post Critical Nvidia Toolkit Flaw Exposes AI Cloud Services to Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
18 JulThreat Actors Exploit GitHub Accounts to Host Payloads, Tools, and Amadey Malware PluginsCisco Talos researchers identified a sophisticated Malware-as-a-Service (MaaS) operation in April 2025 that employed the Amadey botnet to distribute various payloads. This operation exploited fake GitHub accounts as open directories for hosting malicious payloads, tools, and Amad…GBHACKERS.COM
18 JulWAFFLED: New Technique Targets Web Application Firewall WeaknessesCybersecurity researchers at Northeastern University and Dartmouth College have unveiled a groundbreaking attack technique that exploits fundamental parsing discrepancies in Web Application Firewalls (WAFs), potentially compromising the security of millions of websites worldwide.…GBHACKERS.COM
18 JulHackers Exploit ClickFix Tactics to Spread NetSupport RAT, Latrodectus, and Lumma StealerAttackers are increasingly leveraging the ClickFix social engineering technique to distribute potent malware families, including NetSupport RAT, Latrodectus, and Lumma Stealer. This method, which emerged prominently in recent months, tricks users into executing malicious commands…GBHACKERS.COM
18 JulCitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still VulnerableThe CitrixBleed 2 vulnerability in NetScaler may expose organizations to compromise even if patches have been applied. The post CitrixBleed 2: 100 Organizations Hacked, Thousands of Instances Still Vulnerable appeared first on SecurityWeek .SECURITYWEEK.COM
18 JulNew Mobile Phone Forensics ToolThe Chinese have a new tool called Massistant . Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding de…SCHNEIER.COM
18 Jul KEVFortinet FortiWeb Flaw Exploited in the Wild After PoC PublicationDozens of FortiWeb instances have been hacked after PoC targeting a recent critical vulnerability was shared publicly. The post Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication appeared first on SecurityWeek .SECURITYWEEK.COM
18 Jul1.4 Million Affected by Data Breach at Virginia Radiology PracticeRadiology Associates of Richmond has disclosed a data breach impacting protected health and personal information. The post 1.4 Million Affected by Data Breach at Virginia Radiology Practice appeared first on SecurityWeek .SECURITYWEEK.COM
18 JulGoogle Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android DevicesGoogle on Thursday revealed it's pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. "The BADBOX 2.0 botnet compromised over 10 million uncertified devi…THEHACKERNEWS.COM
18 JulBuilding scalable secrets management in hybrid cloud environments: Lessons from enterprise adoptionI’ll never forget the morning a few years ago, when a teammate accidentally pushed an AWS key to a public GitHub repo. It took less than 30 minutes before someone flagged the issue, and although we rotated the credentials quickly, that was our wake-up call. At the time, our organ…CSOONLINE.COM
18 JulGoogle Sues BadBox 2.0 Botnet Operators Behind 10 Million+ Infected DevicesGoogle has initiated legal proceedings against the operators of BadBox 2.0, identified as the largest botnet comprising internet-connected televisions and other devices. This botnet, uncovered through a collaborative effort with cybersecurity firms HUMAN Security and Trend Micro,…GBHACKERS.COM
18 JulCERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing CampaignThe Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that's designed to deliver a malware codenamed LAMEHUG. "An obvious feature of LAMEHUG is the use of LLM (large language model), used to generate commands based on their textual…THEHACKERNEWS.COM
18 JulNew QR Code Attacks Through PDFs Bypass Detection and Steal CredentialsResearchers at Cyble Research and Intelligence Labs (CRIL) have uncovered an ongoing quishing campaign dubbed “Scanception,” which exploits QR code-based delivery mechanisms to distribute credential-harvesting URLs. This advanced phishing operation begins with targete…GBHACKERS.COM
18 JulSpain: Chinese company Huawei must not be allowed access to wiretap data in 'normalisation of censorship and surveillance', rights group sayssubmitted by Hotznplotzn to cybersecurity 2 points | 0 comments https://www.article19.org/resources/spain-huawei-must-not-be-allowed-access-to-wiretap-data-in-the-eu cross-posted from: lemmy.sdf.org/post/38801109 Archived The Spanish Ministry of Interior has awarded a €12.3 milli…INFOSEC.PUB
18 JulSpain: Chinese company Huawei must not be allowed access to wiretap data in 'normalisation of censorship and surveillance', rights group sayssubmitted by Hotznplotzn to cybersecurity 4 points | 0 comments https://www.article19.org/resources/spain-huawei-must-not-be-allowed-access-to-wiretap-data-in-the-eu cross-posted from: lemmy.sdf.org/post/38801109 Archived The Spanish Ministry of Interior has awarded a €12.3 milli…SH.ITJUST.WORKS
18 JulA surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locationsThe new SS7 bypass-attack tricks phone operators into disclosing a cell subscriber's location, in some cases down to a few hundred meters.TECHCRUNCH.COM
18 JulNew Surge of Crypto-Jacking Hits Over 3,500 WebsitesCybersecurity experts at cside have discovered a clever campaign that infected over 3,500 websites with nefarious JavaScript miners, marking a startling return to crypto-jacking techniques reminiscent of the Coinhive heyday of 2017. This new wave, detected in late 2024, marks a d…GBHACKERS.COM
18 JulUNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin CampaignsMultiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a broader cyber espionage campaign. "This threat entity demonstrates a strong preference for using shortcut files (LNK), V…THEHACKERNEWS.COM
18 JulNew Veeam-Themed Phishing Attack Uses Weaponized WAV File to Target UsersCybercriminals are now leveraging seemingly innocuous voicemail notifications to distribute malware, with a recent campaign impersonating Veeam Software to exploit users’ trust in enterprise backup solutions. This attack vector highlights the growing intersection of social …GBHACKERS.COM
18 JulNovel malware from Russia’s APT28 prompts LLMs to create malicious Windows commandsRussian cyberespionage group APT28 has developed malware that generates commands by querying large language models (LLMs). The malware, dubbed LAMEHUG by the Ukrainian CERT, was used in recent spear phishing attacks against Ukrainian government entities and represents a new examp…CSOONLINE.COM
📢 SECURITY ADVISORIES 5[−]
18 JulCISA Publishes 13 ICS Security Advisories on Critical FlawsThe Cybersecurity and Infrastructure Security Agency (CISA) released thirteen Industrial Control Systems (ICS) security advisories on July 17, 2025, highlighting critical vulnerabilities that could compromise essential infrastructure operations. This coordinated disclosure repres…GBHACKERS.COM
18 JulUK ties GRU to stealthy Microsoft 365 credential-stealing malwareThe UK National Cyber Security Centre (NCSC) has formally attributed 'Authentic Antics' espionage malware attacks to APT28 (Fancy Bear), threat actor already linked to Russia's military intelligence service (GRU). [...]BLEEPINGCOMPUTER.COM
18 JulFTC Advisory: How to Protect Yourself Against Job ScamsThe US Federal Trade Commission (FTC) has issued an advisory warning of job scams that impersonate well-known companies with tempting employment opportunities.KNOWBE4.COM
🔥 INCIDENT REPORTING 15[−]
18 JulPoor Passwords Tattle on AI Hiring Bot Maker Paradox.aiSecurity researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence based…KREBSONSECURITY.COM
18 JulSalt Typhoon breach: Chinese APT compromises U.S. Army National Guard networksubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://securityaffairs.com/180018/intelligence/salt-typhoon-breach-chinese-apt-compromises-u-s-army-national-guard-network.html cross-posted from: lemmy.sdf.org/post/38773576 Archived A DoD report warns that China-n…INFOSEC.PUB
18 JulSalt Typhoon breach: Chinese APT compromises U.S. Army National Guard networksubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://securityaffairs.com/180018/intelligence/salt-typhoon-breach-chinese-apt-compromises-u-s-army-national-guard-network.html Archived A DoD report warns that China-nexus hacking group Salt Typhoon breached a U.S.…SH.ITJUST.WORKS
18 JulCybersecurity Today: DNS Malware, SonicWall Backdoor, Military Breach, and BigONE Crypto HackIn today's episode, host Jim Love covers recent cybersecurity threats, including malware hidden in DNS records, a custom backdoor targeting SonicWall SMA devices, the US military assuming a network compromise after Chinese hackers targeted VPNs and email servers, and a $27 millio…CYBERSECURITYTODAY.LIBSYN.COM
18 JulSettlement Reached in Investors’ Lawsuit Against Meta CEO Mark Zuckerberg and Other Company LeadersA settlement has been reached in the class action brought by investors against Meta over the Cambridge Analytica incident, but details have not been shared. The post Settlement Reached in Investors’ Lawsuit Against Meta CEO Mark Zuckerberg and Other Company Leaders appeared first…SECURITYWEEK.COM
18 JulAnne Arundel Dermatology Data Breach Impacts 1.9 Million PeopleAnne Arundel Dermatology said hackers had access to its systems for three months and may have stolen personal and health information. The post Anne Arundel Dermatology Data Breach Impacts 1.9 Million People appeared first on SecurityWeek .SECURITYWEEK.COM
18 JulRussian Vodka Maker Beluga Struck by Ransomware AttackNovabev Group, the parent company of premium vodka brand Beluga, has confirmed it was hit by a sophisticated ransomware attack on July 14, 2025, temporarily disrupting operations and affecting IT infrastructure across the company and its WineLab subsidiary. The Russian spirits ma…GBHACKERS.COM
18 JulFrom Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of RansomwareWith IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and …THEHACKERNEWS.COM
18 JulRussia’s war against Ukraine, China’s coercive actions toward Taiwan very likely 'primary drivers' of state-linked sabotage targeting submarine cable infrastructure, report sayssubmitted by randomname to cybersecurity 1 points | 0 comments https://www.recordedfuture.com/research/submarine-cables-face-increasing-threats cross-posted from: scribe.disroot.org/post/3613886 Archived version Executive Summary Events over the last eighteen months indicate that…INFOSEC.PUB
18 JulRussia’s war against Ukraine, China’s coercive actions toward Taiwan very likely 'primary drivers' of state-linked sabotage targeting submarine cable infrastructure, report sayssubmitted by randomname to cybersecurity 2 points | 0 comments https://www.recordedfuture.com/research/submarine-cables-face-increasing-threats cross-posted from: scribe.disroot.org/post/3613888 cross-posted from: scribe.disroot.org/post/3613886 Archived version Executive Summary…SH.ITJUST.WORKS
18 JulIn Other News: Law Firm Hacked by China, Symantec Flaw, Meta AI Hack, FIDO Key BypassNoteworthy stories that might have slipped under the radar: powerful US law firm hacked by China, Symantec product flaw, $10,000 Meta AI hack, cryptocurrency thieves bypassing FIDO keys. The post In Other News: Law Firm Hacked by China, Symantec Flaw, Meta AI Hack, FIDO Key Bypas…SECURITYWEEK.COM
18 JulVodafone von Hackerangriff auf Dienstleister betroffenEin Dienstleister von Vodafone Deutschland wurde von einem Cyberangriff getroffen. Alexander Fedosov – shutterstock.com Hacker haben einen externen Dienstleister von Vodafone angegriffen. Laut einem Bericht der Wirtschaftswoche kämpft der Mobilfunkkonzern in Deutschland deshalb s…CSOONLINE.COM
18 JulNew Phobos ransomware decryptor lets victims recover files for freeThe Japanese police have released a Phobos and 8-Base ransomware decryptor that lets victims recover their files for free, with BleepingComputer confirming that it successfully decrypts files. [...]BLEEPINGCOMPUTER.COM
18 JulRussian alcohol retailer WineLab closes stores after ransomware attackWineLab, the retail store of the largest alcohol company in Russia, has closed its stores following a cyberattack that is impacting its operations and causing purchase problems to its customers. [...]BLEEPINGCOMPUTER.COM
18 JulLumma Infostealer Steals Browser Data and Sells It as Logs on Underground MarketsInfostealers are specialized malware variants that routinely steal large amounts of sensitive data from compromised systems. This includes session tokens, login credentials, cryptocurrency wallet information, personally identifiable information (PII), multifactor authentication (…GBHACKERS.COM
🕵️ THREAT INTELLIGENCE 18[−]
18 JulISC Stormcast For Friday, July 18th, 2025 https://isc.sans.edu/podcastdetail/9532, (Fri, Jul 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 JulVeeam Phishing via Wav File, (Fri, Jul 18th)A interesting phishing attempt was reported by a contact. It started with a simple email that looked like a voice mail notification like many VoIP systems deliver when the call is missed. There was a WAV file attached to the mail[ 1 ]. ISC.SANS.EDU
18 JulGoogle Sues Operators of 10-Million-Device Badbox 2.0 BotnetGoogle has filed a lawsuit against the Badbox 2.0 botnet operators, after identifying over 10 million infected Android devices. The post Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet appeared first on SecurityWeek .SECURITYWEEK.COM
18 JulMicrosoft Uncovers Scattered Spider Tactics, Techniques, and Procedures in Recent AttacksMicrosoft has shed light on the sophisticated operations of Octo Tempest, a financially motivated cybercriminal group alternatively known as Scattered Spider, Muddled Libra, UNC3944, or 0ktapus. This threat actor has demonstrated a versatile arsenal of tactics, techniques, and pr…GBHACKERS.COM
18 JulFraud: A Growth Industry Powered by Gen-AIWith generative AI enabling fraud-as-a-service at scale, legacy defenses are crumbling. The next wave of cybercrime is faster, smarter, and terrifyingly synthetic. The post Fraud: A Growth Industry Powered by Gen-AI appeared first on SecurityWeek .SECURITYWEEK.COM
18 JulMicrosoft Defender for Office 365 Gets Enhanced Threat DashboardMicrosoft has announced significant transparency improvements for its email security platform, introducing a new customer-facing dashboard that provides detailed visibility into threat protection effectiveness across organizations. The enhanced dashboard for Microsoft Defender fo…GBHACKERS.COM
18 JulEmail Protection Startup StrongestLayer Emerges From Stealth ModeAI-native email security firm StrongestLayer has emerged from stealth mode with $5.2 million in seed funding. The post Email Protection Startup StrongestLayer Emerges From Stealth Mode appeared first on SecurityWeek .SECURITYWEEK.COM
18 JulUS aims to ban Chinese technology in undersea telecommunications cables over security concernssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.reuters.com/world/china/us-aims-ban-chinese-technology-submarine-cables-ft-reports-2025-07-16 cross-posted from: lemmy.sdf.org/post/38794024 Archived The U.S. Federal Communications Commission said on Wed…INFOSEC.PUB
18 JulUS aims to ban Chinese technology in undersea telecommunications cables over security concernssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.reuters.com/world/china/us-aims-ban-chinese-technology-submarine-cables-ft-reports-2025-07-16 Archived The U.S. Federal Communications Commission said on Wednesday it plans to adopt rules to bar companies…SH.ITJUST.WORKS
18 JulMicrosoft at Black Hat USA 2025: A unified approach to modern cyber defenseMicrosoft will spotlight its AI-first, end-to-end security platform at Black Hat USA 2025. Read our blog post for details on how to connect with us there and what to expect from our participation. The post Microsoft at Black Hat USA 2025: A unified approach to modern cyber defens…TECHCOMMUNITY.MICROSOFT.COM
18 JulSnake Keylogger Bypasses Windows Defender and Uses Scheduled Tasks to Steal CredentialsThreat actors have been using a sophisticated phishing operation to impersonate Turkish Aerospace Industries (TUSAŞ) in order to attack Turkish businesses, especially those in the defense and aerospace sectors. The campaign distributes malicious emails masquerading as contractual…GBHACKERS.COM
18 JulFancy Bear Hackers Target Governments and Military Entities with Advanced ToolsFancy Bear, designated as APT28 by cybersecurity experts, represents a sophisticated Russian cyberespionage collective operational since 2007, renowned for infiltrating governments, military organizations, and strategic entities globally. This group, also known under aliases such…GBHACKERS.COM
18 JulBefore Vegas: The “Red Hackers” Who Shaped China’s Cyber Ecosystemsubmitted by Pro to cybersecurity 1 points | 0 comments https://css.ethz.ch/en/center/CSS-news/2025/07/before-vegas-the-red-hackers-who-shaped-chinas-cyber-ecosystem.htmlINFOSEC.PUB
18 JulChinese Threat Actors Operate 2,800 Malicious Domains to Distribute Windows MalwareA sophisticated threat actor, dubbed “SilverFox,” has been orchestrating a large-scale malware distribution campaign since at least June 2023, primarily during Chinese time zone working hours. This operation focuses on Chinese-speaking individuals and entities both wi…GBHACKERS.COM
18 JulFriday Squid Blogging: The Giant Squid NebulaBeautiful photo . Difficult to capture , this mysterious, squid-shaped interstellar cloud spans nearly three full moons in planet Earth’s sky. Discovered in 2011 by French astro-imager Nicolas Outters , the Squid Nebula’s bipolar shape is distinguished here by the tel…SCHNEIER.COM
18 JulExistential Dread, MCP, Cloudflare, ESXI, QR Codes, Salt Typhoon, Aaran Leyland... - SWN #495Existential Dread and Seawater, MCP, Cloudflare, ESxi, QR Codes, Salt Typhoon, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-495YOUTUBE.COM
18 JulThousands of Spoofed News Sites Are Pushing Push Investment Fraud ScamsScammers are using over 17,000 phony news sites to push investment fraud, according to a new report from CTM360.KNOWBE4.COM
18 JulThe ASUS Dumpster Firesubmitted by recursive_recursion to cybersecurity 1 points | 0 comments cross-posted from: piefed.ca/post/85495 Invidious YoutubeSH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 1[−]
18 JulArch Linux pulls AUR packages that installed Chaos RAT malwareArch Linux has pulled three malicious packages uploaded to the Arch User Repository (AUR) were used to install the CHAOS remote access trojan (RAT) on Linux devices. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 6[−]
18 JulHR guidelines phishing email | Kaspersky official blogA malicious actor employing spear-phishing techniques to mass-mail fake HR guidelines.KASPERSKY.COM
18 JulOpenAI: GPT-5 is coming, "we'll see" if it creates a shockwaveOpenAI's next foundational and state-of-the-art model, GPT-5, is still on its way after a delay. OpenAI won't tell us the release date for now. [...]BLEEPINGCOMPUTER.COM
18 JulLoaf and order: Belgian police launch bread-based cybersecurity campaignThe future of cybersecurity awareness might just be… gluten-based.GRAHAMCLULEY.COM
18 JulSophos announces UAE data centerStrengthening cybersecurity, data sovereignty, and regional performance.SOPHOS.COM
18 JulNew ChatGPT o3-alpha model hints at coding upgradeChatGPT's o3 is OpenAI's best model to date because it features reasoning, and it might get even better in the next update. [...]BLEEPINGCOMPUTER.COM
18 JulMicrosoft mistakenly tags Windows Firewall error log bug as fixedMicrosoft has mistakenly tagged an ongoing Windows Firewall error message bug as fixed in recent updates, stating that they are still working on a resolution. [...]BLEEPINGCOMPUTER.COM