🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
19 JulCustomer guidance for SharePoint vulnerability CVE-2025-53770Summary Microsoft is aware of active attacks targeting on-premises SharePoint Server customers. The attacks are exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. SharePoint Online in Microsoft 365 is not impacted. A patch is currently no…MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
19 JulChina's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated PhonesCybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company…THEHACKERNEWS.COM
19 JulExploring the Dark Side of AI: Risks, Consciousness, and ResponsibilityThe Cybersecurity Today episode revisits a discussion on the risks and implications of AI hosted by Jim Love, with guests Marcel Gagné and John Pinard. They discuss the 'dark side of AI,' covering topics like AI misbehavior, the misuse of AI as a tool, and the importance of data …CYBERSECURITYTODAY.LIBSYN.COM
🕵️ THREAT INTELLIGENCE 3[−]
19 JulFirmware Vulnerabilities Continue to Plague Supply Chainsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/firmware-vulnerabilities-plague-supply-chainINFOSEC.PUB
19 JulThese are our favorite cyber books on hacking, espionage, crypto, surveillance, and moreThese are our favorite cybersecurity books, both by fiction authors, as well as journalists and researchers.TECHCRUNCH.COM
19 JulThreat actors downgrade FIDO2 MFA auth in PoisonSeed phishing attackA PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. [...]BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
19 JulPopular npm linter packages hijacked via phishing to drop malwarePopular JavaScript libraries eslint-config-prettier and eslint-plugin-prettier were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 4[−]
19 JulOpenAI, Anthropic, Google may disrupt education market with new AI toolsAI companies could soon disrupt the education market with their new AI-based learning tools for students. [...]BLEEPINGCOMPUTER.COM
19 JulFor privacy and security, think twice before granting AI access to your personal dataAI tools are increasingly asking for gross levels of access to your personal data under the guise of needing it to work.TECHCRUNCH.COM
19 JulChatGPT"s GPT-5-reasoning-alpha model spotted ahead of launchGPT-5 might be just a few days or weeks away, as we've spotted references to a new model called gpt-5-reasoning-alpha-2025-07-13. [...]BLEEPINGCOMPUTER.COM
19 JulMicrosoft says it will no longer use engineers in China for Department of Defense workFollowing a Pro Publica report that Microsoft was using engineers in China to help maintain cloud computing systems for the U.S. Department of Defense, the company said it’s made changes to ensure this will no longer happen.TECHCRUNCH.COM