91Articles
7Categories
2025-08-04Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 9[−]
4 AugDer Kaufratgeber für Breach & Attack Simulation ToolsBreach & Attack Simulation Tools geben Aufschluss darüber, wie gut (oder schlecht) Ihre Sicherheitskontrollen funktionieren. Roman Samborskyi | shutterstock.com Lösungen im Bereich Breach & Attack Simulation (BAS) unterstützen Unternehmen dabei, ihr Sicherheitsniveau zu v…CSOONLINE.COM
4 AugNestJS Vulnerability Allows Code Execution on Developer MachinesA critical remote code execution vulnerability has been discovered in the popular NestJS framework that could allow attackers to execute arbitrary code on developer machines. The vulnerability, tracked as CVE-2025-54782, affects the @nestjs/devtools-integration package and has be…GBHACKERS.COM
4 AugCritical HashiCorp Vulnerability Allows Attackers to Run Code on Host MachineHashiCorp has disclosed a critical security vulnerability affecting its Vault products that could allow privileged operators to execute arbitrary code on the underlying host machine. The flaw, designated CVE-2025-6000 and tracked as HCSEC-2025-14, impacts both Community and Enter…GBHACKERS.COM
4 AugCritical Squid Flaw Allows Remote Code Execution by AttackersA severe security vulnerability in the widely-used Squid HTTP proxy has been disclosed, potentially exposing millions of systems to remote code execution attacks. The flaw, designated as CVE-2025-54574 and SQUID-2025:1, represents a critical buffer overflow vulnerability in the s…GBHACKERS.COM
4 AugCybersecurity Today: Hamilton's Ransomware Crisis and Emerging AI and OAuth ThreatsIn this episode of 'Cybersecurity Today,' host David Chipley discusses several major security incidents and threats. Hamilton, Ontario faces a $5 million insurance denial following a ransomware attack due to incomplete deployment of Multi-Factor Authentication (MFA). The episode …CYBERSECURITYTODAY.LIBSYN.COM
4 AugVulnerabilities in Government-Linked Partner Software Allow Remote Code AttacksMultiple serious security vulnerabilities have been discovered in Partner Software and Partner Web applications widely used by government agencies and contractors, potentially exposing sensitive systems to remote code execution attacks and data breaches. The vulnerabilities, trac…GBHACKERS.COM
4 AugResearchers Use 0-Day to Exploit Google kernelCTF and Debian 12Security researchers have uncovered and weaponized a critical Use-After-Free vulnerability (CVE-2025-38001) in the Linux network packet scheduler’s HFSC queuing discipline, successfully compromising Google kernelCTF instances—LTS, COS, and mitigation—and fully updated Debian 12. …GBHACKERS.COM
4 AugFUJIFILM Printer Flaw Allows Attackers to Trigger DoS AttacksFUJIFILM Business Innovation has disclosed a critical vulnerability affecting multiple printer models that could allow attackers to launch denial-of-service (DoS) attacks through specially crafted network packets. The vulnerability, tracked as CVE-2025-48499, affects the Internet…GBHACKERS.COM
4 AugSurge in Threat Actor Exploitation Attempts Serves as Early Warning of Emerging Cyber VulnerabilitiesResearchers have discovered a continuous relationship between increases in threat actor activity and the eventual disclosure of new Common Vulnerabilities and Exposures (CVEs) in corporate edge technologies, according to a groundbreaking report published by GreyNoise, Inc. The st…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
4 AugAI-Powered Cursor IDE Exposes Users to Silent Remote Code ExecutionCybersecurity researchers at Aim Labs have discovered a critical vulnerability in the popular AI-powered Cursor IDE that enables attackers to achieve silent remote code execution on developer machines. The vulnerability, dubbed “CurXecute,” has been assigned a high se…GBHACKERS.COM
4 Aug6 things keeping CISOs up at nightCISOs have a lot on their minds, from team’s burn out, AI risks to the pressure of proving business value, security leaders are juggling a complex range of threats. The security profession has a stress problem The security profession has a pervasive stress problem, one that affec…CSOONLINE.COM
4 Aug KEVCrowdStrike: A new era of cyberthreats from sophisticated threat actors is hereCISOs and their teams are entering a “new era” of cyberthreats characterized by sophisticated threat actors who operate with “business-like efficiency,” researchers from CrowdStrike conclude in the cybersecurity giant’s 2025 Threat Hunting Report . “These adversaries operate with…CSOONLINE.COM
4 AugMCP: securing the backbone of Agentic AIThe model context protocol (MCP) was only introduced at the end of 2024, but the technological consequences are already clearly noticeable in many architectures. MCP provides a standardized “language” for LLM agents so that developers do not have to laboriously program every inte…CSOONLINE.COM
4 AugInterlock Ransomware Uses ClickFix Exploit to Execute Malicious Commands on WindowsThe Interlock ransomware group was connected to several sophisticated cyber incidents that targeted firms in North America and Europe, according to a recent report published in July 2025 by eSentire’s Threat Response Unit (TRU). The group, active since September 2024, emplo…GBHACKERS.COM
4 AugCISA releases Thorium, an open-source, scalable platform for malware analysisThe US Cybersecurity and Infrastructure Security Agency (CISA) has released Thorium, a high-throughput open-source platform for automated malware and forensic file analysis. Developed in partnership with Sandia National Laboratories, Thorium is built to support software analysts,…CSOONLINE.COM
4 AugRansomware gangs join attacks targeting Microsoft SharePoint serversRansomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide. [...]BLEEPINGCOMPUTER.COM
4 AugMicrosoft PlayReady DRM Used by Netflix, Amazon, and Disney+ Allegedly Leaked OnlineDigital Rights Management (DRM) systems are essential for safeguarding premium streaming content against unauthorized access and piracy, with Microsoft’s PlayReady emerging as a cornerstone technology adopted by major platforms such as Netflix, Amazon Prime Video, and Disne…GBHACKERS.COM
4 AugRansomware attacks: The evolving extortion threat to US financial institutionsBefore sunrise on a chilly November morning, I got the kind of call no security leader ever wants. A mid-sized U.S. bank had been hit overnight hard. Customers couldn’t access their accounts, ATMs were non-functional and every screen in the company’s environment glowed with the s…CSOONLINE.COM
4 Aug⚡ Weekly Recap: VPN 0-Day, Encryption Backdoor, AI Malware, macOS Flaw, ATM Hack & MoreMalware isn’t just trying to hide anymore—it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or qu…THEHACKERNEWS.COM
4 AugMan-in-the-Middle Attack Prevention GuideSome of the most devastating cyberattacks don’t rely on brute force, but instead succeed through stealth. These quiet intrusions often go unnoticed until long after the attacker has disappeared. Among the most insidious are man-in-the-middle (MITM) attacks, where criminals …THEHACKERNEWS.COM
4 AugEarly Warning Signals: When Attacker Behavior Precedes New Vulnerabilitiessubmitted by kid to cybersecurity 3 points | 0 comments https://www.greynoise.io/resources/early-warning-signals-attacker-behavior-precedes-new-vulnerabilitiesSH.ITJUST.WORKS
4 AugAttackers exploit link-wrapping services to steal Microsoft 365 loginssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/attackers-exploit-link-wrapping-services-to-steal-microsoft-365-logins/SH.ITJUST.WORKS
4 AugNews alert: OpenSSL conference to convene experts on cryptograohy, compliance and open-sourceNewark, NJ, Aug. 4, 2025, CyberNewswire—Early Bird registration is now available for the inaugural OpenSSL Conference , scheduled for October 7–9, 2025, in Prague. The event will bring together leading voices in cryptography, secure systems, and open-source infrastructure. Early …LASTWATCHDOG.COM
4 AugNVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI ServersA newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers. "When chained together, these flaws can potent…THEHACKERNEWS.COM
4 AugWhy Every Cyber Lab Needs Proxmox 💥Cybersecurity pros are ditching expensive virtualization tools for one reason: Proxmox. In this short, Doug White breaks down why this free, open-source hypervisor is changing the game. From licensing freedom to automating entire lab environments with infrastructure as code, Prox…YOUTUBE.COM
4 AugThe Future of Cybersecurity Is Predicting You 😳Cybersecurity just got way smarter. In this short, Erika reveals how AI and quantum computing are joining forces to detect insider threats before they happen. By analyzing behavior patterns in real time, future security systems won’t just respond — they’ll predict. The line betwe…YOUTUBE.COM
4 AugZero Day Quest: Join the largest hacking event with up to $5 million in total bounty awardsLast year, we announced the largest hacking event in history: Zero Day Quest, with up to $4 million in bounty awards. The response from the global security community was incredible and helped improve security for our customers and partners. This year, Zero Day Quest is back with …MSRC.MICROSOFT.COM
4 AugHow Hackers Exploit Microsoft Teams in Social Engineering AttacksAttackers are using Microsoft Teams calls to trick users into installing the Matanbuchus malware loader, which frequently precedes ransomware deployment, according to researchers at Morphisec.KNOWBE4.COM
4 AugFashion giant Chanel hit in wave of Salesforce data theft attacksFrench fashion giant Chanel is the latest company to suffer a data breach in an ongoing wave of Salesforce data theft attacks. [...]BLEEPINGCOMPUTER.COM
4 AugThreat Actors Exploit AI to Scale Attacks and Target Autonomous AgentsAdversaries are using artificial intelligence (AI) to increase their operational efficiency in a fast-changing threat landscape. They are scaling attacks and focusing on autonomous AI agents that support contemporary enterprise ecosystems. According to frontline intelligence from…GBHACKERS.COM
4 AugSOC Visibility Triad is Now A Quad — SOC Visibility Quad 2025SOC Visibility Triad is Now A Quad — SOC Visibility Quad 2025 I will be really, really honest with you — I have been totally “writer-blocked” (more “analyst blocked”, really) and I decided to release it anyway today … given the date. But I am taking a leap of faith here… A bit of…MEDIUM.COM
4 AugRubrik & Sophos Enhance Cyber Resilience for Microsoft 365Cybersecurity attacks are rising sharply in 2025, and Microsoft has been one among many prominent targets. Research shows that 70 percent of M365 tenants have experienced account takeovers1 and 81 percent have encountered email compromise2. To mitigate this ongoing risk, Rubrik a…SOPHOS.COM
📢 SECURITY ADVISORIES 3[−]
4 AugHow ‘Plague’ infiltrated Linux systems without leaving a traceSecurity researchers have discovered an unusually evasive Linux backdoor, undetected even by VirusTotal, compromising systems as a malicious pluggable authentication module (PAM). Dubbed “Plague” by Nextron researchers, the stealthy backdoor lets attackers slip past authenticatio…CSOONLINE.COM
4 AugUS Announces $100 Million for State, Local and Tribal CybersecurityCISA and FEMA announced two grants of more than $100 million for state, local, and tribal governments looking to improve cybersecurity. The post US Announces $100 Million for State, Local and Tribal Cybersecurity appeared first on SecurityWeek .SECURITYWEEK.COM
4 AugFBI Issues Guidance on Thwarting North Korea’s Fraudulent IT SchemesThe FBI has issued an advisory warning that North Korean IT workers continue to seek fraudulent employment at Western companies.KNOWBE4.COM
🔥 INCIDENT REPORTING 13[−]
4 AugWeekly Enterprise Security News and Tips on Building Security From Day 1 - Guillaume Ross - ESW #418The Weekly Enterprise News (segments 1 and 2) This week, we’ve had to make some last minute adjustments, so we’re going to do the news first, split into two segments. This week, we’re discussing: 1. Some interesting funding 2. Two acquisitions - one picked up for $250M, the other…YOUTUBE.COM
4 AugNorthwest Radiologists Data Breach Impacts 350,000 WashingtoniansNorthwest Radiologists says the personal information of 350,000 Washington State residents was stolen in a January 2025 data breach. The post Northwest Radiologists Data Breach Impacts 350,000 Washingtonians appeared first on SecurityWeek .SECURITYWEEK.COM
4 AugShadowSyndicate Infrastructure Used by Multiple Ransomware Groups Including Cl0p, LockBit and RansomHubCybersecurity researchers have uncovered significant overlaps between the attack infrastructure of ShadowSyndicate, also known as Infra Storm by Group-IB, and several prominent ransomware-as-a-service (RaaS) operations. Active since July 2022, ShadowSyndicate has been linked to h…GBHACKERS.COM
4 AugBiggest-Ever Bitcoin Hack Uncovered: $3.5B Stolen in Silent BreachA massive cryptocurrency theft that remained hidden for over four years has been uncovered, revealing what may be the largest Bitcoin hack in history. LuBian, once one of the world’s most prominent Bitcoin mining pools, lost approximately $3.5 billion in a sophisticated att…GBHACKERS.COM
4 AugAverage global data breach cost now $4.44 million - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2025/08/04/ibm-cost-data-breach-report-2025/SH.ITJUST.WORKS
4 AugSonicWall firewall devices hit in surge of Akira ransomware attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/surge-of-akira-ransomware-attacks-hits-sonicwall-firewall-devices/SH.ITJUST.WORKS
4 AugPi-hole discloses data breach triggered by WordPress plugin flawsubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/pi-hole-discloses-data-breach-via-givewp-wordpress-plugin-flaw/SH.ITJUST.WORKS
4 AugNew Plague Linux malware stealthily maintains SSH accessA newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. [...]BLEEPINGCOMPUTER.COM
4 AugVietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords GloballyCybersecurity researchers are calling attention to a new wave of campaigns distributing a Python-based information stealer called PXA Stealer. The malicious activity has been assessed to be the work of Vietnamese-speaking cybercriminals who monetize the stolen data through a subs…THEHACKERNEWS.COM
4 AugRansomware gangs join attacks targeting Microsoft SharePoint serverssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/ransomware-gangs-join-attacks-targeting-microsoft-sharepoint-servers/SH.ITJUST.WORKS
4 AugCNCERT Accuses U.S. Intelligence of Cyberattacks on Chinese Military-Industrial TargetsChina’s National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT) has publicly accused U.S. intelligence agencies of orchestrating sophisticated cyberattacks against key military-industrial entities, building on the 2022 NSA breach at Northwes…GBHACKERS.COM
4 AugPXA Stealer Distributed via Telegram Harvests 200K Passwords and Credit Card DataSentinelLABS and Beazley Security have uncovered a sophisticated infostealer campaign deploying the Python-based PXA Stealer, which has rapidly evolved since late 2024 to incorporate advanced anti-analysis techniques, decoy content, and hardened command-and-control (C2) infrastru…GBHACKERS.COM
4 AugRansomware Hits Phone Repair & Insurance Firm, Causing Millions in DamageWilhelm Einhaus, a businessman from Bockum-Hövel, Germany, pioneered cell phone insurance services, establishing a robust network that integrated innovative offerings like a 24-hour repair and replacement program. His enterprise expanded rapidly, partnering with major telecommuni…GBHACKERS.COM
🕵️ THREAT INTELLIGENCE 32[−]
4 AugLazarus Group rises again, this time with fake FOSSsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/08/04/infosec_in_brief/INFOSEC.PUB
4 AugISC Stormcast For Monday, August 4th, 2025 https://isc.sans.edu/podcastdetail/9554, (Mon, Aug 4th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
4 AugGene Sequencing Giant Illumina Settles for $9.8M Over Product VulnerabilitiesIllumina will pay $9.8 million to settle accusations that products provided to the US government were affected by cybersecurity flaws. The post Gene Sequencing Giant Illumina Settles for $9.8M Over Product Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
4 AugSeveral Vulnerabilities Patched in AI Code Editor CursorAttackers could silently modify sensitive MCP files to trigger the execution of arbitrary code without requiring user approval. The post Several Vulnerabilities Patched in AI Code Editor Cursor appeared first on SecurityWeek .SECURITYWEEK.COM
4 AugNorth Korea Hiding Malware Within JPEG Files to Attack Windows Systems Bypassing DetectionsSecurity researchers at Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean-linked APT37 threat group, which employs steganography to conceal malicious payloads within seemingly innocuous JPEG image files. This …GBHACKERS.COM
4 AugFirst Sentencing in Scheme to Help North Koreans Infiltrate US CompaniesAn Arizona woman was sentenced to eight-and-a-half years in prison for her role helping North Korean workers infiltrate US companies by pretending to be US workers. From an article : According to court documents , Chapman hosted the North Korean IT workers’ computers in her…SCHNEIER.COM
4 AugAPT36 Targets Indian Infrastructure with Desktop Lures and Poseidon Backdoorsubmitted by kid to cybersecurity 1 points | 0 comments https://hunt.io/blog/apt36-india-infrastructure-attacksSH.ITJUST.WORKS
4 AugCybersecurity M&A Roundup: 44 Deals Announced in July 2025Forty-four cybersecurity merger and acquisition (M&A) deals were announced in July 2025. The post Cybersecurity M&A Roundup: 44 Deals Announced in July 2025 appeared first on SecurityWeek .SECURITYWEEK.COM
4 AugSearch Engines are Indexing ChatGPT Conversations! - Here is our OSINT Researchsubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/chatgpt-conversations-search-engines/SH.ITJUST.WORKS
4 AugThreat actor uses AI to create a better crypto wallet drainersubmitted by kid to cybersecurity 2 points | 0 comments https://getsafety.com/blog-posts/threat-actor-uses-ai-to-create-a-better-crypto-wallet-drainerSH.ITJUST.WORKS
4 AugAI-powered Cursor IDE vulnerable to prompt-injection attackssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/ai-powered-cursor-ide-vulnerable-to-prompt-injection-attacks/SH.ITJUST.WORKS
4 AugSean Cairncross Confirmed by Senate as National Cyber DirectorThe US Senate voted to confirm Sean Cairncross as the National Cyber Director, five months after nominalization. The post Sean Cairncross Confirmed by Senate as National Cyber Director appeared first on SecurityWeek .SECURITYWEEK.COM
4 AugHackers Leverage AI to Craft Malicious NPM Package That Drains Crypto WalletsSecurity researchers at Safety have uncovered an AI-generated malicious NPM package dubbed @kodane/patch-manager, engineered as an advanced cryptocurrency wallet drainer. This package, posing as a benign “NPM Registry Cache Manager” for license validation and registry…GBHACKERS.COM
4 AugAI Guardrails Under Fire: Cisco’s Jailbreak Demo Exposes AI Weak PointsCisco’s latest jailbreak method reveals just how easily sensitive data can be extracted from chatbots trained on proprietary or copyrighted content. The post AI Guardrails Under Fire: Cisco’s Jailbreak Demo Exposes AI Weak Points appeared first on SecurityWeek .SECURITYWEEK.COM
4 AugMozilla Issues Warning on Phishing Campaign Targeting Add-on Developer AccountsMozilla has issued an urgent security warning to Firefox add-on developers following the detection of a sophisticated phishing campaign targeting accounts on the Add-ons Mozilla Organization (AMO) platform. The alert, published by Scott DeVaney from Mozilla’s Add-ons Commun…GBHACKERS.COM
4 AugNorth Korean spies posing as remote workers have infiltrated hundreds of companies, says CrowdStrikeNorth Korean IT workers are increasingly using generative AI to draft resumes and "deepfake" their appearances to make money for North Korea's sanctioned nuclear weapons program.TECHCRUNCH.COM
4 AugAI Thirst Traps Are Real… And They’re Writing Your News 😳AI just got weird. In this short, cybersecurity expert Doug White jokes about AI thirst traps—yes, seductive AIs—being used to manipulate other AIs into generating content for humans. It’s absurd, hilarious, and terrifying all at once. If you think deepfakes were the peak of digi…YOUTUBE.COM
4 AugMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 2 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
4 AugMeet the Browser That Thinks Each Tab is a Spy 😎This cybersecurity pro just uncovered a wild browser trick — each tab gets its own IP address! 🤯 In this short, Doug White breaks down how the SILO browser (yep, pronounced like “psycho” 😅) assigns unique IPs per tab to outsmart trackers and fingerprinting tools. Is it brilliant …YOUTUBE.COM
4 AugOAuth-Apps für M365-Phishing missbrauchtGefälschte OAuth-Apps eröffnen Angreifern neue Wege, um Microsoft-Konten zu kapern. janews – Shutterstock.com Bedrohungsakteure haben einen neuen, smarten Weg aufgetan, Microsoft-365-Konten zu kompromittieren . Wie Proofpoint herausgefunden hat, erstellen sie dazu zunehmend gefäl…CSOONLINE.COM
4 AugMicrosoft Entra Suite delivers 131% ROI by unifying identity and network accessAccording to a new Forrester Total Economic Impact™ study, organizations using the Microsoft Entra Suite achieved a 131% ROI, $14.4 million in benefits, and payback in less than six months. The post Microsoft Entra Suite delivers 131% ROI by unifying identity and network access a…MICROSOFT.COM
4 AugIf You Think Social Engineering Is Bad, It’s Going To Get WorseThere is no other way to say it clearer, social engineering is going to be a lot, lot worse soon and far more successful than it is today. And that’s saying a lot. It’s already pretty bad.KNOWBE4.COM
4 AugNvidia Triton Vulnerabilities Pose Big Risk to AI ModelsNvidia has patched over a dozen vulnerabilities in Triton Inference Server, including another set of vulnerabilities that threaten AI systems. The post Nvidia Triton Vulnerabilities Pose Big Risk to AI Models appeared first on SecurityWeek .SECURITYWEEK.COM
4 AugNew ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theftsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/08/new-plague-pam-backdoor-exposes.htmlSH.ITJUST.WORKS
4 AugFrom Laptops to Laundromats: How DPRK IT Workers Infiltrated the Global Remote Economy - DomainTools Investigations | DTIsubmitted by kid to cybersecurity 1 points | 0 comments https://dti.domaintools.com/from-laptops-to-laundromats-how-dprk-it-workers-infiltrated-the-global-remote-economy/SH.ITJUST.WORKS
4 AugData Centers Are Breaking Workload Identity Systems 😳Workload identity is one of the most complex and unsolved challenges in cybersecurity. In this short, Sergey Gorbaty reveals why it’s still a nightmare for professionals and how data center configurations can completely break identity patterns. From app lifetime to deployment var…YOUTUBE.COM
4 AugNew Malware Attack Uses LNK Files to Deploy REMCOS Backdoor on Windows SystemsThe investigation began with the detection of two scanning IP addresses, 91.238.181[.]225 and 5.188.86[.]169 sharing a common Secure Shell (SSH) fingerprint (b5:4c:ce:68:9e:91:39:e8:24:b6:e5:1a:84:a7:a1:03). Cybersecurity researchers have uncovered a sophisticated multi-stage mal…GBHACKERS.COM
4 Aug30% of Code Is Already AI-Generated… So What Now?AI is no longer a future threat—it’s today’s coworker. In this short, Rey Bango breaks down how tech giants like Meta and Microsoft are already using AI to generate up to 30% of their code. Cybersecurity professionals, developers, and IT teams are now facing a major shift: adapt,…YOUTUBE.COM
4 AugModular Malware Suite Sold by Threat Actors Through Public Storefront DomainsA threat actor operating under the moniker Cyber Products has established a public-facing storefront at cyberproducts[.]io to distribute their modular malware suite, dubbed Cyber Stealer. This development marks a shift toward overt commercialization of malicious tools, with addit…GBHACKERS.COM
4 Aug$4M Lost in Noise? The Cyber Alert Crisis 😱Every day, companies are drowning in cybersecurity alerts—some pushing 1,000+ daily with zero context. In this short, Erik Bloch breaks down how that noise stacks up to $4 million a year in hidden costs for mid-sized businesses. It’s not just about Splunk or Wiz—it’s a warning to…YOUTUBE.COM
4 AugYou Can't Fix Everything—Here's What To Fix First!When it comes to cyber risk, most professionals try to fix everything—but Alla Valente shares why that’s a mistake. In this short, she explains how true cybersecurity success means aligning risk mitigation with strategic business goals. If it won’t disrupt the bigger picture, may…YOUTUBE.COM
4 AugYour Trusted Vendor Might Be the Problem 👀Just because you’ve known a third-party provider for years doesn’t mean their systems are secure. In this short, Doug White hilariously breaks down why Zero Trust architecture isn’t just a buzzword—it’s survival. From outdated systems to blind trust, he paints a vivid picture of …YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
4 AugPlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta AdsCybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. "The botnet's rapid growth, which now exceeds 2,000 new in…THEHACKERNEWS.COM
4 AugCTM360 spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop usersThe ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. [...]BLEEPINGCOMPUTER.COM
4 AugCTM360 spots Malicious ‘FraudOnTok’ Campaign Targeting TikTok Shop usersThe ClickTok campaign lures victims with fake TikTok shops and drains their crypto wallets. CTM360 exposes how SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 8[−]
4 AugMozilla warns of phishing attacks targeting add-on developersMozilla has warned browser extension developers of an active phishing campaign targeting accounts on its official AMO (addons.mozilla.org) repository. [...]BLEEPINGCOMPUTER.COM
4 AugThe Wild West of Shadow ITEveryone’s an IT decision-maker now. The employees in your organization can install a plugin with just one click, and they don’t need to clear it with your team first. It’s great for productivity, but it’s a serious problem for your security posture. When the floodgates of SaaS a…THEHACKERNEWS.COM
4 AugHow users are losing money to deepfake ads on Instagram | Kaspersky official blogScammers use deepfake video ads on Instagram to lure users into investment schemes and siphon money through private WhatsApp chats.KASPERSKY.COM
4 AugPerplexity accused of scraping websites that explicitly blocked AI scrapingInternet giant Cloudflare says it detected Perplexity crawling and scraping websites, even after customers had added technical blocks telling Perplexity not to scrape their pages.TECHCRUNCH.COM
4 AugMicrosoft: Outdated Office apps lose access to voice features in JanuaryMicrosoft announced that the transcription, dictation, and read aloud features will stop working in older versions of Office 365 applications in late January 2026. [...]BLEEPINGCOMPUTER.COM
4 AugNew Feature: Daily Trends Report, (Mon, Aug 4th)I implemented a new report today, the "Daily Trends" report. It summarizes noteworthy data received from our honeypot. As with everything, it will improve if you provide feedback :) ISC.SANS.EDU
4 AugProton fixes Authenticator bug leaking TOTP secrets in logsProton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared. [...]BLEEPINGCOMPUTER.COM
4 AugGoogle says its AI-based bug hunter found 20 security vulnerabilitiesThe discoveries by an AI-based bug hunter are significant, as it shows these tools are starting to get real results, even if they still need a human.TECHCRUNCH.COM