117Articles
9Categories
2025-07-29Date
🚨 CISA KEV 2[−]
29 Jul KEVCISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The …THEHACKERNEWS.COM
29 Jul KEVCISA Issues Alert on Cisco Identity Services Engine Flaw Exploited in Active AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding severe vulnerabilities in Cisco’s Identity Services Engine (ISE) that are being actively exploited by threat actors. The agency added two critical injection vulnerabil…GBHACKERS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
29 Jul KEVPoC Exploit Published for Actively Exploited Cisco Identity Services Engine FlawSecurity researchers have published a detailed proof-of-concept exploit for a critical vulnerability in Cisco Identity Services Engine (ISE) that allows attackers to achieve remote code execution without authentication. The flaw, tracked as CVE-2025-20281, affects the widely-depl…GBHACKERS.COM
29 Jul KEVCISA Issues Alert on PaperCut RCE Vulnerability Under Active ExploitationThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical PaperCut vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation attempts targeting the widely-used print management software. The vulnerabili…GBHACKERS.COM
29 JulCitrix NetScaler Devices Memory Leak: CVE-2025-5777submitted by kid to cybersecurity 1 points | 0 comments https://www.sonicwall.com/blog/citrix-netscaler-devices-memory-leak-cve-2025-5777SH.ITJUST.WORKS
29 JulAuto-Color RAT targets SAP NetWeaver bug in an advanced cyberattackThreat actors recently tried to exploit a freshly patched max-severity SAP Netweaver flaw to deploy a persistent Linux remote access trojan (RAT) “Auto-Color.” According to a Darktrace report, a recent attack abused the flaw to set up a stealthy advanced-stage compromise but was …CSOONLINE.COM
29 JulCritical CodeIgniter Flaw Exposes Millions of Web Apps to File Upload AttacksA critical security vulnerability in CodeIgniter4’s ImageMagick handler has been discovered that could allow attackers to execute arbitrary commands on affected web applications through malicious file uploads. The vulnerability, tracked as CVE-2025-54418, has been assigned …GBHACKERS.COM
29 JulHackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malwareHackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. [...]BLEEPINGCOMPUTER.COM
29 JulCould Perplexity Make Cyber Tools Smarter?When cybersecurity expert Matthew Toussain explains why building a vulnerability scanner is so tough, he drops a truth bomb: legacy tools like Nexpose, Tenable, and Qualys have decades of IP backing them. But what if AI could level the playing field? 🤯 Enter Vulnerability GPT — a…YOUTUBE.COM
⚠️ VULNERABILITY DISCLOSURE 37[−]
29 JulEmpathie trifft IT-Sicherheit: Der Weg zu gelebter ComplianceCISOs sollten Sicherheitsrichtlinien mit Blick auf die Belegschaft gestalten. earthphotostock – shutterstock.com In vielen Unternehmen stoßen IT-Sicherheitsrichtlinien auf Widerstand, da Mitarbeitende sie als hinderlich oder praxisfern empfinden. Dies erschwert die Umsetzung, unt…CSOONLINE.COM
29 JulUNC3886 Exploits Multiple 0-Day Bugs in VMware vCenter, ESXi, and Fortinet FortiOSThe advanced persistent threat group UNC3886 has escalated its sophisticated cyber espionage campaign by exploiting multiple zero-day vulnerabilities across critical infrastructure platforms, including VMware vCenter, ESXi hypervisors, and Fortinet FortiOS systems. This revelatio…GBHACKERS.COM
29 JulAeroflot Hit by Year‑Long Cyber Operation That Allegedly Wiped 7,000 ServersRussia’s flagship carrier Aeroflot is reeling from a devastating cyberattack that pro-Ukraine hacking groups claim wiped approximately 7,000 servers and stole over 20 terabytes of sensitive data during a year-long clandestine operation. The airline was forced to cancel doze…GBHACKERS.COM
29 JulThe healthcare industry is at a cybersecurity crossroadsHealthcare is one of the largest industries in the world. In the US, healthcare spending accounts for about 17% of the country’s gross domestic product (GDP) and is expected to increase to over 20% by the early 2030s. Recent data (2025 projections) also indicates that health and …CSOONLINE.COM
29 JulHow AI red teams find hidden flaws before attackers doAI systems present a new kind of threat environment, leaving traditional security models — designed for deterministic systems with predictable behaviors — struggling to account for the fluidity of an attack surface in constant flux. “The threat landscape is no longer static,” say…CSOONLINE.COM
29 JulHackers Exploit IIS Servers with New Web Shell Script for Full Remote ControlSecurity researchers have examined a complex online shell script called UpdateChecker.aspx that was installed on compromised Internet Information Services (IIS) servers in response to a notable increase in cyberthreats directed at Microsoft Windows installations. This analysis st…GBHACKERS.COM
29 JulNew macOS Vulnerability Allows Attackers to Steal Private Files by Bypassing TCCMicrosoft Threat Intelligence has uncovered a critical macOS vulnerability that enables attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework, potentially exposing sensitive user data including files protected by privacy controls and information cac…GBHACKERS.COM
29 JulOrganizations Warned of Exploited PaperCut FlawThreat actors are exploiting a two-year-old vulnerability in PaperCut that allows them to execute arbitrary code remotely. The post Organizations Warned of Exploited PaperCut Flaw appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulTriage is Key! Python to the Rescue!, (Tue, Jul 29th)When you need to quickly analyze a lot of data, there is one critical step to perform: Triage. In forensic investigations, this step is critical because it allows investigators to quickly identify, prioritize, and isolate the most relevant or high value evidence from large volume…ISC.SANS.EDU
29 JulPyPI Alerts Developers to New Phishing Attack Using Fake PyPI SitePython developers are being warned about a sophisticated phishing campaign targeting users of the Python Package Index (PyPI) through fraudulent emails and a deceptive clone of the official repository website. While PyPI’s infrastructure remains secure, attackers are exploi…GBHACKERS.COM
29 JulSploitlight: macOS Vulnerability Leaks Sensitive InformationThe TCC bypass could expose information cached by Apple Intelligence, including geolocation and biometric data. The post Sploitlight: macOS Vulnerability Leaks Sensitive Information appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulHow the Browser Became the Main Cyber BattlegroundUntil recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent: Compromise an endpoint via software exploit, or social engineering a user to run malware on their device;  Find ways to move laterally inside the n…THEHACKERNEWS.COM
29 JulWhy React Didn't Kill XSS: The New JavaScript Injection PlaybookReact conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype pollution to AI-generated code, bypassing the very frameworks designed to keep applicati…THEHACKERNEWS.COM
29 JulResearchers Reveal Technical Details of SonicWall SMA100 Series N-Day VulnerabilitiesSecurity researchers have disclosed technical details of three previously patched vulnerabilities affecting SonicWall’s SMA100 series SSL-VPN appliances, highlighting concerning pre-authentication security flaws that could have enabled remote code execution and cross-site s…GBHACKERS.COM
29 JulCISA flags PaperCut RCE bug as exploited in attacks, patch nowsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-flags-papercut-rce-bug-as-exploited-in-attacks-patch-now/SH.ITJUST.WORKS
29 JulThe Huawei Dilemma: Why Europe Needs Strong Intelligence Guardrailssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.thecipherbrief.com/huawei-spain-intelligence cross-posted from: lemmy.sdf.org/post/39439229 Op-ed by Dr. Dave Venable , Chair of the Institute for Strategic Risk and Security (ISRS), and Mykola Volkivskyi…INFOSEC.PUB
29 JulSpy satellite agency says law enforcement probing 'incident' affecting contracting site | Reuterssubmitted by kid to cybersecurity 2 points | 0 comments https://www.reuters.com/legal/litigation/spy-satellite-agency-says-law-enforcement-probing-incident-affecting-contracting-2025-07-28/SH.ITJUST.WORKS
29 JulThe Huawei Dilemma: Why Europe Needs Strong Intelligence Guardrailssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.thecipherbrief.com/huawei-spain-intelligence cross-posted from: lemmy.sdf.org/post/39439229 Op-ed by Dr. Dave Venable , Chair of the Institute for Strategic Risk and Security (ISRS), and Mykola Volkivskyi…SH.ITJUST.WORKS
29 JulExploit available for critical Cisco ISE bug exploited in attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/exploit-available-for-critical-cisco-ise-bug-exploited-in-attacks/SH.ITJUST.WORKS
29 JulChina-linked group Fire Ant exploits VMware and F5 flaws since early 2025submitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/180451/hacking/china-linked-group-fire-ant-exploits-vmware-and-f5-flaws-since-early-2025.htmlSH.ITJUST.WORKS
29 JulGemini CLI Vulnerability Allows Silent Execution of Malicious Commands on Developer SystemsSecurity researchers at Tracebit have discovered a critical vulnerability in Google’s Gemini CLI that enables attackers to silently execute malicious commands on developers’ systems through a sophisticated combination of prompt injection, improper validation, and misl…GBHACKERS.COM
29 JulSeal Security Raises $13 Million to Secure Software Supply ChainThe open source security firm will use the investment to enhance go-to-market efforts and accelerate platform expansion. The post Seal Security Raises $13 Million to Secure Software Supply Chain appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulChaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. VictimsA newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter's dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the latest entrant…THEHACKERNEWS.COM
29 JulCISA and Partners Release Updated Advisory on Scattered Spider GroupCISA, along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security Centre’s Australian Signals Directorate, and the Australian Federal Police and National Cyber Security Centre, released an update…CISA.GOV
29 JulWiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. "The vulnerability we discovered was remarkably simple to exploit -- by p…THEHACKERNEWS.COM
29 JulHow to Shrink Your Attack Surface Fast ⚔️Most cybersecurity professionals focus on firewalls and monitoring tools—but Melina Scotto knows the real magic starts with reducing the digital footprint. In this clip, she breaks down why vulnerability reduction and decommissioning unused assets are critical steps in any smart …YOUTUBE.COM
29 JulLenovo Firmware Vulnerabilities Allow Persistent Implant DeploymentVulnerabilities discovered by Binarly in Lenovo devices allow privilege escalation, code execution, and security bypass. The post Lenovo Firmware Vulnerabilities Allow Persistent Implant Deployment appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulQwins Ltd: Bulletproof Hosting Provider Powering Global Malware CampaignsSecurity researchers may have discovered a reliable hosting company run by Qwins Ltd. that supports a broad range of international malware operations in a recent analysis resulting from standard follow-up on Lumma infostealer infections. Lumma, consistently ranking among the top …GBHACKERS.COM
29 JulQilin Ransomware Gains Momentum with Legal Assistance Option for AffiliatesThe Qilin ransomware gang has introduced a “Call Lawyer” feature for its affiliates, announced on a Russian-speaking darknet forum. This Ransomware-as-a-Service (RaaS) enhancement provides on-demand legal assistance during extortion negotiations, leveraging the percei…GBHACKERS.COM
29 JulAndroid Banking Malware Masquerades as Government Agencies to Attack UsersCyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated Android banking trojan dubbed RedHook, which disguises itself as legitimate applications from Vietnamese government and financial institutions to deceive users. This malware, first observed in the wild arou…GBHACKERS.COM
29 JulCISA Releases Part One of Zero Trust Microsegmentation GuidanceCISA released Microsegmentation in Zero Trust, Part One: Introduction and Planning as part of its ongoing efforts to support Federal Civilian Executive Branch (FCEB) agencies implementing zero trust architectures (ZTAs).  This guidance provides a high-level overview of micro…CISA.GOV
29 JulCISA Releases Five Industrial Control Systems AdvisoriesCISA released five Industrial Control Systems (ICS) advisories on July 29, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-158-04 Johnson Controls Software House iStar Pro Door Controller (Upd…CISA.GOV
29 JulGoogle patches Gemini CLI tool after prompt injection flaw uncoveredIt’s barely been out for a month and already security researchers have discovered a prompt injection vulnerability in Google’s Gemini command line interface (CLI) AI agent that could be exploited to steal sensitive data such as credentials and API keys from unwary developers. Gem…CSOONLINE.COM
29 JulVulnerability-Lookup 2.14.0 releasedsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.vulnerability-lookup.org/2025/07/25/vulnerability-lookup-2-14-0/ We’re glad to announce version 2.14.0 of Vulnerability-Lookup! This version introduces several new features, enhancements, and fixes. What’s New…INFOSEC.PUB
29 JulApple Updates Everything: July 2025, (Tue, Jul 29th)Apple today released updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. This is a feature release, but it includes significant security updates. Apple patches a total of 29 different vulnerabilities. None of these vulnerabilities has been identified as exploited. ISC.SANS.EDU
29 JulThe hidden risks of browser extensions – and how to stay safeNot all browser add-ons are handy helpers – some may contain far more than you have bargained forWELIVESECURITY.COM
29 JulCISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure OrganizationSummary The Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Coast Guard (USCG) are issuing this Cybersecurity Advisory to present findings from a recent CISA and USCG hunt engagement. The purpose of this advisory is to highlight identified cybersecurity issues, t…CISA.GOV
📢 SECURITY ADVISORIES 6[−]
29 JulLionishackers Exfiltrate Sensitive Corporate Databases for Sale on the Dark WebOutpost24’s threat intelligence researchers have uncovered the operations of Lionishackers, a financially motivated cyber threat actor specializing in the exfiltration and illicit sale of corporate databases. This group employs an opportunistic approach to target selection,…GBHACKERS.COM
29 JulCybersicherheitsausgaben wachsen langsamerDie Ausgaben steigen weltweit, in Deutschland aber mit leichter Delle. PeopleImages.com – Yuri A Viele Unternehmen haben bereits realisiert, wie wichtig Investitionen in Cybersicherheit sind und erhöhen dementsprechend ihre Ausgaben – soweit es das Budget zulässt. Diese Entwicklu…CSOONLINE.COM
29 JulJoint cyber security advisory on Scattered SpiderScattered Spider is a cyber criminal group that targets large organizations and their contracted information technology help desks.CYBER.GC.CA
🔥 INCIDENT REPORTING 18[−]
29 JulCyberattack On Russian Airline Aeroflot Causes the Cancellation of More Than 100 FlightsUkrainian and Belarusian hacker groups, which oppose the rule of Belarusian President Alexander Lukashenko, claimed responsibility for the cyberattack. The post Cyberattack On Russian Airline Aeroflot Causes the Cancellation of More Than 100 Flights appeared first on SecurityWeek…SECURITYWEEK.COM
29 JulGitHub Outage Hits Users Globally, Core Services UnavailableGitHub experienced a significant global outage on July 28-29, 2025, disrupting core services used by millions of developers worldwide. The incident, which lasted approximately eight hours, affected API requests, Issues, and Pull Requests functionality before being fully resolved …GBHACKERS.COM
29 JulGunra Ransomware Group Unveils Efficient Linux VariantThis blog discusses how Gunra ransomware’s new Linux variant accelerates and customizes encryption, expanding the group’s reach with advanced cross-platform tactics.TRENDMICRO.COM
29 JulFrom Ex Machina to Exfiltration: When AI Gets Too CuriousFrom prompt injection to emergent behavior, today’s curious AI models are quietly breaching trust boundaries. The post From Ex Machina to Exfiltration: When AI Gets Too Curious appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulAeroflot HackedLooks serious .SCHNEIER.COM
29 JulGLOBAL GROUP Ransomware Claims Breach of Media Giant Albavisiónsubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/global-group-ransomware-media-giant-albavision-breach/SH.ITJUST.WORKS
29 JulPro-Ukrainian hackers claim massive cyberattack on Russia's Aeroflot | Reuterssubmitted by kid to cybersecurity 1 points | 0 comments https://www.reuters.com/en/pro-ukrainian-hackers-claim-massive-cyberattack-russias-aeroflot-2025-07-28/SH.ITJUST.WORKS
29 JulFBI seizes $2.4M in Bitcoin from new Chaos ransomware operationFBI Dallas has seized almost 23 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies. [...]BLEEPINGCOMPUTER.COM
29 JulUnveiling the Lumma Password Stealer Attack: Infection Chain and Escalation Tactics ExposedLumma, a sophisticated C++-based information stealer, has surged in prevalence over recent years, posing significant risks to both individuals and organizations by exfiltrating sensitive data such as browser credentials, cryptocurrency wallets, and personal files. Developed since…GBHACKERS.COM
29 JulFrench telecommunications giant Orange discloses cyberattackOrange, a French telecommunications company and one of the world's largest telecom operators, revealed that it detected a breached system on its network on Friday. [...]BLEEPINGCOMPUTER.COM
29 JulStill Using Passwords? You’re Not Alone...Millions of users still rely on passwords in 2025... but is that a mistake? In this short clip, cybersecurity leader Jeff Shiner breaks down why the journey to passwordless isn't as simple as flipping a switch. From BYOD threats to human error, the risks are real — and widespread…YOUTUBE.COM
29 JulTelecom giant Orange warns of disruption amid ongoing cyberattackThe telecom giant, one of the largest in the world with customers in Europe and Africa, said customers are experiencing ongoing disruption to its services due to an unspecified hack.TECHCRUNCH.COM
29 JulUnveiling 0bj3ctivityStealer’s Execution Chain: New Capabilities and Exfiltration Techniques ExposedIn the ever-evolving infostealer landscape, 0bj3ctivityStealer emerges as a formidable threat, blending advanced obfuscation with targeted data exfiltration. Discovered earlier this year by HP Wolf Security researchers, this .NET-based malware has been observed in proactive threa…GBHACKERS.COM
29 JulTea app’s second data breach exposed over a million private messagesDating safety app Tea experienced a second data breach in as many weeks, exposing over a million sensitive messages between users.TECHCRUNCH.COM
29 JulRussian airline Aeroflot grounds dozens of flights after cyberattackAeroflot, Russia's flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights. [...]BLEEPINGCOMPUTER.COM
29 JulMinnesota activates National Guard after St. Paul cyberattackMinnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state's capital, on Friday. [...]BLEEPINGCOMPUTER.COM
29 JulHave You Learned from Someone Else’s Cyber Disaster?Every cybersecurity pro knows failure is part of the game—but few talk about it. In this short, Adrian breaks down why hiding breaches only holds the industry back. Real lessons come from real incidents—and those willing to learn from others' disasters stay one step ahead. →Subsc…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 35[−]
29 JulCreating Realistic Deepfakes Is Getting Easier Than Ever. Fighting Back May Take Even More AIDeepfakes are causing security problems for governments, businesses and individuals and making trust the most valuable currency of the digital age. The post Creating Realistic Deepfakes Is Getting Easier Than Ever. Fighting Back May Take Even More AI appeared first on SecurityWee…SECURITYWEEK.COM
29 JulISC Stormcast For Tuesday, July 29th, 2025 https://isc.sans.edu/podcastdetail/9546, (Tue, Jul 29th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
29 JulSecurity pros are drowning in threat-intel data and it's making everything more dangeroussubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/07/28/security_pros_drowning_in_threatintel/INFOSEC.PUB
29 JulAanchal Gupta Joins Adobe as Chief Security OfficerAanchal Gupta has been named CSO at Adobe after holding cybersecurity leadership roles at Microsoft for more than five years. The post Aanchal Gupta Joins Adobe as Chief Security Officer appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulThreat Actors Use Phishing to Target Belgian Grand Prix Fans and TeamsCybersecurity experts have pointed to an increase in sophisticated threat actor activity following the July 27 2025 Belgian Grand Prix at Spa-Francorchamps, which takes advantage of the event’s worldwide attraction. Formula 1’s reliance on advanced telemetry systems, …GBHACKERS.COM
29 JulFable Security Raises $31 Million for Human Risk Management PlatformFable Security has emerged from stealth mode with a solution designed to detect risky behaviors and educate employees. The post Fable Security Raises $31 Million for Human Risk Management Platform appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulErmittler stoppen Erpresser-Software von Blacksuit/RoyalDie Angreifer verschlüsseln Daten nicht nur, sondern stehlen diese vorher. AIBooth – shutterstock.com Fast 200 Opfer und ein Millionenschaden: Internationalen Ermittlern ist ein Schlag gegen weltweit agierende cyberkriminelle Erpresser gelungen. Die technische Infrastruktur der G…CSOONLINE.COM
29 JulNach Flugausfällen sprechen Hacker und Kreml von AngriffIm Kreml spricht man von alarmierenden Nachrichten. FOTOGRIN – shutterstock.com In Moskau sind nach einem mutmaßlichen Angriff proukrainischer Hackergruppen Dutzende Flüge ausgefallen. Die staatliche russische Fluggesellschaft Aeroflot sprach zunächst von etwa 60 gestrichenen Flü…CSOONLINE.COM
29 JulLinux 6.16 Released with Performance and Networking EnhancementsLinux creator Linus Torvalds announced the release of Linux kernel version 6.16 on July 27, 2025, marking the end of what he described as a “nice and calm” development cycle. The latest stable release brings numerous performance improvements, networking enhancements, …GBHACKERS.COM
29 JulHow Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341A successful strategy in appsec is to build platforms with defaults and designs that ease the burden of security choices for developers. But there's an important difference between expecting (or requiring!) developers to use a platform and building a platform that developers embr…YOUTUBE.COM
29 JulDropzone AI Raises $37 Million for Autonomous SOC AnalystDropzone AI has announced a Series B funding round led by Theory Ventures to boost its AI SOC solution. The post Dropzone AI Raises $37 Million for Autonomous SOC Analyst appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulBoost Your Browsing Security: Integrate SecurityCoach with Microsoft Edge for BusinessManaging the security gap between your technical defenses and user behavior just got easier!KNOWBE4.COM
29 JulApple Introduces Containerization Feature for Seamless Kali Linux Integration on macOSApple has unveiled a groundbreaking containerization feature that enables seamless integration of Kali Linux on macOS systems, marking a significant advancement in cross-platform development capabilities. Announced during WWDC 2025, this innovative technology brings Linux contain…GBHACKERS.COM
29 JulMicrosoft Teams Introduces New Join Bar to Help Users Join Meetings on TimeMicrosoft Teams is rolling out a new meeting join banner designed to streamline the meeting experience for users who have committed to attending scheduled sessions. The feature, which launched in mid-July 2025, represents the company’s continued effort to enhance productivi…GBHACKERS.COM
29 JulNaval Group Denies Hack Claims, Alleges “Reputational Attack” - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/naval-group-denies-hack/SH.ITJUST.WORKS
29 JulOrder out of Chaos – Using Chaos Theory Encryption to Protect OT and IoTThe need for secure encryption in IoT and IIoT devices is obvious, and potentially critical for OT and, by extension, much of the critical infrastructure. The post Order out of Chaos – Using Chaos Theory Encryption to Protect OT and IoT appeared first on SecurityWeek .SECURITYWEEK.COM
29 JulA Secure Vision for Our AI-Driven FutureThe AI Action Plan validates the enormous potential of AI – it must be developed and deployed securely, laying out tactical steps for a secure AI future. The post A Secure Vision for Our AI-Driven Future appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
29 JulCritical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/flaws-wordpress-plugin-expose/SH.ITJUST.WORKS
29 JulResecurity | Methods to Bypass OTP in Mobile Apps: Successful VAPT Scenariossubmitted by kid to cybersecurity 1 points | 0 comments https://www.resecurity.com/blog/article/methods-to-bypass-otp-in-mobile-apps-successful-vapt-scenariosSH.ITJUST.WORKS
29 JulCybersecurity Scams Targeting Fans and Teams at the 2025 Belgian Grand Prix | CloudSEKsubmitted by kid to cybersecurity 1 points | 0 comments https://www.cloudsek.com/blog/cybersecurity-scams-targeting-fans-and-teams-at-the-2025-belgian-grand-prixSH.ITJUST.WORKS
29 JulPromptfoo Raises $18.4 Million for AI Security PlatformPromptfoo has raised $18.4 million in Series A funding to help organizations secure LLMs and generative AI applications. The post Promptfoo Raises $18.4 Million for AI Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
29 Jul2025 INTERNET2 COMMUNITY Exchange Program - CommEX25submitted by ashar to security_cpe 2 points | 0 comments CommEX25 Schedule CommEX25 Playlist CommEX25 Presentation materialINFOSEC.PUB
29 JulSquareX Discloses Architectural Limitations Of Browser DevTools In Debugging Malicious ExtensionsPalo Alto, California, July 29th, 2025, CyberNewsWire Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security indicator. The recent Geco C…GBHACKERS.COM
29 JulLazarus Subgroup ‘TraderTraitor’ Targets Cloud Platforms and Contaminates Supply ChainsThe North Korean state-sponsored advanced persistent threat (APT) known as TraderTraitor, a subgroup of the notorious Lazarus Group, has emerged as a formidable actor specializing in digital asset heists. Tracked under aliases such as UNC4899, Jade Sleet, TA444, and Slow Pisces b…GBHACKERS.COM
29 JulAutomate THIS or Risk Burnout in Cybersecurity 🔥Cybersecurity isn’t just about firewalls and alerts — it’s about systems that don’t break you. In this short, Martin Tschammer drops a truth bomb for every cyber pro: if you're not automating the right parts of your workflow early, you're heading straight for burnout. Lone wolf t…YOUTUBE.COM
29 JulNew XWorm V6 Variant with Anti-Analysis Features Targeting Windows Users in Active AttacksNetskope Threat Labs has uncovered a new iteration of the XWorm malware, version 6.0, which demonstrates ongoing development by threat actors and introduces sophisticated enhancements aimed at evading detection and maintaining persistence on Windows systems. This variant builds u…GBHACKERS.COM
29 JulToxicPanda Android Banking Malware Compromises Over 4,500 Devices to Harvest Banking CredentialsThe ToxicPanda Android banking trojan has emerged as a significant threat, compromising over 4,500 devices primarily in Portugal and Spain as of early 2025, with a focus on stealing banking credentials, overlaying PIN and pattern codes, and enabling unauthorized transactions. Ini…GBHACKERS.COM
29 JulSealed Chain of Deception: Actors leveraging Node.JS to Launch JSCealsubmitted by Pro to cybersecurity 1 points | 0 comments https://research.checkpoint.com/2025/jsceal-targets-crypto-apps/INFOSEC.PUB
29 JulNews Alert: SquareX exposes DevTools blind spot allowing widespread browser extension attacksPalo Alto, Calif., July 29, 2025, CyberNewswire — Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security indicator. The … (more…) T…LASTWATCHDOG.COM
29 JulWhy Your Secrets Should NEVER Leave Your Infra!Many enterprises still choose to self-host their secrets management solutions—and for good reason. In this short, cybersecurity expert Vlad breaks down why keeping sensitive data inside your infrastructure is still the gold standard. From geopolitical concerns to tighter security…YOUTUBE.COM
29 JulSLAs, SaaS, and Scary Surprises… Here’s the Truth🔍 Ever wondered who’s really responsible when cloud chaos hits? In this eye-opening short, Sheena Thomas breaks down the hidden truths about cloud service models—SaaS, IaaS, PaaS—and why understanding your provider's limits is crucial. SLAs, data recovery, and legal traps… it’s n…YOUTUBE.COM
29 JulApple’s New Containerization Feature Allows Kali Linux Integration on macOSsubmitted by cm0002 to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/apples-containerization-feature-macos/INFOSEC.PUB
29 JulAir-Gap Hack to Outsmart Red Team? 😮 #cybersecurityDuring a high-stakes cybersecurity drill, Doug White made a controversial yet genius move—he unplugged the network cable mid-attack to air-gap the system and dodge a red team takedown. While others scrambled to fight scripts with scripts, Doug watched as the attacker hit F1 throu…YOUTUBE.COM
29 JulThis Is How Cybersecurity Coaches Are Really Made 🔐When a university unexpectedly called Doug White, a seasoned cybersecurity expert, he didn’t hesitate. Over a decade after competing in CCDC himself, he stepped up to rebuild and lead a student team from scratch. From retesting students to reconnecting with NECCDC, Doug shows wha…YOUTUBE.COM
29 JulPopup Porn, LoveSense, Tea, Fire Ant, Scatterede Spider, AI Pricing, Josh Marpet... - SWN #498Popup Porn, LoveSense, Tea, Fire Ant, Scatterede Spider, AI Pricing, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-498YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
29 JulCybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile NetworksCybersecurity researchers have discovered a new, large-scale mobile malware campaign that's targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data. The cross-platform threat has been codenamed …THEHACKERNEWS.COM
29 JulThe AI Fix #61: Replit panics, deletes $1M project; AI gets gold at Math OlympiadIn episode 61 of The AI Fix, a robot called DeREK goes bananas, OpenAI, Google DeepMind, and Anthropic warn we may lose the ability to see what AI is thinking, a dextrous robot changes its own batteries, the USA unveils its AI action plan, and a human beats AI to win the World Co…GRAHAMCLULEY.COM
29 JulGoogle won’t say if UK secretly demanded a backdoor for user dataGoogle said it has "never built a backdoor" for its services, but would not explicitly say if the company had received a secret U.K. surveillance order demanding access.TECHCRUNCH.COM
🎙️ PODCASTS 1[−]
29 JulCyber Circle: Awareness Training neu gedachtCybersicherheit hat sich zu einer der wichtigsten Prioritäten für Unternehmen und Regierungen entwickelt, und die digitale Transformation verstärkt den Bedarf an umfassender Sicherheits-Power. Der welterste „True Crime Cyber Video Prevention Podcast“ Um diesem Bedarf gerecht zu w…CSOONLINE.COM
📡 INFOSEC NEWS 8[−]
29 JulSex toy maker Lovense caught leaking users’ email addresses and exposing accounts to takeoversA security researcher went public after the sex toy maker asked for more than a year to fix the vulnerabilities, which leak users' private email addresses and allow for accounts to be hijacked.TECHCRUNCH.COM
29 JulWhat to do if you get a phishing email | Kaspersky official blogHow to detect phishing emails, and what to do with them.KASPERSKY.COM
29 JulHow attackers are still phishing "phishing-resistant" authenticationThink passkeys make you phishing-proof? Think again. Attackers are using downgrade attacks, device-code phishing, and OAuth tricks to sneak past modern MFA. See how Push Security shuts them down. [...]BLEEPINGCOMPUTER.COM
29 Jul200,000 WordPress websites at risk of being hijacked due to vulnerable Post SMTP pluginOver 200,000 websites running a vulnerable version of a popular WordPress plugin could be at risk of being hijacked by hackers. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
29 JulMicrosoft Edge now an 'AI-powered browser' with Copilot ModeMicrosoft has introduced Copilot Mode, an experimental feature designed to transform Microsoft Edge into a web browser powered by artificial intelligence (AI). [...]BLEEPINGCOMPUTER.COM
29 JulPyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike DomainThe maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "[PyPI] Email verific…THEHACKERNEWS.COM
29 JulGOLD BLADE Remote DLL Sideloading Attack Deploys RedLoaderAttacks surged in July 2025 after the threat group updated its process to combine malicious LNK files and a recycled WebDAV techniqueSOPHOS.COM
29 JulHow Microsoft defends against indirect prompt injection attacksSummary The growing adoption of large language models (LLMs) in enterprise workflows has introduced a new class of adversarial techniques: indirect prompt injection. Indirect prompt injection can be used against systems that leverage large language models (LLMs) to process untrus…MSRC.MICROSOFT.COM