92Articles
7Categories
2025-07-31Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
31 JulCrushFTP Hit by Critical 0-Day RCE Vulnerability – Full Technical Details and PoC PublishedSecurity researchers have disclosed a critical zero-day vulnerability in CrushFTP, a popular file transfer server solution, that allows attackers to execute arbitrary commands on affected systems without authentication. The vulnerability, tracked as CVE-2025-54309, has been assig…GBHACKERS.COM
31 JulHackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin InstallThreat actors are actively exploiting a critical security flaw in "Alone – Charity Multipurpose Non-profit WordPress Theme" to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with…THEHACKERNEWS.COM
31 JulCritical SUSE Manager Vulnerability Allows Remote Command Execution as RootA critical security vulnerability has been discovered in SUSE Manager that enables attackers to execute arbitrary commands with root privileges without any authentication. The flaw, designated as CVE-2025-46811, represents a severe threat to organizations using affected SUSE Mana…GBHACKERS.COM
31 JulRansomware up 179%, credential theft up 800%: 2025’s cyber onslaught intensifiesIn the first six months of 2025, cybercriminals have already stolen billions of credentials, exploited thousands of vulnerabilities, and launched record-breaking ransomware attacks–leaving security teams and organizations worldwide scrambling to keep up. A Flashpoint midyear tall…CSOONLINE.COM
31 JulChromium: CVE-2025-8292 Use after free in Media StreamThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 27[−]
31 JulRansomware gang tells Ingram Micro, ‘Pay up by August 1’The Safepay ransomware gang has given IT distributor Ingram Micro until Friday to pay up or it will release 3.5TB of what it claims to be the company’s stolen data. The threat appeared this week, listing the company on a countdown clock on the gang’s data leak site, according to …CSOONLINE.COM
31 JulTangled in the web: Scattered Spider’s tactics changing to snare more victimsScattered Spider is using fresh tactics to snare more victims in its web. Governments around the globe are warning that the hacker group is impersonating employees to trick IT help desks into resetting passwords and transferring multi-factor authentication (MFA) tokens to attacke…CSOONLINE.COM
31 JulMind the overconfidence gap: CISOs and staff don’t see eye to eye on security postureCISOs and their security chains of command appear to have significantly divergent views of their organization’s cyber security maturity and resilience. According to a recent BitDefender report , CISOs expressed far greater confidence than mid-level security managers in their orga…CSOONLINE.COM
31 JulNorth Korean APT Hackers Compromise CI/CD Pipelines to Steal Sensitive DataSonatype’s automated malware detection systems have exposed a large-scale and ongoing cyber infiltration campaign orchestrated by the North Korea-backed Lazarus Group, also known as Hidden Cobra. Between January and July 2025, Sonatype identified and blocked 234 unique malw…GBHACKERS.COM
31 JulResearchers Exploit 0-Day Flaws in Retired Netgear Router and BitDefender BoxCybersecurity researchers successfully exploited critical zero-day vulnerabilities in two discontinued network security devices during DistrictCon’s inaugural Junkyard competition in February, earning runner-up recognition for Most Innovative Exploitation Technique. The fin…GBHACKERS.COM
31 JulGoogle Project Zero Tackles Upstream Patch Gap With New PolicyGoogle Project Zero now publicly shares the discovery of a vulnerability and when its 90-day disclosure deadline expires. The post Google Project Zero Tackles Upstream Patch Gap With New Policy appeared first on SecurityWeek .SECURITYWEEK.COM
31 JulCheating on Quantum Computing BenchmarksPeter Gutmann and Stephan Neuhaus have a new paper —I think it’s new, even though it has a March 2025 date—that makes the argument that we shouldn’t trust any of the quantum factorization benchmarks, because everyone has been cooking the books: Similarly, …SCHNEIER.COM
31 Jul‘EDR-on-EDR Violence’: Hackers turn security tools against each otherCybersecurity researchers have uncovered a troubling new attack vector where threat actors are weaponizing free trials of endpoint detection and response (EDR) software to disable existing security tools — a phenomenon they’ve dubbed “EDR-on-EDR violence.” Security researchers Ez…CSOONLINE.COM
31 JulBangalore Techie Arrested for Alleged Role in $44 Million Cryptocurrency TheftA Bangalore-based technology professional has been arrested in connection with a massive cryptocurrency theft worth approximately ₹379 crore ($44 million) from the popular Indian crypto exchange CoinDCX, according to law enforcement officials. The arrest represents one of the mos…GBHACKERS.COM
31 JulBrowser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive DataLayerX has disclosed an AI chatbot hacking method via web browser extensions it has named ‘man-in-the-prompt’. The post Browser Extensions Pose Serious Threat to Gen-AI Tools Handling Sensitive Data appeared first on SecurityWeek .SECURITYWEEK.COM
31 JulCritical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploitssubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2025/07/critical-dahua-camera-flaws-enable.htmlSH.ITJUST.WORKS
31 JulShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMHsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/shinyhunters-behind-salesforce-data-theft-attacks-at-qantas-allianz-life-and-lvmh/SH.ITJUST.WORKS
31 JulLenovo IdeaCentre and Yoga BIOS Flaws Allow Attackers to Run Arbitrary CodeSecurity researchers have discovered critical BIOS vulnerabilities affecting Lenovo’s IdeaCentre and Yoga All-in-One desktop computers that could allow privileged attackers to execute arbitrary code and potentially compromise system security at the firmware level. Critical …GBHACKERS.COM
31 JulWho’s Really Behind the Mask? Combatting Identity FraudWhy context, behavioral baselines, and multi-source visibility are the new pillars of identity security in a world where credentials alone no longer cut it. The post Who’s Really Behind the Mask? Combatting Identity Fraud appeared first on SecurityWeek .SECURITYWEEK.COM
31 JulOpen Source CISA Tool Helps Defenders With Hacker Containment, EvictionThe tool includes resources to help organizations during the containment and eviction stages of incident response. The post Open Source CISA Tool Helps Defenders With Hacker Containment, Eviction appeared first on SecurityWeek .SECURITYWEEK.COM
31 JulNew DoubleTrouble Banking Malware Targets Users Through Phishing Sites to Steal CredentialsResearchers at zLabs have been closely monitoring the DoubleTrouble banking trojan, a rapidly evolving malware strain that has shifted its tactics to exploit unsuspecting users across Europe. Initially disseminated via phishing websites mimicking reputable banks, the trojan has n…GBHACKERS.COM
31 JulSilver Fox Hackers Exploit Weaponized Google Translate Tools to Deliver Windows MalwareThe Knownsec 404 Advanced Threat Intelligence Team has lately discovered increased activity from the Silver Fox cybercrime gang, which has been using fake versions of popular programs as weapons to spread malware in a complex cyber threat landscape. Tracing back to 2024, these at…GBHACKERS.COM
31 JulThorium Platform Public AvailabilityToday, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thorium , a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams' capabilities by automating analysis workflow…CISA.GOV
31 JulCISA open-sources Thorium platform for malware, forensic analysisThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors. [...]BLEEPINGCOMPUTER.COM
31 JulExperts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login CredentialsCybersecurity researchers have disclosed details of a new phishing campaign that conceals malicious payloads by abusing link wrapping services from Proofpoint and Intermedia to bypass defenses. "Link wrapping is designed by vendors like Proofpoint to protect users by routing all …THEHACKERNEWS.COM
31 JulCISA Releases Two Industrial Control Systems AdvisoriesCISA released two Industrial Control Systems (ICS) advisories on July 31, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-212-01 Güralp FMUS Series Seismic Monitoring Devices ICSA-25-212-02 Ro…CISA.GOV
31 JulCISA and USCG Issue Joint Advisory to Strengthen Cyber Hygiene in Critical InfrastructureCISA, in partnership with the U.S. Coast Guard (USCG), released a joint Cybersecurity Advisory aimed at helping critical infrastructure organizations improve their cyber hygiene. This follows a proactive threat hunt engagement conducted at a U.S. critical infrastructure facility.…CISA.GOV
31 JulWhy Your EDR Could Be Your Greatest Cyber RiskWhen a cybersecurity expert warns that EDR tools can cause systemic risk, professionals listen. In this short, Adrian and Marshall break down how even non-malicious outages in endpoint detection and response systems can halt operations—revealing a chilling truth: your most truste…YOUTUBE.COM
31 JulGoogle Cloud Security Threat Horizons Report #12 Is Out!This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #12 ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 , #4 , …MEDIUM.COM
31 JulHacking Washing Machines - PSW #885In the security news: * Hacking washing machines, good clean fun! * Hacking cars via Bluetooth * More Bluetooth hacking with Breaktooth * Making old vulnerabilities great again: exploiting abandoned hardware * Clorox and Cognizant point fingers * AI generated Linux malware * Atta…YOUTUBE.COM
31 JulAttackers wrap phishing links through URL scanning services to bypass detectionAttackers are exploiting the URL wrapping practices of email security services to conceal phishing links and lend credibility to their malicious campaigns. Email security services often rewrite email message URLs to route them through an intermediary domain for scanning. While re…CSOONLINE.COM
31 JulPi-hole - 29,926 breached accountsIn July 2025, a vulnerability in the GiveWP WordPress plugin exposed the names and email addresses of approximately 30k donors to the Pi-hole network-wide ad blocking project . Pi-hole subsequently self-submitted the list of impacted donors to HIBP.HAVEIBEENPWNED.COM
📢 SECURITY ADVISORIES 9[−]
31 JulGenAI als Security-Gamechanger?Für CISOs bietet generative KI nicht nur eine bloße Arbeitserleichterung, sondern zahlreiche neue Möglichkeiten für die Cybersicherheit. SomYuZu – shutterstock.com Durch den Einsatz von GenAI ergeben sich für CISOs neue Chancen, da bewährte Verteidigungsmethoden immer mehr an ihr…CSOONLINE.COM
31 JulSingapore’s Strategic Approach to State-Linked APT Cyber ThreatsSingapore’s recent disclosure of an ongoing cyberattack by the advanced persistent threat (APT) group UNC3886 on critical infrastructure highlights a deliberate strategy favoring technical attribution over overt political linkages. Coordinating Minister for National Securit…GBHACKERS.COM
31 JulReflections from the First Cyber AI Profile WorkshopThank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that …NIST.GOV
31 JulWhy This CISO HATES the Word ‘Compliance’ 😠When cybersecurity pros talk compliance, Martin Tschammer doesn’t hold back. In this clip, he explains why he avoids the word entirely—and what really drives a successful security program. Spoiler: it’s all about trust, money, and proving you’re doing the right thing. A must-watc…YOUTUBE.COM
31 JulScattered Spider Related Domain Names, (Thu, Jul 31st)This week, CISA updated its advisory on Scattered Spider. Scattered Spider is a threat actor using social engineering tricks to access target networks. The techniques used by Scattered Spider replicate those used by other successful actors, such as Lapsus$;. Social engin…ISC.SANS.EDU
🔥 INCIDENT REPORTING 15[−]
31 JulHackers Allegedly Breach Nokia’s Internal NetworkA cybercriminal group has allegedly infiltrated Nokia’s internal network through a vulnerable third-party contractor, potentially exposing sensitive information belonging to more than 94,500 employees in what security experts are calling one of the most extensive corporate …GBHACKERS.COM
31 JulUNC2891 Hackers Breach ATMs Using Raspberry Pi Devices for Network AccessA Raspberry Pi device that was directly attached to an internal network switch was used by the financially motivated threat actor group UNC2891 to breach ATM networks in a sophisticated cyber campaign that targeted banking infrastructure. This embedded hardware, equipped with a 4…GBHACKERS.COM
31 JulChinese Silk Typhoon Hackers File Over 10 Patents for Advanced Intrusive Hacking ToolsA SentinelLABS investigation has revealed that businesses linked to the Chinese advanced persistent threat (APT) group Hafnium, also known as Silk Typhoon, have submitted more than ten patents for highly intrusive forensics and data exfiltration methods. These patents, registered…GBHACKERS.COM
31 JulUNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for FraudThe financially motivated threat actor known as UNC2891 has been observed targeting Automatic Teller Machine (ATM) infrastructure using a 4G-equipped Raspberry Pi as part of a covert attack. The cyber-physical attack involved the adversary leveraging their physical access to inst…THEHACKERNEWS.COM
31 JulLAMEHUG: First AI-Powered Malware Targets Organizations via Compromised Official Email AccountsThe Russian state-sponsored threat actor APT28, also known as Fancy Bear or Forest Blizzard, has deployed LameHug, the first publicly documented malware leveraging large language models (LLMs) for automated command generation and execution. According to a recent CERT-UA report, t…GBHACKERS.COM
31 JulHackers stole Social Security numbers during Allianz Life cyberattack | TechCrunchsubmitted by kid to cybersecurity 1 points | 0 comments https://techcrunch.com/2025/07/30/hackers-stole-social-security-numbers-during-allianz-life-cyberattack/SH.ITJUST.WORKS
31 JulAI-Driven Trends in Endpoint Security: What the 2025 Gartner® Magic Quadrant™ RevealsCyber threats and attacks like ransomware continue to increase in volume and complexity with the endpoint typically being the most sought after and valued target. With the rapid expansion and adoption of AI, it is more critical than ever to ensure the endpoint is adequately secur…THEHACKERNEWS.COM
31 JulCyberkriminelle setzen Ingram Micro UltimatumRansomware-Gangster erpressen Ingram Micro. JHVEPhoto | shutterstock.com Anfang Juli 2025 wurde bekannt, dass der IT-Dienstleister Ingram Micro von einer Ransomware-Attacke betroffen ist . Diese zog auch einen mehrtägigen Ausfall der IT-Systeme nach sich. Inzwischen laufen die Sy…CSOONLINE.COM
31 JulSafePay ransomware threatens to leak 3.5TB of Ingram Micro datasubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/safepay-ransomware-threatens-to-leak-35tb-of-ingram-micro-data/SH.ITJUST.WORKS
31 JulInc Ransomware Claims 1.2TB Data Breach at Dollar Treesubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/inc-ransomware-1-2tb-data-breach-at-dollar-tree/SH.ITJUST.WORKS
31 JulRansomware Gangs Leverage TrickBot Malware to Steal US $724 Million in CryptocurrencyRansomware affiliates associated with groups like Ryuk, Conti, and Diavol have increasingly relied on the modular TrickBot malware to facilitate sophisticated extortion campaigns, resulting in over US$724 million in cryptocurrency theft. Originally emerging in 2016 as a banking T…GBHACKERS.COM
31 JulAnubis Ransomware Targets Android and Windows Users to Encrypt Files and Steal CredentialsRansomware activity has skyrocketed in the ever-evolving cyber threat landscape, with Bitsight’s State of the Underground 2025 study indicating a 53% increase in ransomware group-operated leak sites and a roughly 25% increase in unique victims reported on leak sites through…GBHACKERS.COM
31 JulThreat Actors Use Malicious RMM Tools for Stealthy Initial Access to OrganizationsA small increase in targeted cyberattacks that make use of Remote Monitoring and Management (RMM) capabilities that are embedded in PDF documents has been seen by WithSecure. These campaigns primarily focus on organizations in France and Luxembourg, employing socially engineered …GBHACKERS.COM
31 JulYour Backups Are Useless If THIS Happens 🤐 #ITriskMost IT pros think backups are their safety net... but what if that's exactly what ransomware attacks first? In this short, Doug White reveals how modern cybercriminals cripple your recovery before you even realize it. From disabling backup agents to encrypting backup volumes, th…YOUTUBE.COM
31 JulDark Web Just Got an Upgrade 😳 16 Billion Leaked CredentialsThe cybersecurity world is in shock as Russell Beauchemin reveals what might be the largest leak of novel credentials in history. Unlike the "Mother of All Breaches" from January 2024, which recycled old data, this latest leak reportedly includes 16 billion new login credentials.…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 22[−]
31 JulISC Stormcast For Thursday, July 31st, 2025 https://isc.sans.edu/podcastdetail/9550, (Thu, Jul 31st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
31 JulPalo Alto Networks Announces $25 Billion Acquisition of CyberArkCybersecurity giant Palo Alto Networks announced a landmark $25 billion acquisition of identity security leader CyberArk on July 30, 2025, marking the company’s formal entry into the rapidly growing Identity Security market. The strategic combination represents a significan…GBHACKERS.COM
31 JulNOVABLIGHT Masquerades as Educational Tool to Steal Login Credentials and Compromise Crypto WalletsA newly analyzed Malware-as-a-Service (MaaS) infostealer, NOVABLIGHT, has emerged as a significant cybersecurity threat, targeting unsuspecting users with advanced data theft capabilities. Developed and sold by the Sordeal Group, a threat actor demonstrating French-language profi…GBHACKERS.COM
31 JulHoneywell Experion PKS Flaws Allow Manipulation of Industrial ProcessesHoneywell has patched several critical and high-severity vulnerabilities in its Experion PKS industrial process control and automation product. The post Honeywell Experion PKS Flaws Allow Manipulation of Industrial Processes appeared first on SecurityWeek .SECURITYWEEK.COM
31 JulReport Links Chinese Companies to Tools Used by State-Sponsored HackersSentinelLabs connects the dots between prolific Chinese state-sponsored hackers and companies developing intrusion tools. The post Report Links Chinese Companies to Tools Used by State-Sponsored Hackers appeared first on SecurityWeek .SECURITYWEEK.COM
31 JulHacker Arrested for Data Theft Targeting Spanish Bank CustomersSpanish authorities have successfully apprehended a sophisticated cybercriminal who allegedly stole sensitive data from major financial institutions, educational organizations, and private companies across the country. The arrest represents a significant victory in the ongoing ba…GBHACKERS.COM
31 JulAPI Security Firm Wallarm Raises $55 MillionWallarm has raised money in a Series C funding round led by Toba Capital, which brings the total raised by the company to over $70 million. The post API Security Firm Wallarm Raises $55 Million appeared first on SecurityWeek .SECURITYWEEK.COM
31 JulN. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in CryptoThe North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. "Under the guise of freelance opportunities for software development work, UNC4899 leveraged social …THEHACKERNEWS.COM
31 JulMalicious Connectors Potentially Impact Hundreds of Millions of Microsoft 365 UsersMost Microsoft 365 users aren’t aware of this recently growing serious email threat vector.KNOWBE4.COM
31 JulReach Security Raises $10 Million for Exposure Management SolutionReach Security has received a $10 million strategic investment from M12 to advance its domain-specific AI approach for exposure management. The post Reach Security Raises $10 Million for Exposure Management Solution appeared first on SecurityWeek .SECURITYWEEK.COM
31 JulThis Simple Step Could Save You HOURS on Endpoint TasksMost cybersecurity pros overlook this one simple check when handling a new Windows system. In this clip, Doug White shares a crucial tip that can save hours of troubleshooting: always check if Windows Defender, antivirus, and firewall are even turned on — because by default, they…YOUTUBE.COM
31 JulChinese Researchers Suggest Lasers and Sabotage to Counter Musk’s Starlink SatellitesChinese military and cyber researchers are intensifying efforts to counter Elon Musk’s Starlink satellite network, viewing it as a potential tool for U.S. military power across nuclear, space, and cyber domains. The post Chinese Researchers Suggest Lasers and Sabotage to Counter …SECURITYWEEK.COM
31 JulNoma Security Raises $100 Million for AI Security PlatformNoma Security has announced a Series B funding round that will enable the company’s growth and expansion of its AI agent security solutions. The post Noma Security Raises $100 Million for AI Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
31 JulNot Enough Good People Run for Office… Here's ProofWhen a respected cybersecurity expert casually says she wants to run for office, it catches everyone off guard. But her reason? It's exactly what the world needs to hear right now. In a time where ethical voices are rare in politics, this moment hits different. Proof that some of…YOUTUBE.COM
31 JulMicrosoft: Russian hackers use ISP access to hack embassies in AiTM attacksMicrosoft warns that a cyber-espionage group linked to Russia's Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers. [...]BLEEPINGCOMPUTER.COM
31 JulFrozen in transit: Secret Blizzard’s AiTM campaign against diplomatsMicrosoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShad…MICROSOFT.COM
31 JulCan You Join a Cybersecurity Team with Just Passion?Passion over paperwork? In this short, Doug White shares how their cybersecurity team welcomes anyone with a genuine love for security and pen testing—no interviews, no applications. Just show up, connect, and bring the energy. It’s not about being perfect; it’s about being passi…YOUTUBE.COM
31 JulModernize your identity defense with Microsoft Identity Threat Detection and ResponseMicrosoft's Identity Threat Detection and Response solution integrates identity and security operations to provide proactive, real-time protection against sophisticated identity-based cyberthreats. The post Modernize your identity defense with Microsoft Identity Threat Detection …MICROSOFT.COM
31 JulSecret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow EmbassiesThe Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delive…THEHACKERNEWS.COM
31 JulUnit 42 Launches Attribution Framework to Classify Threat Actors by Behavior and ActivityUnit 42, the threat research division of Palo Alto Networks, has unveiled its Attribution Framework, designed to transform the traditionally subjective process of threat actor attribution into a structured, evidence-based science. Drawing on the foundational Diamond Model of Intr…GBHACKERS.COM
31 JulThis 1-Minute Exercise Could Save Your Job 😱 #TechShortsA cybersecurity pro walks through a simple but powerful test: build a virtual machine, create one file named "Kroatoa", back it up, delete everything… and try to bring it all back—even if the hardware vanishes. Sounds easy? Most pros fail when it really counts. This quick drill c…YOUTUBE.COM
31 JulWhy Cyber Competitions Run on Cloud (And You Should Too) ☁️In this short clip, Doug White reveals how cloud infrastructure like AWS makes cybersecurity competitions faster, cheaper, and way more efficient. By letting teams spin environments up and down at will, students and professionals can train, build, and deploy without massive capit…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
31 JulAlert Fatigue, Data Overload, and the Fall of Traditional SIEMsSecurity Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes are growing more complex, and security teams are chronically understaffed. Analysts face a daily battle with alert noise, fragmented tools, and incomplete data visibility.…THEHACKERNEWS.COM
31 JulInside a Real Clickfix Attack: How This Social Engineering Hack UnfoldsClickFix abuses clipboards. FileFix hijacks File Explorer. Both social engineering attacks start in the browser—and end in malware. See how Keep Aware stops these stealthy attacks before they break out of the browser in a run down of a real attack. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 12[−]
31 JulZoomers at work: how scammers target this demographic | Kaspersky official blogScammers and cybercriminals have made polyworking Gen Z their targets. Discover the latest insights from Kaspersky on the cyberthreats targeting Zoomers — and practical steps you can take to safeguard yourself in today's digital workplace.KASPERSKY.COM
31 JulGoogle is experimenting with machine-learning powered age estimation tech in the U.S.Google will use machine learning and user data to estimate age of users in the U.S.TECHCRUNCH.COM
31 JulSpikes in malicious activity precede new CVEs in 80% of casesResearchers have found that in roughly 80% of cases, spikes in malicious activity like network reconnaissance, targeted scanning, and brute-forcing attempts are a precursor to the disclosure of new security vulnerabilities (CVEs) within six weeks. [...]BLEEPINGCOMPUTER.COM
31 JulProton launches free standalone cross-platform Authenticator appProton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. [...]BLEEPINGCOMPUTER.COM
31 JulSophos named a Leader in the 2025 Frost Radar™ for Managed Detection and ResponseBeing named a Leader in the Frost Radar™ validates the strength of our strategy, the depth of our capabilities, and the value we deliver to customers... but we won’t stop there.SOPHOS.COM
31 Jul.NET Bounty Program now offers up to $40,000 in awardsWe’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnera…MSRC.MICROSOFT.COM
31 JulMicrosoft now pays up to $40,000 for some .NET vulnerabilitiesMicrosoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities. [...]BLEEPINGCOMPUTER.COM
31 JulMicrosoft to disable Excel workbook links to blocked file typesMicrosoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026. [...]BLEEPINGCOMPUTER.COM
31 JulKali Linux can now run in Apple containers on macOS systemsCybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apple's new containerization framework. [...]BLEEPINGCOMPUTER.COM
31 JulThis month in security with Tony Anscombe – July 2025 editionHere's a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025WELIVESECURITY.COM
31 Jul.NET Bounty Program now offers up to $40,000 in awardsWe’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnera…MSRC.MICROSOFT.COM