111Articles
10Categories
2025-07-23Date
🚨 CISA KEV 1[−]
23 Jul KEVCISA Warns of SysAid Vulnerability ExploitationCISA has added two recent SysAid vulnerabilities, CVE-2025-2776 and CVE-2025-2775, to its KEV catalog. The post CISA Warns of SysAid Vulnerability Exploitation appeared first on SecurityWeek .SECURITYWEEK.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
23 Jul KEVCISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live AttacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. To that end, Federal Civili…THEHACKERNEWS.COM
23 Jul KEVCISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRFThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-20…THEHACKERNEWS.COM
23 JulCritical JavaScript Library Vulnerability Exposes Apps to Remote AttacksA critical security vulnerability has been discovered in the widely-used form-data JavaScript package, potentially exposing thousands of applications to remote attacks through predictable boundary value generation. The vulnerability, designated as CVE-2025-7783, was pub…GBHACKERS.COM
23 JulSynology BeeDrive for Desktop on Windows Vulnerabilities Let Hackers Run Malicious CodeSynology has issued an urgent security advisory addressing critical vulnerabilities in its BeeDrive desktop application for Windows that could allow attackers to execute malicious code and delete arbitrary files. The company disclosed three separate Common Vulnerabilities and Exp…GBHACKERS.COM
23 JulAnalyzing Sharepoint Exploits (CVE-2025-53770, CVE-2025-53771), (Wed, Jul 23rd)A few days after the exploit originally became widely known, there are now many different SharePoint exploit attempts in circulation. We do see some scans by researchers to identify vulnerable systems (or to scan for common artifacts of compromise), and a few variations of the "T…ISC.SANS.EDU
⚠️ VULNERABILITY DISCLOSURE 32[−]
23 JulUK proposal would forbid ransom payments by gov’t agencies, but will it meaningfully decrease ransomware attacks?The UK government on Tuesday proposed an order that would forbid all government agencies and other government entities from making any ransom payments, regardless of circumstances. But security experts were skeptical that the measure would work in any meaningful way. The governme…CSOONLINE.COM
23 JulWarning to feds: US infrastructure is under silent attackThreat actors have become craftier as they increasingly target critical infrastructure, including operational technology (OT) environments such as electric grids, Nate Gleason, program leader at Lawrence Livermore National Laboratory (LLNL), told regulators during a federal heari…CSOONLINE.COM
23 JulDie besten DAST- & SAST-ToolsTools für Dynamic und Static Application Security Testing helfen Entwicklern, ihren Quellcode zu härten. Wir zeigen Ihnen die besten Tools zu diesem Zweck. Chim | shutterstock.com Die Softwarelieferkette – respektive ihre Schwachstellen – haben in den vergangenen Jahren für viel …CSOONLINE.COM
23 JulChinese Hackers Exploit Active 0-Day Vulnerability in SharePoint ServersMicrosoft has confirmed that Chinese nation-state actors are actively exploiting zero-day vulnerabilities in on-premises SharePoint servers, prompting urgent security updates and immediate patching recommendations for organizations worldwide. Vulnerability Discovery and Active Ex…GBHACKERS.COM
23 JulCISA Alerts on Active Exploitation of Microsoft SharePoint Code Injection and Authentication VulnerabilitiesThe Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent alerts regarding the active exploitation of two critical Microsoft SharePoint vulnerabilities, with organizations facing a same-day deadline to implement protective measures. The alert, released yesterd…GBHACKERS.COM
23 JulTop 10 MCP vulnerabilities: The hidden risks of AI integrationsModel context protocol (MCP) is quickly growing in popularity as a means for enabling AI assistants to connect and communicate with a range of data sources, tools, and services that can better inform their actions, recommendations, and decisions. The protocol standardizes this co…CSOONLINE.COM
23 JulHacker aus China nutzen neue Sharepoint-Lücke ausMicrosoft hat drei chinesische Hackergruppen identifiziert, die für die Angriffe über die Sicherheitslücke in SharePoint verantwortlich sein sollen. FOTOGRIN – shutterstock.com Bei den aktuellen Cyberattacken auf zahlreiche Unternehmen und Behörden führt die Spur Microsoft zufolg…CSOONLINE.COM
23 JulResearchers Expose Russia’s Most Secretive FSB Spy NetworkResearchers have pierced the veil of secrecy surrounding the Federal Security Service’s (FSB) 16th Center, a unit inheriting the Soviet KGB’s primary signals intelligence (SIGINT) capabilities. By leveraging open-source intelligence (OSINT) techniques combined with ph…GBHACKERS.COM
23 JulCISA Alerts on Chinese Hackers Actively Exploiting SharePoint 0-DayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation of critical SharePoint vulnerabilities by threat actors, with security researchers attributing the attacks to Chinese hackers. The agency warns that malicious acto…GBHACKERS.COM
23 JulHackers Start Exploiting Critical Cisco ISE VulnerabilitiesCisco says it is aware of attempted exploitation of critical ISE vulnerabilities leading to unauthenticated remote code execution. The post Hackers Start Exploiting Critical Cisco ISE Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulCoyote Malware Targets WILS, Abusing Microsoft UI Automation to Exfiltrate LoginsAkamai security researchers have uncovered a novel variant of the Coyote banking trojan that marks the inaugural documented instance of malicious actors exploiting Microsoft’s UI Automation (UIA) framework in real-world attacks. Initially detailed in a December 2024 Akamai …GBHACKERS.COM
23 JulLumma Stealer Malware Returns After Takedown AttemptThe Lumma Stealer is back after Microsoft and law enforcement took action to significantly disrupt the malware’s infrastructure. The post Lumma Stealer Malware Returns After Takedown Attempt appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulGoogle Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source PackagesGoogle has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams p…THEHACKERNEWS.COM
23 JulGoogle Sues the Badbox Botnet OperatorsIt will be interesting to watch what will come of this private lawsuit : Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google&#…SCHNEIER.COM
23 JulInterlock ransomware threat expands across the US and Europe, hits healthcare and smart citiesThe FBI, CISA, Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint cybersecurity advisory warning of an emerging ransomware threat from Interlock, a group that uses double extortion tactics to ta…CSOONLINE.COM
23 JulNew ZuRu Malware Variant Targets macOS via Termius SSH ExploitA sophisticated new variant of the macOS.ZuRu malware, originally identified in 2021, has resurfaced, employing a trojanized version of the Termius SSH client to deploy a modified Khepri command-and-control (C2) beacon. This iteration, detected in late May 2025, demonstrates adva…GBHACKERS.COM
23 JulWindows 11 Introduces Powerful New AI Features – What’s New!Microsoft today unveiled a sweeping set of artificial intelligence enhancements for Windows 11, marking the most ambitious infusion of AI tools into its flagship operating system to date. Building on recent findings that nearly 60 percent of PC users have embraced generative AI f…GBHACKERS.COM
23 JulClorox sues Cognizant for $380M over alleged helpdesk failures in cyberattackUS bleach and cleaning product giant Clorox has filed a $380 million lawsuit against IT services provider Cognizant, alleging the company’s helpdesk staff handed over network passwords to cybercriminals who simply called and asked for them, no questions asked. The complaint filed…CSOONLINE.COM
23 JulLumma Stealer Masquerades as Pirated Apps to Steal Logins and DataLumma Stealer, a notorious information-stealing malware-as-a-service (MaaS) platform, has swiftly reemerged after a coordinated global law enforcement operation in May 2025. The U.S. Department of Justice, alongside international partners, seized approximately 2,300 malicious dom…GBHACKERS.COM
23 JulMalicious LNK File Posing as Credit Card Security Email Steals User DataThreat actors have deployed a malicious LNK file masquerading as a credit card company’s security email authentication pop-up to pilfer sensitive user information. The file, named “card_detail_20250610.html.lnk,” cleverly disguises itself as a legitimate HTML do…GBHACKERS.COM
23 JulUS Nuclear Weapons Data Compromised via SharePoint Zero-Day AttackA significant cybersecurity breach has exposed vulnerabilities in critical US government infrastructure, as the National Nuclear Security Administration (NNSA) was reportedly compromised through a Microsoft SharePoint zero-day exploit linked to Chinese government-affiliated hacki…GBHACKERS.COM
23 JulCyberattack on Germany’s AMEOS Hospital Network Exposes Patient DataGermany’s AMEOS Hospital Network has confirmed a sophisticated cyberattack that compromised its IT infrastructure, leading to unauthorized access and potential exposure of sensitive data. Despite robust defenses including multi-factor authentication, intrusion detection sys…GBHACKERS.COM
23 JulNew Coyote Malware Variant Exploits Windows UI Automation to Steal Banking CredentialsThe Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information. "The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentia…THEHACKERNEWS.COM
23 JulCISA warns of hackers exploiting SysAid vulnerabilities in attacksCISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. [...]BLEEPINGCOMPUTER.COM
23 JulMimo Targets Magento CMS to Steal Card Details and Monetize BandwidthThe Datadog Security Research team has uncovered the Mimo threat actor also known as Mimo’lette or Hezb expanding its operations from Craft CMS to Magento CMS. Previously documented for deploying cryptominers via public-facing vulnerabilities, Mimo now exploits undetermined…GBHACKERS.COM
23 JulNew ACRStealer Exploits Google Docs and Steam for C2 Server Using DDR TechniqueACRStealer, an infostealer malware that has been circulating since last year and gained momentum in early 2025, continues to evolve with sophisticated modifications aimed at evading detection and complicating analysis. Initially documented by AhnLab Security Intelligence Center (…GBHACKERS.COM
23 JulCyberRiskTV Live Coverage from BlackHat 2025 - Day 2CyberRisk Alliance's Security Weekly broadcasting live from the CyberRiskTV Studio at BlackHat 2025 at Mandalay Bay in Las Vegas! Schedule (PT): 8:40am - Show Intro ft. Doug White & Jackie McGuire 9:10am - KeyFactor Executive Interview ft. Ted Shorter 9:40am - The End of an Era: …YOUTUBE.COM
23 JulUS nuclear weapons agency reportedly hacked in SharePoint attacksUnknown threat actors have reportedly breached the National Nuclear Security Administration's (NNSA) network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. [...]BLEEPINGCOMPUTER.COM
23 JulUS nuclear weapons agency hacked in Microsoft SharePoint attacksUnknown threat actors have breached the National Nuclear Security Administration's network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. [...]BLEEPINGCOMPUTER.COM
23 JulThreat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and ProxywareThe threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances. The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long…THEHACKERNEWS.COM
23 JulSmashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrongGraham warns why it is high time we said goodbye to 2G - the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing texts to thousands at …GRAHAMCLULEY.COM
23 JulWhite House AI plan heavy on cyber, light on implementationThe White House released an AI plan chock-full of cybersecurity provisions among what the White House says are 90 AI-related desired “policy actions.” Informed by 10,000 pages of comments solicited by the White House Office of Science and Technology, the policy, entitled “Winning…CSOONLINE.COM
📋 SECURITY BULLETINS 2[−]
23 JulChrome High-Severity Vulnerabilities Allow Hackers to Gain Full ControlGoogle has released an urgent security update for Chrome, addressing critical vulnerabilities that could potentially allow attackers to gain complete control over users’ systems. The stable channel has been updated to version 138.0.7204.168 for Windows and Mac, and 138.0.72…GBHACKERS.COM
23 JulHigh-Severity Flaws Patched in Chrome, FirefoxFresh security updates for Chrome and Firefox resolve multiple high-severity memory safety vulnerabilities. The post High-Severity Flaws Patched in Chrome, Firefox appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 12[−]
23 JulMozilla Launches Firefox 141 With Critical Security Fixes – Update ImmediatelyMozilla has today released Firefox 141, addressing a broad spectrum of security vulnerabilities that range from high-impact memory safety bugs to moderate issues in URL handling and sandboxing. The new release, announced on July 22, 2025, under Mozilla Foundation Security Advisor…GBHACKERS.COM
23 JulFrance Says Administrator of Cybercrime Forum XSS Arrested in UkraineFrench authorities announced that an alleged admin of XSS.is, one of the longest-running cybercrime forums, has been arrested in Ukraine. The post France Says Administrator of Cybercrime Forum XSS Arrested in Ukraine appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulUkraine arrests suspected admin of XSS Russian hacking forumThe suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office. [...]BLEEPINGCOMPUTER.COM
23 JulEuropean authorities arrest alleged admin of notorious Russian crime forum XSSFrench authorities say they wiretapped a server used by the administrator to access their private messages, which revealed activities relating to cybercrime and ransomware attacks.TECHCRUNCH.COM
23 JulWhy ‘Secure by Default’ Could Save MillionsSecurity shouldn’t be a premium feature. In this short, Janet Worthington exposes the critical need for vendors to offer built-in protections like MFA, SSO, and secure logging—without charging extra. With CISA’s Secure by Default initiative gaining traction, cybersecurity pros ar…YOUTUBE.COM
23 JulThis Is How Boards Kill Cybersecurity Projects 😬When a board pushes cybersecurity as a checkbox instead of a strategic initiative, things break—fast. In this short, cybersecurity pros Jason, Matt, and Matthew reveal how dangerous it gets when executive mandates chase outputs instead of real outcomes. AI detection quotas? Compl…YOUTUBE.COM
🔥 INCIDENT REPORTING 14[−]
23 JulCreams Cafe - 159,652 breached accountsIn May 2025, 160k records of customer data was allegedly obtained from Creams Cafe, "the UK's favourite dessert parlour". The data included email and physical addresses, names and phone numbers. Creams Cafe did not respond to repeated attempts to disclose the incident, …HAVEIBEENPWNED.COM
23 JulHackers Injected Malicious Firefox Packages in Arch Linux RepoCybersecurity researchers have identified a sophisticated supply chain attack targeting Arch Linux users through malicious packages designed to masquerade as Firefox browser variants. Three compromised packages containing Remote Access Trojan (RAT) malware were successfully uploa…GBHACKERS.COM
23 JulRansomware Groups Weaponize RMM Tools to Infiltrate Networks and Exfiltrate DataRansomware gangs have increasingly co-opted Remote Monitoring and Management (RMM) tools originally designed for IT operations to orchestrate sophisticated network intrusions, persistence, lateral movement, and data exfiltration. Investigations conducted in the second half of 202…GBHACKERS.COM
23 JulCyberattacke auf SWMH-MediengruppeDie Südwestdeutsche Medienholding (SWMH) wurde gehackt. Aller Verlagshäuser sind betroffen. MacroEcon – shutterstock.com Die Südwestdeutsche Medienholding (SWMH), zu der auch die “Süddeutsche Zeitung” gehört, ist eines der größten Verlagshäuser in Deutschland. Das Medienunternehm…CSOONLINE.COM
23 JulOrganizations Warned of Interlock Ransomware AttacksThe US government has issued an alert on the Interlock ransomware, which targets organizations via drive-by download attacks. The post Organizations Warned of Interlock Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulUK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble?Critics warn that a ban on ransomware payments may lead to dangerous unintended consequences, including forcing victims into secrecy or incentivizing attackers to shift tactics. The post UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? appeared first on SecurityWee…SECURITYWEEK.COM
23 JulHundreds of organizations breached by SharePoint mass-hacksOne of the hacked organizations reportedly includes the U.S. agency responsible for maintaining the country's stockpile of nuclear weapons. China-backed hackers have been observed carrying out the hacks targeting SharePoint servers.TECHCRUNCH.COM
23 JulCyberRiskTV Live Coverage from BlackHat 2025 - Day 1CyberRisk Alliance's Security Weekly broadcasting live from the CyberRiskTV Studio at BlackHat 2025 at Mandalay Bay in Las Vegas! Schedule (PT): 8:40am - Show Intro ft. Doug White & Jackie McGuire 9:10am - 360Privacy Executive Interview ft. Chuck Randolf 10:10am - Hard Truths Abo…YOUTUBE.COM
23 JulClorox Files Lawsuit Against Cognizant Over Employee Password Leak to HackersThe Clorox Company filed a major lawsuit against IT services provider Cognizant on July 22, 2025, seeking $380 million in damages over a devastating cyberattack that the cleaning products giant claims was enabled by Cognizant’s security failures. The lawsuit, filed in Alame…GBHACKERS.COM
23 JulCyberRiskTV Live Coverage from BlackHat 2025 - Day 3CyberRisk Alliance's Security Weekly broadcasting live from the CyberRiskTV Studio at BlackHat 2025 at Mandalay Bay in Las Vegas! Schedule (PT): 8:40am - Show Intro ft. Doug White & Matt Alderman 9:10am - ThreatLocker Executive Interview ft. Danny Jenkins 9:40am - How the Enterpr…YOUTUBE.COM
23 JulNPM package ‘is’ with 2.8M weekly downloads infected devs with malwareThe popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices. [...]BLEEPINGCOMPUTER.COM
23 JulHackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuitClorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive August 2023 cyberattack by resetting an employee's password for a hacker without first verifying their identity. [...]BLEEPINGCOMPUTER.COM
23 JulUK to ban public sector from paying ransomware demandsRansomware, considered by British authorities to be the UK's greatest cybercrime threat, costing the nation billions of pounds and with the capbility to bring essential services to a standstill, is in the gunsights of government. Read more in my article on the Hot for Security bl…BITDEFENDER.COM
23 JulHard Truth: Endpoint Security Isn’t Enough AnymoreWhile most teams obsess over endpoint protection, Danny Jenkins drops a brutal truth: attackers are skipping endpoints and heading straight for the cloud. In this short, he reveals how cloud threats like stolen tokens, GitHub hijacks, and real-time ACL abuse are now the front lin…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 29[−]
23 JulDeny by Default: Genius or Dangerous?When Danny Jenkins explains the logic behind “deny by default,” it flips conventional cybersecurity on its head. While most rely on EDRs and constant updates, this mindset avoids unnecessary downtime and false positives—by simply blocking everything new until it's approved. Is th…YOUTUBE.COM
23 JulLawsuit says Clorox hackers got passwords simply by askingsubmitted by floofloof to cybersecurity 4 points | 0 comments https://www.nbcnews.com/business/business-news/lawsuit-says-clorox-hackers-got-passwords-simply-asking-rcna220313SH.ITJUST.WORKS
23 JulTapTrap: new attack on Android that lures you into performing actions you did not intend to do. This allows an app to access your camera or location, or erase your device—all without your consent.submitted by floofloof to cybersecurity 3 points | 0 comments https://taptrap.click/ cross-posted from: programming.dev/post/34366844 Lobsters . Hackernews .SH.ITJUST.WORKS
23 JulISC Stormcast For Wednesday, July 23rd, 2025 https://isc.sans.edu/podcastdetail/9538, (Wed, Jul 23rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
23 JulKali Linux Introduces Two New Tools for Raspberry Pi to Boost Wi-Fi PerformanceKali Linux maintainers have unveiled two new packages designed to unleash the full potential of the Raspberry Pi’s onboard wireless chipset, enabling native monitor-mode and packet-injection capabilities without the need for external adapters. Arriving as part of the recent…GBHACKERS.COM
23 JulWindows 11 Introduces Black Screen of Death and Auto RecoveryMicrosoft has unveiled significant updates to Windows 11’s system recovery capabilities, introducing a redesigned “Black Screen of Death” interface alongside new automated recovery features designed to minimize downtime and improve user experience during system …GBHACKERS.COM
23 JulHackerangriff auf die SWMH-MediengruppeHacker haben die Südwestdeutsche Medienholding (SWMH) angegriffen. MacroEcon – shutterstock.com Die Südwestdeutsche Medienholding (SWMH) mit dem Flaggschiff “Süddeutsche Zeitung” ist Ziel eines Hackerangriffs geworden. Unbefugten Dritten sei es kurzfristig gelungen, auf das Netzw…CSOONLINE.COM
23 JulGetting Consensus as a CISO, While Calculating Cybersecurity ROI and Building a Team -... - BSW #405How do we get security right? The answer varies by many factors, including industry, what you're trying to protect, and what the C Suite and Board care about. Khaja Ahmed, Advisor at CISO Forum, joins Business Security Weekly to discuss how to get consensus on your security progr…YOUTUBE.COM
23 JulCritical Vulnerabilities Patched in Sophos FirewallSophos has patched five vulnerabilities in Sophos Firewall that could allow remote attackers to execute arbitrary code. The post Critical Vulnerabilities Patched in Sophos Firewall appeared first on SecurityWeek .SECURITYWEEK.COM
23 Jul"The Irish State pays for China's surveillance in Ireland:" Rights group criticizes government as thousands of China's Hikvision cameras are installed across Ireland despite bans in other countriessubmitted by randomname to cybersecurity 2 points | 0 comments https://www.iccl.ie/digital-data/irelands-ultimate-own-goal cross-posted from: scribe.disroot.org/post/3685425 Archived [The report by Irish Council for Civil Liberties can be downloaded from the linked site.] TLDR: A…INFOSEC.PUB
23 Jul"The Irish State pays for China's surveillance in Ireland:" Rights group criticizes government as thousands of China's Hikvision cameras are installed across Ireland despite bans in other countriessubmitted by randomname to cybersecurity 2 points | 0 comments https://www.iccl.ie/digital-data/irelands-ultimate-own-goal cross-posted from: scribe.disroot.org/post/3685425 Archived [The report by Irish Council for Civil Liberties can be downloaded from the linked site.] TLDR: A…SH.ITJUST.WORKS
23 JulFive fundamentals for a cyber-resilient futureHow to stay adaptive and reduce risk in an evolving threat landscape.SOPHOS.COM
23 JulBrave Browser Block Microsoft Recall Over Privacy IssuesBrave Software today announced that, beginning with version 1.81 for Windows 11 and newer, the Brave browser will automatically disable Microsoft’s Recall feature by default. Recall, introduced by Microsoft in May 2024 as a C…GBHACKERS.COM
23 JulSTRATEGIC REEL: From guesswork to ground truth — stopping threats before they spreadIn today’s post-signature world, attackers don’t just break in — they blend in. In this second installment of the Last Watchdog Strategic LinkedIn Reel (LW SLR) series, Corelight CEO Brian Dye delivers a clear-eyed take on how defenders can regain … (more…) The post STRATEG…LASTWATCHDOG.COM
23 JulRedefining DNS ProtectionADNS leverages Precision AI®, our proprietary AI system combining deep learning, machine learning and generative AI to deliver DNS-layer protection. The post Redefining DNS Protection appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
23 JulCoyote Banking Trojan First to Abuse Microsoft UIAAkamai’s analysis of the Coyote malware revealed that it abuses Microsoft’s UIA accessibility framework to obtain data. The post Coyote Banking Trojan First to Abuse Microsoft UIA appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulShould We Trust AI? Three Approaches to AI FallibilityExperts unpack the risks of trusting agentic AI, arguing that fallibility, hype, and a lack of transparency demand caution—before automation outpaces our understanding. The post Should We Trust AI? Three Approaches to AI Fallibility appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulOpenAI’s Sam Altman Warns of AI Voice Fraud Crisis in BankingAI voice clones can impersonate people in a way that Altman said is increasingly “indistinguishable from reality” and will require new methods for verification. The post OpenAI’s Sam Altman Warns of AI Voice Fraud Crisis in Banking appeared first on SecurityWeek .SECURITYWEEK.COM
23 JulSilicon Valley Engineer Pleads Guilty in U.S. Missile Detection Data Theft CaseA Silicon Valley engineer with dual U.S.-China citizenship pleaded guilty to stealing critical defense technologies worth hundreds of millions of dollars, including classified systems designed to detect nuclear missile launches and track hypersonic weapons. The case highlights gr…GBHACKERS.COM
23 Jul‘If you are reading…’: This password ‘mistake’ shuts down a 158-year-old companysubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.hindustantimes.com/technology/if-you-are-reading-this-password-mistake-shuts-down-a-158-year-old-company-101753167935709.htmlINFOSEC.PUB
23 JulOperation CargoTalon Targets Russian Aerospace & Defense to Deploy EAGLET ImplantSEQRITE Labs’ APT-Team has uncovered a sophisticated spear-phishing campaign dubbed Operation CargoTalon, targeting employees at Russia’s Voronezh Aircraft Production Association (VASO), a key aerospace entity. The operation leverages malicious attachments disguised a…GBHACKERS.COM
23 JulHidden Backdoor in WordPress Plugins Grants Attackers Ongoing Access to WebsitesSecurity researchers have discovered a concerning trend in which a highly skilled malware campaign has been targeting WordPress websites by using the frequently disregarded mu-plugins directory to insert a covert backdoor. This directory, short for “must-use plugins,”…GBHACKERS.COM
23 JulHacker Com: Cyber Criminal Subset of The Community (Com) is a Rising Threat to Youth Onlinesubmitted by Pro to cybersecurity 3 points | 0 comments https://www.ic3.gov/PSA/2025/PSA250723INFOSEC.PUB
23 JulIn Real Life (IRL) Com: Violent Subset of The Community (Com) is a Rising Threat to Youth Online(submitted by Pro to cybersecurity 2 points | 0 comments https://www.ic3.gov/PSA/2025/PSA250723-2INFOSEC.PUB
23 JulThe Com: Theft, Extortion, and Violence are a Rising Threat to Youth Onlinesubmitted by Pro to cybersecurity 1 points | 0 comments https://www.ic3.gov/PSA/2025/PSA250723-3INFOSEC.PUB
23 JulThis Tiny Bias in AI Could Lead to Massive ProblemsAI systems are everywhere—translating our words, sorting our data, and shaping our digital experience. But what happens when even a tiny bias slips through the algorithm? In this short, Pravallika Devineni breaks down a shocking example from Google Translate, where female-coded r…YOUTUBE.COM
23 Jul[JS Required] xss.is got shutdown.submitted by Pro to cybersecurity 1 points | 0 comments https://www.europol.europa.eu/media-press/newsroom/news/key-figure-behind-major-russian-speaking-cybercrime-forum-targeted-in-ukraineINFOSEC.PUB
23 JulBrave blocks Windows Recall from screenshotting your browsing activityBrave Software says its privacy-focused browser will block Microsoft's Windows Recall from capturing screenshots of Brave windows by default to protect users' privacy. [...]BLEEPINGCOMPUTER.COM
23 JulOperation Grayskull Culminates in Lengthy Sentences for Managers of Dark Web Site Dedicated to Sexual Abuse of Childrensubmitted by Pro to cybersecurity 1 points | 0 comments https://www.justice.gov/opa/pr/operation-grayskull-culminates-lengthy-sentences-managers-dark-web-site-dedicated-sexualINFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 2[−]
23 JulKerberoasting Detections: A New Approach to a Decade-Old ChallengeSecurity experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections rely on brittle heuristics and static rules, which don’t hold up for detecting potential attack patterns in …THEHACKERNEWS.COM
23 JulRisky Business #799 -- Everyone's Sharepoint gets shelledRisky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagon’s cloud maintenance to China okay (it was not) She shells Sharepoint by the sea-shore (by ‘she’ we m…RISKY.BIZ
🎙️ PODCASTS 1[−]
23 JulHaving some technical problems with podcast distribution.We're having some issues with podcast distribution. We're going to take a couple of days to figure out what is going on and what, if anything, we can do about it.CYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 13[−]
23 JulSmall world: The revitalization of small AI models for cybersecuritySophos X-Ops explores why larger isn’t always better when it comes to solving security challenges with AISOPHOS.COM
23 JulMicrosoft fixes bug behind incorrect Windows Firewall errorsMicrosoft has resolved a known issue that triggers invalid Windows Firewall errors after rebooting Windows 11 24H2 systems with the June 2025 preview update installed. [...]BLEEPINGCOMPUTER.COM
23 JulOperator of Jetflix illegal streaming service gets 7 years in prisonThe ringleader of the Jetflicks illegal paid streaming operation, a massive service with tens of thousands of subscribers, was sentenced to seven years in prison. [...]BLEEPINGCOMPUTER.COM
23 JulHow to set up security and privacy in Garmin apps | Kaspersky official blogWe guide you step-by-step through configuring your Garmin smart device security settings, and reveal how malicious actors could potentially misuse your data.KASPERSKY.COM
23 Julnpm 'accidentally' removes Stylus package, breaks builds and pipelinesnpm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. [...]BLEEPINGCOMPUTER.COM
23 JulOpenAI prepares Sora 2 to take on Google's Veo 3OpenAI has had enough of Google's Veo 3 dominating generative AI videos and is now working on Sora 2, the successor to Sora. [...]BLEEPINGCOMPUTER.COM
23 JulOpenAI confirms ChatGPT's new study feature, helps with examsOpenAI is testing a new 'Study together' feature, and today, a new announcement within the ChatGPT web app confirms it. [...]BLEEPINGCOMPUTER.COM
23 JulHow to harden your Active Directory against KerberoastingKerberoasting gives attackers offline paths to crack service account password, without triggering alerts. Learn from Specops Software how to protect your Active Directory with stronger SPN password policies and reduced attack surfaces. [...]BLEEPINGCOMPUTER.COM
23 JulChatGPT is rolling out 'personality' toggles to become your assistantOpenAI is rolling out a new "personality" feature on the ChatGPT web app. This allows you to choose between multiple personalities, such as "Robot." [...]BLEEPINGCOMPUTER.COM
23 JulBeyond “Better Together”: Maximize your Microsoft 365 security with Sophos MDRSophos MDR and Microsoft 365 aren’t just "better" together, they’re "best" together.SOPHOS.COM
23 JulProton launches privacy-respecting encrypted AI assistant LumoProton has launched a new tool called Lumo, offering a privacy-first AI assistant that does not log user conversations and doesn't use their prompts for training. [...]BLEEPINGCOMPUTER.COM
23 JulHow do hackers get passwords? Sometimes, they just ask.Massive 2023 hack was easily preventable, Clorox says.ARSTECHNICA.COM