73Articles
8Categories
2025-08-01Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
1 AugOver 17,000 SharePoint Servers Found Exposed Online — 840 Vulnerable to Active 0-Day AttacksA significant cybersecurity crisis has emerged with the discovery of over 17,000 Microsoft SharePoint servers exposed to internet-based attacks, including 840 systems vulnerable to a critical zero-day vulnerability that Chinese threat actors are actively exploiting. The vulnerabi…GBHACKERS.COM
1 AugMicrosoft-Sicherheitslücke in Deutschland weit verbreitetwidth="2490" height="1400" sizes="(max-width: 2490px) 100vw, 2490px"> Die Gefahr ist noch nicht gebannt: Experten verzeichnen weiter steigende Infektionszahlen. Ascannio – shutterstock.com Deutsche Unternehmen, Behörden und Bildungseinrichtungen sind in Europa am stärksten von de…CSOONLINE.COM
1 AugStorm-2603 Deploys Custom Malware Using BYOVD to Bypass Endpoint ProtectionsCheck Point Research (CPR) has delved into the operations of Storm-2603, a recently identified threat actor linked to Chinese advanced persistent threat (APT) groups, amid widespread exploitation of Microsoft SharePoint Server vulnerabilities known as “ToolShell.” Thi…GBHACKERS.COM
1 AugCursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt InjectionCybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution. The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in ver…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 25[−]
1 AugHow bright are AI agents? Not very, recent reports suggestSecurity researchers are adding more weight to a truth that infosec pros had already grasped: AI agents are not very bright, and are easily tricked into doing stupid or dangerous things by legalese, appeals to authority, or even just a semicolon and a little white space. The late…CSOONLINE.COM
1 AugSentinelLabs uncovers China’s hidden cyber-espionage arsenalA number of patents have been granted to companies in the People’s Republic of China (PRC) involving “highly intrusive forensics and data collection technologies” that allow everything from the acquisition of encrypted endpoint data and mobile forensics to collecting traffic from…CSOONLINE.COM
1 AugCISA Releases Thorium: Open-Source Malware and Forensics Tool Now PublicThe Cybersecurity and Infrastructure Security Agency (CISA) has made a significant contribution to the cybersecurity community by publicly releasing Thorium, a powerful open-source platform designed to revolutionize malware analysis and digital forensics operations. This announce…GBHACKERS.COM
1 AugHackers Abuse EDR Free Trials to Bypass Endpoint ProtectionCybersecurity researchers have uncovered a concerning new attack vector where threat actors are exploiting free trials of endpoint detection and response (EDR) software to disable existing security protections on targeted systems. This technique, dubbed “BYOEDR” (Brin…GBHACKERS.COM
1 Aug$1 Million Offered for WhatsApp Exploit at Pwn2Own Ireland 2025Meta is sponsoring ZDI’s Pwn2Own hacking competition, where participants can earn big prizes for smartphone, WhatsApp and wearable device exploits. The post $1 Million Offered for WhatsApp Exploit at Pwn2Own Ireland 2025 appeared first on SecurityWeek .SECURITYWEEK.COM
1 AugSummer: Why cybersecurity must be strengthened as vacations aboundSummer is a time for vacation and a well-deserved break from the intensity of work. It’s also a great time to be targeted for a cyberattack. While cybercriminal activity extends throughout the year, summer has a special quality for cyber attackers. Whether it’s because our guard …CSOONLINE.COM
1 AugEcho Raises $15M in Seed Funding for Vulnerability-Free Container ImagesEcho received funding for creating thousands of container images that are not affected by any CVE, for enterprise-grade software infrastructure. The post Echo Raises $15M in Seed Funding for Vulnerability-Free Container Images appeared first on SecurityWeek .SECURITYWEEK.COM
1 AugWhatsApp 0-Click RCE Exploit Worth $1 Million at Pwn2Own Ireland 2025Cybersecurity researchers have a massive incentive to target WhatsApp this fall, as the Zero Day Initiative (ZDI) announced a record-breaking $1 million bounty for a zero-click remote code execution exploit against the popular messaging platform at Pwn2Own Ireland 2025. The unpre…GBHACKERS.COM
1 AugStorm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware AttacksThe threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations. The framework includes at least two different types of…THEHACKERNEWS.COM
1 AugThreat Actors Exploit Proofpoint and Intermedia Link Wrapping to Conceal Phishing PayloadsCybercriminals are increasingly exploiting link wrapping features from vendors like Proofpoint and Intermedia to mask malicious payloads, leveraging the inherent trust users place in these security tools. Link wrapping, intended as a protective measure, reroutes URLs through vend…GBHACKERS.COM
1 AugPwn2Own hacking contest pays $1 million for WhatsApp exploitThe Zero Day Initiative is offering a $1 million reward to security researchers who will demonstrate a zero-click WhatsApp exploit at its upcoming Pwn2Own Ireland 2025 hacking contest. [...]BLEEPINGCOMPUTER.COM
1 AugLLMs Boost Offensive R&D by Identifying and Exploiting Trapped COM ObjectsOutflank is pioneering the integration of large language models (LLMs) to expedite research and development workflows while maintaining rigorous quality standards. This approach allows teams to focus on refining and testing techniques for their Outflank Security Tooling (OST) sui…GBHACKERS.COM
1 AugMicrosoft Boosts .NET Bounty Program Rewards to $40,000Valid, complete reports detailing remote code execution or elevation of privilege bugs in .NET qualify for the maximum rewards. The post Microsoft Boosts .NET Bounty Program Rewards to $40,000 appeared first on SecurityWeek .SECURITYWEEK.COM
1 AugThe #1 Blind Spot in Every Cybersecurity StrategyMost companies think they’ve locked down their systems… but they’re blind to one critical flaw: the access trust gap. This short breaks down what cybersecurity pros are missing—unmanaged devices, shadow AI, and BYOD practices that quietly bypass IT control. If security teams don'…YOUTUBE.COM
1 AugAI-powered Cursor IDE vulnerable to prompt-injection attacksA vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges. [...]BLEEPINGCOMPUTER.COM
1 AugIn Other News: Microsoft Probes ToolShell Leak, Port Cybersecurity, Raspberry Pi ATM HackNoteworthy stories that might have slipped under the radar: Microsoft investigates whether the ToolShell exploit was leaked via MAPP, two reports on port cybersecurity, physical backdoor used for ATM hacking attempt. The post In Other News: Microsoft Probes ToolShell Leak, Port C…SECURITYWEEK.COM
1 AugHackers Exploit Microsoft 365’s Direct Send Feature for Internal Phishing AttacksThreat actors are leveraging Microsoft 365’s Direct Send feature to launch sophisticated phishing campaigns that mimic internal organizational emails, eroding trust and heightening the success rate of social engineering exploits. This feature, designed for unauthenticated r…GBHACKERS.COM
1 AugLazarus Hackers Weaponize 234 npm and PyPI Packages to Infect DevelopersSonatype’s automated detection systems have uncovered an expansive and ongoing infiltration of the global open-source ecosystem by the notorious Lazarus Group, a threat actor believed to be backed by North Korea’s Reconnaissance General Bureau. Between January and July 2025, Sona…GBHACKERS.COM
1 AugPi-hole discloses data breach via GiveWp WordPress plugin flawPi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin. [...]BLEEPINGCOMPUTER.COM
1 AugLockBit Operators Use Stealthy DLL Sideloading to Mask Malicious App as Legitimate OneOperators of LockBit ransomware have improved their tactics, methods, and procedures (TTPs) to avoid detection and increase damage in the always changing world of cyberthreats. By exploiting DLL sideloading and masquerading, these attackers disguise malicious activities within le…GBHACKERS.COM
1 AugQilin Ransomware Sees Surge After Collapse of Dominant RansomHub RaaSThe ransomware landscape underwent significant disruption, marked by the abrupt cessation of operations from several prominent Ransomware-as-a-Service (RaaS) groups, including RansomHub, Babuk-Bjorka, FunkSec, BianLian, 8Base, Cactus, Hunters International, and LockBit. This wave…GBHACKERS.COM
1 AugSay Goodbye to Legacy Auth – Microsoft’s Not Playing! 🚫Microsoft is finally shutting the door on outdated authentication protocols! Starting mid-July, all Microsoft 365 tenants will begin blocking access to SharePoint, OneDrive, and Office files through legacy auth methods like RPS and FPRPC. These protocols—dating back to the FrontP…YOUTUBE.COM
1 AugSonicWall firewall devices hit in surge of Akira ransomware attacksSonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf. [...]BLEEPINGCOMPUTER.COM
1 AugA backlog at the Commerce Dept. is reportedly stalling Nvidia’s H20 chip licensesNews of a backlog at the U.S. federal department comes less than a week after national security experts urged the Trump administration to reverse its decision that allows Nvidia to export H20 chips to China.TECHCRUNCH.COM
1 AugWhy the tech industry needs to stand firm on preserving end-to-end encryptionRestricting end-to-end encryption on a single-country basis would not only be absurdly difficult to enforce, but it would also fail to deter criminal activityWELIVESECURITY.COM
📢 SECURITY ADVISORIES 9[−]
1 AugCybersecurity Today: Supply Chain Attacks, St. Paul's Cyber Emergency, and Ingram Micro's Data BreachIn this episode, the host Jim Love discusses the increasing sophistication of supply chain attacks, starting with an account of a blockchain developer who lost $500,000 due to a malicious extension in a popular AI-powered coding tool. The episode also covers a significant cyber e…CYBERSECURITYTODAY.LIBSYN.COM
1 AugWie EDR EDR aushebeltLegitime Security-Tools gegeneinander auszuspielen, eröffnet Cyberkriminellen diverse Vorteile. Tero Vesalainen | shutterstock.com Cybersicherheitsforscher haben einen unheilvollen neuen Angriffsvektor entdeckt. Dabei könnten Angreifer kostenlose Testversionen von Endpoint Detect…CSOONLINE.COM
1 AugAPT36 Hackers Target Indian Railways, Oil, and Government Systems Using Malicious PDF FilesThe Pakistan-linked threat group APT36, also known as Transparent Tribe, has broadened its cyber operations beyond traditional military targets to encompass Indian railways, oil and gas infrastructure, and the Ministry of External Affairs. Security researchers have uncovered two …GBHACKERS.COM
1 AugSpying on People Through Airportr Luggage Delivery ServiceAirportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure , you’d be able to spy on lots of w…SCHNEIER.COM
1 AugMicrosoft Teams Adds Silent 60-Second Test Call Feature for IT AdminsMicrosoft has announced a significant new feature for IT administrators that will enhance network monitoring capabilities within Microsoft Teams. Starting September 2025, administrators will gain access to silent, 60-second test call functionality designed to proactively monitor …GBHACKERS.COM
1 AugLet’s get Digital! Updated Digital Identity Guidelines are Here!Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it’s been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two publ…NIST.GOV
1 AugNews alert: Comp AI lands $2.6M pre-seed to modernize compliance, disrupt SOC 2 marketSan Francisco, Calif., Aug. 1, 2025, CyberNewswire— Comp AI, an emerging player in the compliance automation space, today announced it has secured $2.6 million in pre-seed funding to accelerate its mission of transforming how companies achieve compliance with critical frameworks …LASTWATCHDOG.COM
🔥 INCIDENT REPORTING 7[−]
1 AugCybercrooks faked Microsoft OAuth apps for MFA phishingThreat actors have cooked up a clever way to slip past multifactor authentication (MFA), tricking users into approving fake app access requests that impersonate trusted brands. According to Proofpoint findings, attackers are crafting fake Microsoft OAuth apps that mimic trusted b…CSOONLINE.COM
1 AugSearch Engines Are Indexing ChatGPT Chats — Here’s What Our OSINT FoundA significant privacy breach has emerged in the artificial intelligence landscape, as ChatGPT shared conversations are being indexed by major search engines, effectively transforming private exchanges into publicly discoverable content accessible to millions of users worldwide. T…GBHACKERS.COM
1 AugAuthorities seize BlackSuit ransomware gang’s serversGerman authorities said they have seized the servers used by the long-running ransomware gang, BlackSuit, which is blamed for cyberattacks across Europe and the U.S., including the City of Dallas.TECHCRUNCH.COM
1 AugAttackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 AccountsCybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. "The fake Microsoft 365 applications impersonate var…THEHACKERNEWS.COM
1 AugThis Simple Exercise Exposed ALL Our WeaknessesWhen a cybersecurity leader decided to run a simple resilience exercise, they didn’t expect it to reveal so many gaps. In just one drill, the team’s assumptions fell apart, and their detection capabilities were pushed to the edge. This short unpacks the hidden value of offensive …YOUTUBE.COM
1 AugSafePay Ransomware Strikes 260+ Victims Across Multiple CountriesThe SafePay ransomware organization has quickly become a powerful operator since its initial detection in September 2024, marking a startling increase in the cyber threat scenario. Unlike predominant ransomware-as-a-service (RaaS) models that rely on affiliates for dissemination …GBHACKERS.COM
1 AugOld School Cybersecurity Was WILD 😱Back when data centers ruled and smartphones didn’t exist, cybersecurity looked nothing like it does today. In this short, Erika, a veteran with 25 years in the field, takes us back to a time when tracking attack surfaces was all manual and asset management barely existed. No clo…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 21[−]
1 AugISC Stormcast For Friday, August 1st, 2025 https://isc.sans.edu/podcastdetail/9552, (Fri, Aug 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
1 AugMicrosoft Upgrades .NET Bounty Program, Offers Rewards Up to $40,000Microsoft has announced significant enhancements to its .NET Bounty Program, introducing expanded coverage, streamlined award structures, and substantially increased financial incentives for security researchers. The updated program now offers maximum rewards of USD 40,000 for cr…GBHACKERS.COM
1 AugBill Aims to Create National Strategy for Quantum Cybersecurity MigrationTwo US senators introduced a bipartisan bill to help prepare federal government agencies for quantum computing threats. The post Bill Aims to Create National Strategy for Quantum Cybersecurity Migration appeared first on SecurityWeek .SECURITYWEEK.COM
1 AugMicrosoft to Block External Workbook Links to Unsafe File Types by DefaultMicrosoft announced a significant security enhancement for Excel users, revealing plans to block external workbook links to unsafe file types by default starting in October 2025. This major change aims to strengthen workbook security by preventing potential security vulnerabiliti…GBHACKERS.COM
1 AugSpotlight report: How AI is reshaping ITDownload the August 2025 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World. aria-label="Embed of AUGUST SPOTLIGHT 01."> AUGUST SPOTLIGHT 01 DownloadUS.RESOURCES.CSOONLINE.COM
1 AugCyber Risk Management Firm Safe Raises $70 MillionSafe has raised $70 million in Series C funding to advance cyber risk management through specialized AI agents. The post Cyber Risk Management Firm Safe Raises $70 Million appeared first on SecurityWeek .SECURITYWEEK.COM
1 AugThreat Actors Impersonate Microsoft OAuth Apps to Steal Login CredentialsThreat actors are leveraging sophisticated phishing campaigns by creating fake Microsoft OAuth applications to impersonate legitimate enterprises, enabling credential theft while bypassing multifactor authentication (MFA). Proofpoint researchers have tracked this activity since e…GBHACKERS.COM
1 AugIllumina Fined $9.8M for Cybersecurity Flaws in Genomic Tools Sold to U.S. AgenciesIllumina Inc., a leading genomic sequencing company, has agreed to pay $9.8 million to settle federal allegations that it knowingly sold cybersecurity-vulnerable genomic sequencing systems to government agencies while misrepresenting their security standards. The settlement resol…GBHACKERS.COM
1 AugRussian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: MicrosoftRussian state-sponsored APT Secret Blizzard has used ISP-level AitM attacks to infect diplomatic devices with malware. The post Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft appeared first on SecurityWeek .SECURITYWEEK.COM
1 AugBlizzard Group’s ApolloShadow Malware Installs Root Certificates to Trust Malicious SitesMicrosoft Threat Intelligence has exposed a sophisticated cyberespionage operation orchestrated by the Russian state-sponsored actor tracked as Secret Blizzard, which has been actively compromising foreign embassies in Moscow through an adversary-in-the-middle (AiTM) technique to…GBHACKERS.COM
1 AugBlurred Lines: The Hidden Risk of Working From HomeWhen Jeff Shiner explains how work and home life have completely blurred, cybersecurity professionals listen. This short explores the invisible security risks that come with remote work—and why blending personal and professional spaces could be your weakest link. It's not just ab…YOUTUBE.COM
1 AugChinese Threat Actors Hack 11,000 Android Devices to Deploy PlayPraetor MalwareChinese-speaking threat actors have used the PlayPraetor Remote Access Trojan (RAT) to infiltrate more than 11,000 Android devices globally in a sophisticated Malware-as-a-Service (MaaS) operation. This allows for on-device fraud (ODF) by controlling the device in real time. Firs…GBHACKERS.COM
1 Aug5 Years Later… Mr. Fufu Still Has Root Access!An old app. A forgotten service account. And full root access. In this short, cybersecurity expert Doug White shares a real-world nightmare that IT teams often overlook: deprecated service accounts like “Mr. Fufu” that quietly retain system privileges years after they’re no longe…YOUTUBE.COM
1 AugGen Z in the Crosshairs: Cybercriminals Shift Focus to Young, Digital-Savvy WorkersShould Gen Z to be treated as a separate attack surface within your company? The post Gen Z in the Crosshairs: Cybercriminals Shift Focus to Young, Digital-Savvy Workers appeared first on SecurityWeek .SECURITYWEEK.COM
1 AugBSides Oslo 2023submitted by ashar to security_cpe 1 points | 0 comments https://youtube.com/playlist?list=PLN3z9jDDd0EgMGuS4NJ4t2IkJ3wF5s3me BSides Oslo 2023 playlistINFOSEC.PUB
1 Aug67% Review AI Code. What About the Other 33%?In this shocking clip, cybersecurity expert Doug White reacts to a survey where 33% of developers admit they don’t review AI-generated code before deploying it. With AI writing nearly half of some codebases, the question isn’t whether AI should be used — it’s whether developers a…YOUTUBE.COM
1 AugCAPTCHA Is Dead. AI Killed It. ☠️AI just crushed CAPTCHA and cybersecurity pros are freaking out. This short dives into how hackers are now using artificial intelligence to bypass traditional human verification systems and impersonate loved ones with terrifying accuracy. Think you're safe behind a CAPTCHA wall? …YOUTUBE.COM
1 AugThe Hidden Price of Building Cyber Labs No One Talks AboutWhen Doug White and his team set out to build a simple cybersecurity lab, they didn’t expect the setup to spiral into a massive infrastructure project. From VMs to licensing, AWS decisions, and mounting hardware needs—this short reveals the real commitment behind building serious…YOUTUBE.COM
1 AugFriday Squid Blogging: A Case of Squid Fossil MisidentificationWhat scientists thought were squid fossils were actually arrow worms .SCHNEIER.COM
1 AugPipes, Thorium, Excel, ATM Hillbilly Cannibal Attack, Lambdas, AIs, Aaran Leyland - SWN #499Pipes, Thorium, Excel, Weird Ports, ATM Hillbilly Cannibal Attack, Lambdas, National Guard, AIs, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-4…YOUTUBE.COM
1 AugIf You Use SaaS, You Might Be Leaking SecretsMost developers don’t realize it — but every time they integrate a SaaS app and generate an API token, they might be exposing sensitive secrets without knowing. In this short, Fernando breaks down the hidden risks behind common integrations, why bearer tokens can bypass 2FA, and …YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
1 AugIs your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)Here's what you need to know about the inner workings of modern spyware and how to stay away from apps that know too muchWELIVESECURITY.COM
🎙️ PODCASTS 1[−]
1 AugSoap Box: Why AI can't fix bad security productsIn this Soap Box edition of the show Patrick Gray chats with the CEO of email security company Sublime Security, Josh Kamdjou. They talk about where AI is useful, where it isn’t, and why AI can’t save vendors from their bad product design choices. This episode is also available o…RISKY.BIZ
📡 INFOSEC NEWS 5[−]
1 AugYou Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed ThemJust as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them The junk food problem in cybersecurity Imagine a triathlete who spares…THEHACKERNEWS.COM
1 AugAI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before TakedownCybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer "advanced license validation and registry optimization utilities…THEHACKERNEWS.COM
1 AugSex toy maker Lovense threatens legal action after fixing security flaws that exposed users’ dataThe internet-connected sex toy maker said it fixed the vulnerabilities that exposed users' private email addresses and accounts to takeovers, but said it was also planning to take legal action following the disclosure.TECHCRUNCH.COM
1 AugOpenAI may be testing a cheaper paid plan for ChatGPTOpenAI is reportedly working on a new plan called 'Go,' which would be cheaper than the existing $20 Plus subscription. [...]BLEEPINGCOMPUTER.COM