🚨 CISA KEV 2[−]
30 Jul KEVCISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitationsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/07/cisa-adds-papercut-ngmf-csrf.htmlINFOSEC.PUB
30 Jul KEV32% of exploited vulnerabilities are now zero-days or 1-daysPatching windows for organizations keep shortening, as threat actors exploit important vulnerabilities increasingly faster. According to recent report from VulnCheck , a third of flaws leveraged by attackers this year have been zero-days or 1-days. With so little advance warning,…CSOONLINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
30 JulApple Patches Safari Vulnerability Flagged as Exploited Against ChromeTracked as CVE-2025-6558, the flaw was found in Chrome’s ANGLE and GPU components and was flagged as exploited by Google TAG. The post Apple Patches Safari Vulnerability Flagged as Exploited Against Chrome appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulBeyondTrust Privilege Management Flaw Lets Hackers Escalate System AccessBeyondTrust has disclosed a critical privilege escalation vulnerability in its Privilege Management for Windows solution that could allow local authenticated attackers to gain administrator-level access to compromised systems. The security flaw, tracked as CVE-2025-2297, affects …GBHACKERS.COM
30 JulApple Patches Safari Vulnerability Also Exploited as Zero-Day in Google ChromeApple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorr…THEHACKERNEWS.COM
30 JulWordPress Theme Security Vulnerability Enables to Execute Arbitrary Code RemotelyA critical security vulnerability has been discovered in the popular “Alone” WordPress theme that allows unauthenticated attackers to execute arbitrary code remotely and potentially take complete control of affected websites. The vulnerability, tracked as CVE-2025-539…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 28[−]
30 JulEnterprise LLMs Vulnerable to Prompt-Based Attacks Leading to Data BreachesSecurity researchers have discovered alarming vulnerabilities in enterprise Large Language Model (LLM) applications that could allow attackers to bypass authentication systems and access sensitive corporate data through sophisticated prompt injection techniques. The findings reve…GBHACKERS.COM
30 JulHow CISOs can scale down without compromising securityYears ago, David Mahdi, now a CISO advisor at Transmit Security, found himself in a situation no security leader wants to face: abrupt, mid-year budget cuts, with no option to delay. “It was an uncontrollable convergence of internal issues, legacy tech debt, market pressure, and …CSOONLINE.COM
30 JulPrepping for the quantum threat requires a phased approach to crypto agilityEnterprises need to act now to address the threats future quantum computing advances pose to current encryption standards. But the transition to post-quantum cryptography can only be achieved by a phased migration rather than a forklift upgrade, advise financial services execs at…CSOONLINE.COM
30 JulFree Decryptor Released for AI-Powered FunkSec RansomwareResearchers at Avast have unveiled a free decryptor tool for victims of the FunkSec ransomware, marking a significant step in combating this now-defunct malware strain. Developed in collaboration with law-enforcement agencies, the decryptor enables affected users to recover encry…GBHACKERS.COM
30 JulHackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color MalwareThreat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025. "Over the course of three days, a threat actor gained access to the customer's network, at…THEHACKERNEWS.COM
30 JulHackers Target SAP NetWeaver to Deploy New Auto-Color Linux MalwareCybersecurity researchers at Darktrace have uncovered a sophisticated attack targeting a US-based chemicals company, marking the first observed instance of threat actors exploiting SAP NetWeaver vulnerabilities to deploy Auto-Color backdoor malware. The incident, which occurred o…GBHACKERS.COM
30 JulSevere Vulnerability in AI Vibe Lets Attackers Access Private User ApplicationsA critical security vulnerability in the popular AI-powered development platform Base44 allowed unauthorized attackers to bypass authentication controls and gain access to private enterprise applications, according to a new report from Wiz Research. The flaw, which has since been…GBHACKERS.COM
30 JulTonic Security Launches With $7 Million in Seed FundingTonic Security has emerged from stealth mode to tackle the complexity of exposure and vulnerability management. The post Tonic Security Launches With $7 Million in Seed Funding appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulMeasuring the Attack/Defense Balance“Who’s winning on the internet, the attackers or the defenders?” I’m asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain’s latest Lawfare piece has amassed data . The essay provides the f…SCHNEIER.COM
30 JulFlaw in Vibe Coding Platform Base44 Exposed Private Enterprise ApplicationsBase44 owner Wix quickly patched a critical authentication bypass vulnerability discovered by researchers at Wiz. The post Flaw in Vibe Coding Platform Base44 Exposed Private Enterprise Applications appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulCritical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload ExploitsCybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. "The flaws, affecting the device's ONVIF protocol and file upload handler…THEHACKERNEWS.COM
30 JulMicrosoft SharePoint Server 0-Day Exploit Targets African Treasury, Companies, and UniversityA sophisticated zero-day exploit campaign targeting unpatched vulnerabilities in Microsoft SharePoint Server has compromised approximately 400 organizations worldwide, with potential for a far higher victim count due to underreporting and delayed detections. The attacks, first id…GBHACKERS.COM
30 JulApple Patches Multiple Vulnerabilities, Including Safari Vulnerability Abused in Chrome 0-Day AttacksApple has released a comprehensive set of security updates across its entire product ecosystem on July 29, 2025, addressing multiple vulnerabilities including a critical Safari flaw that was reportedly exploited in Chrome zero-day attacks. The updates span iOS, iPadOS, macOS, wat…GBHACKERS.COM
30 JulLLM Honeypots Can Deceive Threat Actors into Exposing Binaries and Known ExploitsLarge language model (LLM)-powered honeypots are becoming increasingly complex instruments for luring and examining threat actors in the rapidly changing field of cybersecurity. A recent deployment using Beelzebub, a low-code honeypot framework, demonstrated how such systems can …GBHACKERS.COM
30 JulGame changer: How AI simplifies implementation of Zero Trust security objectivesAs enterprises increasingly move workloads to private cloud for reasons such as performance and compliance and to leverage AI on-premises, security leaders face a critical challenge: implementing Zero Trust architecture at scale. While Zero Trust has become the gold standard for …CSOONLINE.COM
30 JulMinnesota activates National Guard as cyberattack on Saint Paul disrupts public servicesGov. Tim Walz activated the state military's cyber forces to help ensure public services continue to run as the city of Saint Paul battles an ongoing cyberattack.TECHCRUNCH.COM
30 JulApple patches security flaw exploited in Chrome zero-day attacksApple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. [...]BLEEPINGCOMPUTER.COM
30 JulQilin Ransomware Uses TPwSav.sys Driver to Bypass EDR Security MeasuresCybercriminals affiliated with the Qilin ransomware-as-a-service (RaaS) operation have demonstrated advanced evasion techniques by exploiting a previously undocumented vulnerable driver, TPwSav.sys, to disable Endpoint Detection and Response (EDR) systems through a bring-your-own…GBHACKERS.COM
30 JulEviction Strategies Tool ReleasedToday, CISA released the Eviction Strategies Tool to provide cyber defenders with critical support and assistance during the containment and eviction phases of incident response. This tool includes: Cyber Eviction Strategies Playbook Next Generation (Playbook-NG) : A web-based ap…CISA.GOV
30 JulWhen Vulnerabilities Linger Too Long... 💣When vulnerabilities sit too long in a system, they don’t just create risk — they invite disaster. In this short, cybersecurity expert Matthew Toussain exposes why so many organizations fail at vulnerability management and how small delays can lead to massive breaches. From hidde…YOUTUBE.COM
30 JulHackers actively exploit critical RCE in WordPress Alone themeThreat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover. [...]BLEEPINGCOMPUTER.COM
30 JulLaw Enforcement vs Hackers: The Culture Clash!In this clip, cybersecurity expert Doug White breaks down the fascinating cultural divide between law enforcement, military, and hacker communities inside the cyber world. While they all speak the same language of code and scripts, their mindsets and vibes couldn't be more differ…YOUTUBE.COM
30 JulShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMHA wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. [...]BLEEPINGCOMPUTER.COM
30 JulThis ASUS Feature Lets Hackers Take Over Your PC 🔥ASUS users beware! 🛑 In this shocking clip, cybersecurity expert Doug White reveals a high severity vulnerability hidden in the popular ASUS Armory Crate software. This flaw allows attackers to escalate privileges to system level using ASIO3.SYS. If you're running Windows with AS…YOUTUBE.COM
30 JulSecuring Firebase: Lessons Re-Learned from the Tea Breach, (Wed, Jul 30th)Today we are trying something a bit different (again). Brandon Evans, senior instructor with SANS, contributed the video below, talking a bit about the breach of the Tea App, and how to prevent and detect this vulnerability.
ISC.SANS.EDU
30 JulMultiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. D…CISECURITY.ORG
30 JulA Vulnerability in Google Chrome Could Allow for Arbitrary Code ExecutionA Vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Successful exploitation of the the vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the use…CISECURITY.ORG
📋 SECURITY BULLETINS 2[−]
30 JulChrome Vulnerabilities Allow Attackers to Hijack Memory and Run Malicious CodeGoogle has released an emergency security update for its Chrome browser to address critical vulnerabilities that could allow attackers to hijack system memory and execute malicious code on affected devices. The Stable channel has been updated to version 138.0.7204.183/.184 for Wi…GBHACKERS.COM
30 JulNew Lenovo UEFI firmware updates fix Secure Boot bypass flawsLenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmware Interface). [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 13[−]
30 JulMCP‑Sicherheit: Das Rückgrat von Agentic AI sichernIm Zuge von Agentic AI sollten sich CISOs mit MCP-Sicherheit auseinandersetzen. Wanan Wanan – shutterstock.com Das Model Context Protocol (MCP) wurde erst Ende 2024 vorgestellt, dennoch sind die technologischen Folgen in vielen Architekturen bereits deutlich spürbar. Damit Entwic…CSOONLINE.COM
30 JulCISA and FBI Release Tactics, Techniques, and Procedures of the Scattered Spider Hacker GroupThe joint Cybersecurity Advisory AA23-320A, collaboratively issued by agencies such as the FBI, CISA, RCMP, ASD’s ACSC, AFP, CCCS, and NCSC-UK, serves as a critical update on the Scattered Spider cybercriminal group. Originally published in November 2023 and revised multipl…GBHACKERS.COM
30 JulDobrindt prüft Einsatz von US-Software PalantirKann sich den Einsatz von Palantir vorstellen: Bundesinnenminister Dobrindt hotocosmos1 – shutterstock.com Bundesinnenminister Alexander Dobrindt (CSU) prüft den bundesweiten Einsatz der umstrittenen Analyse-Software des US-Unternehmens Palantir. Eine Sprecherin des Ministeriums …CSOONLINE.COM
30 JulPalo Alto kauft CyberArkDer israelische Identity-Management-Anbieter CyberArk wird Teil von Palo Alto Networks. ShU studio | shutterstock.com Mit der Übernahme des Identity-Management-Spezialisten CyberArk für rund 25 Milliarden Dollar geht Palo Alto Networks möglicherweise das größte Risiko seiner Gesc…CSOONLINE.COM
30 JulControls ≠ Context: Stop Copy-Pasting Cyber Rules!When cybersecurity teams blindly follow control frameworks without adapting them to real business environments, it creates friction, not protection. In this clip, Martin Tschammer breaks down why context is everything—and why security isn’t one-size-fits-all. This mindset shift c…YOUTUBE.COM
30 JulSenate Committee Advances Trump Nominee to Lead CISACommittee Members voted to recommend Sean Plankey for director of the Cybersecurity and Infrastructure Security Agency. The post Senate Committee Advances Trump Nominee to Lead CISA appeared first on SecurityWeek .SECURITYWEEK.COM
🔥 INCIDENT REPORTING 19[−]
30 JulTea App Takes Messaging System Offline After Second Security Issue ReportedTea has said about 72,000 images were leaked online in the initial incident, and another 59,000 images publicly viewable in the app from posts, comments and direct messages were also accessed. The post Tea App Takes Messaging System Offline After Second Security Issue Reported ap…SECURITYWEEK.COM
30 JulOrange Hit by Cyberattack, Internal Systems HackedFrench telecommunications giant Orange confirmed it suffered a significant cyberattack on Friday, July 25th, targeting one of its critical information systems. The incident has disrupted services for business customers and some consumer services, primarily affecting operations in…GBHACKERS.COM
30 JulCybersecurity Today: Major Data Leaks, Airline Disruptions, Malware in Games, and AI Bypasses CaptchasIn this episode of 'Cybersecurity Today,' host Jim Love covers several significant cybersecurity incidents. Hackers disrupt all Aeroflot flights, causing massive delays in Russia. The women-only dating app 'Tea' faces a second serious data leak, exposing 1.1 million private messa…CYBERSECURITYTODAY.LIBSYN.COM
30 JulNew Gunra Ransomware Linux Variant Launches 100 Encryption Threads with Partial Encryption FeatureThe new Gunra group has expanded its attack surface beyond Windows PCs by releasing a Linux version of their virus, which was initially discovered in April 2025. This is a major uptick in the ransomware ecosystem. This development underscores the group’s strategic pivot tow…GBHACKERS.COM
30 JulMinnesota Activates National Guard in Response to CyberattackMinnesota Governor Tim Walz called in the National Guard to assist the City of Saint Paul in responding to a cyberattack. The post Minnesota Activates National Guard in Response to Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulCost of Data Breach in US Rises to $10.22 Million, Says Latest IBM ReportThe global average cost of a breach fell to $4.44 million (the first decline in five years), but the average US cost rose to a record $10.22 million. The post Cost of Data Breach in US Rises to $10.22 Million, Says Latest IBM Report appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulPalo Alto Networks eyes $20B CyberArk deal as identity security takes center stagePalo Alto Networks is closing in on what could be its biggest bet yet: a more than $20 billion acquisition of Israeli identity security company CyberArk, according to a Wall Street Journal report that sent shockwaves through the cybersecurity world. If the deal goes through — and…CSOONLINE.COM
30 JulRansomware upstart Gunra goes cross-platform with encryption upgradesA new Linux variant of the “Gunra” ransomware family has been identified with highly configurable multithreading, allowing attackers to run up to 100 parallel encryptions. A Trend Micro research underlined that the emerging threat group, which has already claimed 14 victims spann…CSOONLINE.COM
30 JulTelecom Giant Orange Hit by CyberattackOrange was targeted by hackers in an attack that resulted in the disruption of services offered to corporate and individual customers. The post Telecom Giant Orange Hit by Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulAPT Hackers Target Maritime and Shipping Industry for Ransomware AttacksThe maritime sector, which facilitates approximately 90% of international trade, is facing an unprecedented surge in sophisticated cyberattacks from advanced persistent threat (APT) groups, ransomware operators, and hacktivists, driven by escalating geopolitical conflicts. Accord…GBHACKERS.COM
30 JulErneuter Hackerangriff bei Orangewidth="2470" height="1389" sizes="(max-width: 2470px) 100vw, 2470px"> Nachdem bereits im Februar die rumänische Niederlassung gehackt wurde, geriet Orange nun erneut unter Beschuss. Arsenie Krasnevsky – shutterstock.com Der französische Telekommunikationsanbieter Orange hat am 25…CSOONLINE.COM
30 JulPalo Alto Networks to buy CyberArk for $25B as identity security takes center stagePalo Alto Networks is making what could be its biggest bet yet by agreeing to buy Israeli identity security company CyberArk for around $25 billion. The companies announced they had reached an agreement on Wednesday. The deal will mark a seismic shift for an industry that’s been …CSOONLINE.COM
30 JulHackers Deploy Cobalt Strike Beacon Using GitHub and Social MediaA sophisticated cyberattack campaign disrupted the Russian IT industry and entities in several other countries, leveraging advanced evasion techniques to deploy the notorious Cobalt Strike Beacon. Attackers ingeniously concealed payload information within user profiles on platfor…GBHACKERS.COM
30 JulFunkSec Ransomware Decryptor Released Free to Public After Group Goes DormantCybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free. "Because the ransomware is now considered dead, we released the decryptor for public download," Gen Digital researcher Ladislav Zezu…THEHACKERNEWS.COM
30 JulSafepay ransomware threatens to leak 3.5TB of Ingram Micro dataThe SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company's compromised systems earlier this month. [...]BLEEPINGCOMPUTER.COM
30 JulHackers stole Social Security numbers during Allianz Life cyberattackThe U.S. insurance giant tells state regulators that Social Security numbers were among the personal information stolen in its mid-July cyberattack.TECHCRUNCH.COM
30 JulCloudflare Just Witnessed a DDoS MONSTER 🧠When Cloudflare detected a 7.3 terabits per second DDoS attack in May 2025, cybersecurity pros around the world were left speechless. This wasn’t just any attack—it delivered 37.4 terabytes in just 45 seconds. That’s more data than most people download in a year... in under a min…YOUTUBE.COM
30 JulCrypto Wallets Are Being Hacked by Your Own Screenshots 💀A shocking new malware called Spark Kitty is using optical character recognition (OCR) to steal cryptocurrency from wallet screenshots. Yes, even images on your phone aren’t safe anymore. Discovered by Kaspersky, this threat has already been spotted in apps on Google Play and the…YOUTUBE.COM
30 JulRisky Business #800 — The SharePoint bug may have leaked from Microsoft MAPPOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: Did the SharePoint bug leak out of the Microsoft MAPP program? Expel retracts its FIDO bypass writeup The mess surrounding the women-only dating-safety app Tea gets worse Broadcom customers s…RISKY.BIZ
🕵️ THREAT INTELLIGENCE 30[−]
30 JulISC Stormcast For Wednesday, July 30th, 2025 https://isc.sans.edu/podcastdetail/9548, (Wed, Jul 30th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
30 JulNew Microsoft Guidance Targets Defense Against Indirect Prompt InjectionMicrosoft has unveiled new guidance addressing one of the most pressing security challenges facing enterprise AI deployments: indirect prompt injection attacks. This emerging threat vector has become the top entry in the OWASP Top 10 for LLM Applications & Generative AI 2025,…GBHACKERS.COM
30 JulAxonius Acquires Medical Device Security Firm Cynerio in $100 Million DealAxonius has acquired Cynerio for $100 million in cash and stock to accelerate its expansion into the healthcare market. The post Axonius Acquires Medical Device Security Firm Cynerio in $100 Million Deal appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulChatGPT Agent Defeats Cloudflare’s ‘I Am Not a Robot’ Security CheckIn a significant development that highlights both the advancing capabilities of AI and potential vulnerabilities in web security systems, a ChatGPT-powered agent has successfully bypassed Cloudflare’s widely-used “I am not a robot” verification system. The break…GBHACKERS.COM
30 JulAligning Security Objectives, Ditch the Ego, Lead for Real and Succeed - BSW #406In the leadership and communications section, The CISO code of conduct: Ditch the ego, lead for real, The books shaping today’s cybersecurity leaders, How to Succeed in Your Career When Change Is a Constant, and more! Visit https://www.securityweekly.com/bsw for all the latest ep…YOUTUBE.COM
30 JulGoogle Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project ZeroGoogle has announced that it's making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication …THEHACKERNEWS.COM
30 JulSocial Engineering on the Rise — New Unit 42 ReportHow cybercriminals and nation-state actors are leveraging sophisticated social engineering techniques to attack global organizations at scale. The post Social Engineering on the Rise — New Unit 42 Report appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
30 JulNew JSCEAL Attack Aims to Steal Credentials and Wallets from Crypto App UsersCheck Point Research (CPR) has identified a sophisticated malware campaign dubbed JSCEAL, which targets users of cryptocurrency trading applications through malicious advertisements and compiled JavaScript payloads. Active since at least March 2024, the operation has evolved to i…GBHACKERS.COM
30 JulCobalt Strike Beacon delivered via GitHub and social mediasubmitted by Pro to cybersecurity 1 points | 0 comments https://securelist.com/cobalt-strike-attacks-using-quora-github-social-media/117085/INFOSEC.PUB
30 JulChinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage ToolsChinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities. The patents cover forensics …THEHACKERNEWS.COM
30 JulCyata Emerges From Stealth With $8.5 Million in FundingThe Israeli startup helps organizations identify, monitor, and control AI agents across their environments. The post Cyata Emerges From Stealth With $8.5 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulDropbox Passwords Service Ending: Export Your Vault Before Oct 28, 2025Dropbox has announced the discontinuation of its Passwords service, giving users until October 28, 2025, to export their stored credentials before the feature is permanently shut down. The cloud storage company is phasing out the password management tool as part of its strategic …GBHACKERS.COM
30 JulLazarus Group Enhances Malware with New OtterCookie Payload Delivery TechniqueThe Contagious Interview campaign conducted by the Lazarus Group continues to expand its capabilities. We have observed an exponential evolution in the delivery mechanisms for the campaign’s main payloads: BeaverTail, InvisibleFerret, and OtterCookie. In this article, we wi…GBHACKERS.COM
30 JulScattered Spider Activity Drops Following Arrests, but Others Adopting Group’s TacticsMultiple financially motivated threat actors are targeting backup systems and employing Scattered Spider’s social engineering techniques. The post Scattered Spider Activity Drops Following Arrests, but Others Adopting Group’s Tactics appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulPalo Alto Networks to Acquire CyberArk for $25 BillionStrategic acquisitions marks Palo Alto Networks' formal entry into Identity Security space and accelerates its platform strategy. The post Palo Alto Networks to Acquire CyberArk for $25 Billion appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulLegion Emerges From Stealth With $38 Million in FundingLegion has raised $38 million in seed and Series A funding for its browser-native AI Security Operations Center (SOC) platform. The post Legion Emerges From Stealth With $38 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulResearchers Reveal North Korean Threat Actors’ Tactics for Uncovering Illicit AccessCybersecurity researchers from Flashpoint have exposed the intricate tactics employed by North Korean threat actors to infiltrate global organizations through remote work vulnerabilities. These operatives, affiliated with the Democratic People’s Republic of Korea (DPRK), ma…GBHACKERS.COM
30 JulProgress Bar: Hacking 100% 🔓They started losing. Then came the montage. Red alerts flashing, keyboards clacking, code flying like punches in a boxing ring. One moment it’s chaos — the next, everything turns green. This short takes viewers inside the mindset of cybersecurity pros battling it out in a competi…YOUTUBE.COM
30 JulBlinkOps Raises $50 Million for Agentic Security Automation PlatformBlinkOps has announced a Series B funding round that brings the total raised by the company for its micro-agents builder to $90 million. The post BlinkOps Raises $50 Million for Agentic Security Automation Platform appeared first on SecurityWeek .SECURITYWEEK.COM
30 JulNew Spear Phishing Attack Distributes VIP Keylogger Through Email AttachmentThreat actors have revived the sophisticated VIP keylogger malware, previously detailed in an earlier white paper for its use of spear-phishing and steganography to infiltrate systems and steal data from web browsers and user credentials. This iteration introduces an AutoIt-based…GBHACKERS.COM
30 JulPalo Alto to scoop up CyberArk for $25 billion to tackle AI-era threatssubmitted by cm0002 to cybersecurity 2 points | 0 comments https://finance.yahoo.com/news/palo-alto-scoop-cyberark-25-122523449.htmlINFOSEC.PUB
30 JulThreat Actors Use LNK Files to Deploy RedLoader Malware on Windows SystemsSophos analysts have identified a novel infection chain employed by the financially motivated cybercriminal group GOLD BLADE, also known as RedCurl, Red Wolf, and Earth Kapre, to deploy their custom RedLoader malware on Windows systems. This group, active since 2018 and specializ…GBHACKERS.COM
30 JulIf You Knew This, You’d Use a Password Manager TODAYMost people still don’t realize how easy password managers have become. In this short, cybersecurity expert Jeff Shiner explains how users went from avoiding security tools to loving them for their convenience. Adrian Sanabria highlights how the mindset has shifted over the past …YOUTUBE.COM
30 JulHandling malicious requests with fail2bansubmitted by cm0002 to cybersecurity 1 points | 0 comments https://sergiocipriano.com/fail2ban.htmlINFOSEC.PUB
30 JulHackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading AppsCybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets. The activity leverages thousands of maliciou…THEHACKERNEWS.COM
30 JulHackers target Python devs in phishing attacks using fake PyPI siteThe Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. [...]BLEEPINGCOMPUTER.COM
30 JulMore Vendors, More Chaos: Is Supply Chain Security Broken?Too many vendors, not enough control. In this short, cybersecurity expert Marshall challenges the common narrative around supply chain risk. While many focus on market consolidation, he argues the real threat lies in vendor overload and lack of visibility. A must-watch for any in…YOUTUBE.COM
30 JulScammers Unleash Flood of Slick Online Gaming Sitessubmitted by Pro to cybersecurity 1 points | 0 comments https://krebsonsecurity.com/2025/07/scammers-unleash-flood-of-slick-online-gaming-sites/INFOSEC.PUB
30 Jul[CASE STUDY] Retail Organization Sees 50-Fold Increase in Phishing Reporting with KnowBe4's Phish Alert Button and TrainingA global retail and wholesale company transformed their security posture after implementing KnowBe4's Phish Alert Button (PAB) and security awareness training, achieving an astonishing 50-fold increase in user reporting of phishing attacks.KNOWBE4.COM
30 JulSHARED INTEL Q&A: Inside the access mess no one sees — and the identity risk no one ownsFor decades, identity and access management (IAM) and privileged access management (PAM) sat on the sidelines of cybersecurity strategy—viewed more as IT maintenance than frontline defense. Related: The hidden threat of rogue access But that’s changing. Fast. Historically, securi…LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
30 JulScammers Unleash Flood of Slick Online Gaming SitesFraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social …KREBSONSECURITY.COM
🎙️ PODCASTS 1[−]
30 JulSmashing Security podcast #428: Red flags, leaked chats, and a final farewellThe viral women-only dating safety app Tea, built to flag red flags, gets flagged itself - after leaking over 70,000 private images and chat logs. We are talking full-on selfies, ID docs, private DMs, and a dash of 4chan creepiness. Yikes. Plus, Carole takes us down memory lane a…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 8[−]
30 JulScattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security PressureGoogle Cloud's Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses. "Since the recent arrests tied to the alleged Sc…THEHACKERNEWS.COM
30 JulProduct Walkthrough: A Look Inside Pillar's AI Security PlatformIn this article, we will provide a brief overview of Pillar Security's platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing t…THEHACKERNEWS.COM
30 JulAI Cuts vCISO Workload by 68% as Demand Skyrockets, New Report FindsAI is reshaping vCISO services—and SMBs are fueling the surge. Cynomi's 2025 report shows 3x adoption growth and major workload drops as MSPs and MSSPs scale cybersecurity like never before. Learn more in the 2025 State of the vCISO Report. [...]BLEEPINGCOMPUTER.COM
30 JulPasskey support in business applications | Kaspersky official blogWhich corporate systems and applications support passkeys, and how to implement them properly?KASPERSKY.COM
30 JulSkechers is making kids’ shoes with a hidden AirTag compartmentSkechers launches kids' shoes with built-in AirTag holder.TECHCRUNCH.COM
30 JulHackers plant 4G Raspberry Pi on bank network in failed ATM heistThe UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank's network to bypass security defenses in a newly discovered attack. [...]BLEEPINGCOMPUTER.COM
30 JulGerm brings end-to-end encrypted messages to BlueskyGerm's new app lets users send end-to-end encrypted messages on Bluesky. TechCrunch speaks with the Germ founders to hear why they came up with the idea.TECHCRUNCH.COM
30 JulPalo Alto Networks agrees to buy CyberArk for $25 billionThe cybersecurity giant is getting into identity security with its acquisition of CyberArk, which is one of the biggest cybersecurity deals of the year so far.TECHCRUNCH.COM