112Articles
8Categories
2025-08-06Date
🚨 CISA KEV 2[−]
6 Aug KEVCISA Adds 3 D-Link Router Flaws to KEV Catalog After Active Exploitation ReportsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities, which…THEHACKERNEWS.COM
6 Aug KEVCISA Releases Malware Analysis Report Associated with Microsoft SharePoint VulnerabilitiesCISA published a Malware Analysis Report (MAR) with analysis and associated detection signatures on files related to Microsoft SharePoint vulnerabilities: CVE-2025-49704 [ CWE-94: Code Injection ], CVE-2025-49706 [ CWE-287: Improper Authentication ], CVE-2025-53770 [ CWE-502: Des…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
6 AugMCPoison Attack Abuses Cursor IDE to Run Arbitrary System CommandsCybersecurity researchers have uncovered a critical vulnerability in Cursor IDE that allows attackers to execute arbitrary system commands through a sophisticated trust bypass mechanism, potentially compromising developer workstations across collaborative coding environments. Che…GBHACKERS.COM
6 Aug KEVTrend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise SystemsTrend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities (CVE-2025-54948 and CVE-2025-54987), both rated 9.4 on the CVSS scoring system, have bee…THEHACKERNEWS.COM
6 AugAkira affiliates abuse legitimate Windows drivers to evade detection in SonicWall attacksThreat researchers at GuidePoint Security have uncovered Akira affiliates abusing legitimate Windows drivers in a previously unreported tactic, even as the ransomware strain intensifies its targeting of SonicWall firewalls. According to GuidePoint’s threat intelligence consultant…CSOONLINE.COM
6 AugMAR-251132.c1.v1 Exploitation of SharePoint VulnerabilitiesNotification This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in…CISA.GOV
6 AugCVE-2025-53786 Microsoft Exchange Server Hybrid Deployment Elevation of Privilege VulnerabilityOn April 18th 2025, Microsoft announced [Exchange Server Security Changes for Hybrid Deployments](https://techcommunity.microsoft.com/blog/exchange/exchange-server-security-changes-for-hybrid-deployments/4396833) and accompanying non-security [Hot Fix](https://techcommunity.micro…MSRC.MICROSOFT.COM
6 AugReVault flaws let attackers bypass Windows login or place malware implants on Dell laptopsFlaws in the firmware that ships with more than 100 models of Dell business laptops compromise the hardware designed to secure passwords and biometric data. Vulnerabilities in the ControlVault3 (CV) firmware in Dell laptops, discovered by security researchers from Cisco Talos, al…CSOONLINE.COM
6 AugMicrosoft Releases Guidance on High-Severity Vulnerability (CVE-2025-53786) in Hybrid Exchange DeploymentsNote: This Alert may be updated to reflect new guidance issued by CISA or other parties.   CISA is aware of the newly disclosed high-severity vulnerability, CVE-2025-53786 , that allows a cyber threat actor with administrative access to an on-premise Microsoft Exchange serve…CISA.GOV
⚠️ VULNERABILITY DISCLOSURE 42[−]
6 AugWie Model Context Protocol gehackt wirdsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/07/Victor-Moussa-shutterstock_1708840009_16z9.jpg?quality=50&strip=all 4262w, https://b2b-contenthub.com/wp-content/uploads/2025/07/Victor-Moussa-shutterstock_1708840009_16z9.jpg?resize=300%2C168&quality=50&st…CSOONLINE.COM
6 Aug KEVCISA Alerts on Ongoing Exploits Targeting D-Link Device VulnerabilitiesThe Cybersecurity and Infrastructure Security Agency (CISA) has escalated its campaign to protect U.S. networks by adding three newly exploited D-Link device vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. The alert, issued on August 5, 2025, emphasizes a ri…GBHACKERS.COM
6 AugMillions of Dell PCs at Risk from Broadcom Vulnerability Enabling Remote HijackCybersecurity researchers at Cisco Talos have discovered five critical vulnerabilities in Dell’s ControlVault3 security hardware that could affect millions of business laptops worldwide. The flaws, collectively dubbed “ReVault,” enable attackers to remotely hija…GBHACKERS.COM
6 AugHow cybersecurity leaders are securing AI infrastructuresWith every new technological revolution, new security risks appear, but in the rush to deploy the new technologies such as generative AI, security is often an afterthought. Enterprises have been rushing to roll out AI throughout their organizations with only minimal attention to …CSOONLINE.COM
6 AugCybersecurity Threats and Trends: From North Korean Spies to AI-Driven AttacksIn this episode, host Jim Love explores a variety of pressing cybersecurity threats and developments. The episode begins with an invitation for listeners to share their summer reading choices. The main content highlights include North Korean operatives infiltrating US companies t…CYBERSECURITYTODAY.LIBSYN.COM
6 Aug KEVTrend Micro Apex One Hit by Actively Exploited RCE VulnerabilityTrend Micro has issued an urgent security bulletin warning customers of critical remote code execution vulnerabilities in its Apex One on-premise management console that are being actively exploited by attackers in the wild. The cybersecurity company disclosed two command injecti…GBHACKERS.COM
6 AugCERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons LuresThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country. The attacks, which leverage phi…THEHACKERNEWS.COM
6 AugAdobe AEM Forms 0-Day Vulnerability Allows Attackers to Run Arbitrary CodeAdobe has released critical security updates for Adobe Experience Manager (AEM) Forms on Java Enterprise Edition following the discovery of two severe vulnerabilities that could enable attackers to execute arbitrary code and read sensitive files from affected systems. Critical Se…GBHACKERS.COM
6 AugChinese Hackers Breach Exposes 115 Million U.S. Payment CardsSecurity researchers have uncovered a highly advanced network of Chinese-speaking cybercriminal syndicates orchestrating smishing attacks that exploit digital wallet tokenization, potentially compromising up to 115 million payment cards in the United States alone. These operation…GBHACKERS.COM
6 AugSay Easy, Do Hard - AI Governance in the Supply Chain - Nick Mistry, Richard Bird - BSW #407Recent findings of AI ecosystem insecurities and attacks show the importance of needing AI governance in the supply chain. And this supply chain is rapidly expanding to include not only open-source software but also collaborative platforms where custom models, agents, prompts, an…YOUTUBE.COM
6 AugAdobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoCAdobe has released urgent security updates to resolve two AEM Forms vulnerabilities for which proof-of-concept (PoC) code exists. The post Adobe Issues Out-of-Band Patches for AEM Forms Vulnerabilities With Public PoC appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugChinese Hackers Exploit SharePoint Flaws to Deploy Backdoors, Ransomware, and LoadersUnit 42 researchers have identified significant overlaps between Microsoft’s reported ToolShell exploit chain targeting SharePoint vulnerabilities and a tracked activity cluster dubbed CL-CRI-1040. This cluster, active since at least March 2025, deploys a custom malware sui…GBHACKERS.COM
6 Aug KEVTrend Micro warns of Apex One zero-day exploited in attacksTrend Micro has warned customers to immediately secure their systems against an actively exploited remote code execution vulnerability in its Apex One endpoint security platform. [...]BLEEPINGCOMPUTER.COM
6 AugAkira Ransomware Uses Windows Drivers to Bypass AV/EDR in SonicWall AttacksSecurity researchers have identified a sophisticated new tactic employed by Akira ransomware operators, who are exploiting legitimate Windows drivers to evade antivirus and endpoint detection systems while targeting SonicWall VPN infrastructure. This development represents a sign…GBHACKERS.COM
6 AugRockwell Arena Simulation Flaws Allow Remote Execution of Malicious CodeRockwell Automation has disclosed three critical memory corruption vulnerabilities in its Arena Simulation software that could allow attackers to execute malicious code remotely. The vulnerabilities, discovered during routine internal testing, affect all versions of Arena Simulat…GBHACKERS.COM
6 AugPandora Jewellery Hit by Cyberattack, Customer Data CompromisedPandora, the world-renowned Danish jewelry retailer, recently suffered a major cybersecurity incident involving unauthorized access to customer information through a third-party vendor platform. The company confirmed the cyberattack was promptly identified and contained, with imm…GBHACKERS.COM
6 AugGoogle says hackers stole its customers’ data in a breach of its Salesforce databaseGoogle confirmed that one of its cloud-stored Salesforce databases was breached, exposing its customer data. Google attributed the breach to a hacking group, ShinyHunters, known for breaking into Salesforce databases.TECHCRUNCH.COM
6 AugSpyCloud Enhances Investigations Solution with AI-Powered Insights – Revolutionizing Insider Threat and Cybercrime AnalysisSpyCloud Investigations, now with AI Insights, empowers security teams to act decisively with finished intelligence built from billions of breach, malware, and phishing records. SpyCloud , the leader in identity threat protection, today announced a significant enhancement to its …CSOONLINE.COM
6 AugPandora confirms data breach amid ongoing Salesforce data theft attackssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/pandora-confirms-data-breach-amid-ongoing-salesforce-data-theft-attacks/SH.ITJUST.WORKS
6 AugFake Antivirus App Delivers LunaSpy Malware to Android DevicesA sophisticated cybercrime campaign has been discovered targeting Android users through fake antivirus applications that actually deliver LunaSpy spyware to victims’ devices. Security researchers have identified this malicious operation as an active threat that exploits use…GBHACKERS.COM
6 AugWhatsApp Adds Security Feature to Help Users Spot and Avoid Malicious MessagesWhatsApp is rolling out enhanced security measures to combat the surge in scam messages targeting users worldwide, as criminal organizations increasingly exploit messaging platforms to defraud unsuspecting victims. The new features come as federal authorities report a dramatic sp…GBHACKERS.COM
6 AugGoogle suffers data breach in ongoing Salesforce data theft attacksGoogle is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group. [...]BLEEPINGCOMPUTER.COM
6 AugMFA matters… But it isn’t enough on its ownMFA blocks 99% of attacks—but weak passwords still let attackers in. Specops helps you enforce strong password policies and MFA everywhere, so one layer doesn't undo the other. Book your free trial today. [...]BLEEPINGCOMPUTER.COM
6 AugReVault! When your SoC turns against you…submitted by cm0002 to cybersecurity 1 points | 0 comments https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you/ Security researchers at Cisco Talos discovered critical vulnerabilities in Dell’s ControlVault3 hardware security module that affect over 100 Del…INFOSEC.PUB
6 Aug KEVTrend Micro Patches Apex One Vulnerabilities Exploited in WildTrend Micro has rushed to fix two Apex One zero-days that may have been exploited by Chinese threat actors. The post Trend Micro Patches Apex One Vulnerabilities Exploited in Wild appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugUAC-0099 Hackers Weaponize HTA Files to Deploy MATCHBOIL Loader MalwareUAC-0099 is a threat actor organization that has been targeting state officials, defense forces, and defense-industrial firms in a series of sophisticated cyberattacks that Ukraine’s CERT-UA has been investigating. The attacks typically initiate with phishing emails from UK…GBHACKERS.COM
6 AugMillions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attackssubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/dell-laptops-vulnerability/SH.ITJUST.WORKS
6 AugNew Ghost Calls tactic abuses Zoom and Microsoft Teams for C2 operationsA new post-exploitation command-and-control (C2) evasion method called 'Ghost Calls' abuses TURN servers used by conferencing apps like Zoom and Microsoft Teams to tunnel traffic through trusted infrastructure. [...]BLEEPINGCOMPUTER.COM
6 AugGoogle Discloses Salesforce HackA Google Salesforce instance may have been targeted as part of a ShinyHunters campaign that hit several major companies. The post Google Discloses Salesforce Hack appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugGoogle suffers data breach in ongoing Salesforce data theft attackssubmitted by TehBamski to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/google-suffers-data-breach-in-ongoing-salesforce-data-theft-attacks/INFOSEC.PUB
6 AugAdobe issues emergency fixes for AEM Forms zero-days after PoCs releasedsubmitted by TehBamski to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/adobe-issues-emergency-fixes-for-aem-forms-zero-days-after-pocs-released/INFOSEC.PUB
6 AugBlack Hat Fireside Chat: Inside the ‘Mind of a Hacker’ — A10’s plan for unified threat detectionIn today’s threat landscape, attackers are no longer just exploiting technical flaws — they’re exploiting business logic. Think gaps in workflows, permissions, and overlooked assumptions in how applications behave. This subtle shift is creating powerful new footholds …LASTWATCHDOG.COM
6 AugClickOnce Just Got Weaponized...A silent cybersecurity threat is rising... In this short, Doug White breaks down how attackers are exploiting Microsoft’s ClickOnce feature to deploy Golang backdoors against the energy sector. What was once a tool for seamless updates is now a hacker’s favorite entry point. Simp…YOUTUBE.COM
6 AugThreat Actors Exploit Smart Contracts to Drain Over $900K from Crypto WalletsSentinelLABS has exposed a sophisticated series of cryptocurrency scams where threat actors distribute malicious smart contracts masquerading as automated trading bots, resulting in the drainage of user wallets exceeding $900,000 USD. These scams leverage obfuscated Solidity code…GBHACKERS.COM
6 AugAkira and Lynx Ransomware Target MSPs Using Stolen Credentials and Exploited VulnerabilitiesThe Acronis Threat Research Unit (TRU) dissected recent samples from the Akira and Lynx ransomware families, revealing incremental enhancements in their ransomware-as-a-service (RaaS) models and double-extortion strategies. Both groups leverage stolen credentials, VPN vulnerabili…GBHACKERS.COM
6 AugEnterprise Secrets Exposed by CyberArk Conjur VulnerabilitiesCyberArk has patched several vulnerabilities that could be chained for unauthenticated remote code execution. The post Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugWhy Hackers Don’t Need Viruses AnymoreMost people think hackers need to install viruses to break into systems—but that’s outdated. In this short, cybersecurity expert Doug White explains how attackers now use a stealthy method called "living off the land" to exploit legit tools already inside your system. No download…YOUTUBE.COM
6 AugMajor Enterprise AI Assistants Can Be Abused for Data Theft, ManipulationZenity has shown how AI assistants such as ChatGPT, Copilot, Cursor, Gemini, and Salesforce Einstein can be abused using specially crafted prompts. The post Major Enterprise AI Assistants Can Be Abused for Data Theft, Manipulation appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugSparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive ToolsPersistent trend in open-source offensive tooling & implications for defendersF5.COM
6 AugSparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive ToolsPersistent trend in open-source offensive tooling & implications for defendersF5.COM
6 AugRisky Business #801 -- AI models can hack well now and it's weirding us outOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news. Google security engineering VP Heather Adkins drops by to talk about their AI bug hunter, and Risky Business producer Amberleigh Jack makes her main show debut. This episode explores the rise…RISKY.BIZ
📢 SECURITY ADVISORIES 11[−]
6 AugThe Semiconductor Industry and Regulatory ComplianceEarlier this week, the Trump administration narrowed export controls on advanced semiconductors ahead of US-China trade negotiations. The administration is increasingly relying on export licenses to allow American semiconductor firms to sell their products to Chinese customers, w…SCHNEIER.COM
6 AugThreat Actors Weaponizing RMM Tools to Gain System Control and Exfiltrate DataAdversaries are using Remote Monitoring and Management (RMM) tools more frequently as dual-purpose weapons for initial access and persistence in the constantly changing world of cyber threats. These legitimate software solutions, typically employed by IT professionals for system …GBHACKERS.COM
6 AugAI Slashes Workloads for vCISOs by 68% as SMBs Demand More – New Report RevealsAs the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent re…THEHACKERNEWS.COM
6 AugWho Got Arrested in the Raid on the XSS Crime Forum?On July 22, 2025, the European police agency Europol said a long-running investigation led by the French Police resulted in the arrest of a 38-year-old administrator of XSS, a Russian-language cybercrime forum with more than 50,000 members. The action has triggered an ongoing fre…KREBSONSECURITY.COM
6 AugSophisticated DevilsTongue Spyware Tracks Windows Users WorldwideInsikt Group has uncovered new infrastructure tied to the Israeli spyware vendor Candiru, now operating under Saito Tech Ltd., highlighting the persistent deployment of its advanced DevilsTongue malware. Utilizing Recorded Future Network Intelligence, researchers identified eight…GBHACKERS.COM
6 AugWait...Cybersecurity Makes You Money? 💰Most people think cybersecurity is just about protection—but Alla Valente flips the script. In this clip, she reveals how cybersecurity isn't just about avoiding loss... it's about driving value. When boards realize it's not compliance—it’s performance—they finally start listenin…YOUTUBE.COM
🔥 INCIDENT REPORTING 11[−]
6 AugPBS confirms data breach after employee info leaked on Discord serverssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/pbs-confirms-data-breach-after-employee-info-leaked-on-discord-servers/SH.ITJUST.WORKS
6 AugCisco User Data Stolen in Vishing Attacksubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/cisco-user-data-stolen-vishing-attackSH.ITJUST.WORKS
6 AugOver 1 Million Impacted by DaVita Data BreachDaVita has notified over 1 million individuals that their personal and health information was stolen in a ransomware attack. The post Over 1 Million Impacted by DaVita Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugRapid Breach: Social Engineering to Remote Access in 300 Seconds | NCC Groupsubmitted by kid to cybersecurity 1 points | 0 comments https://www.nccgroup.com/research-blog/rapid-breach-social-engineering-to-remote-access-in-300-seconds/SH.ITJUST.WORKS
6 AugBeyond Traditional Defenses: Why French Cyber Resilience Needs to ImproveIn today's world, cyberattacks are a constant threat. While technical defenses are crucial, people often remain the easiest attack vector for cybercriminals.KNOWBE4.COM
6 AugHow to Build Security BEFORE the First Line of CodeWhen it comes to cybersecurity, most teams wait too long to act. In this Short, Erika breaks down why involving security experts before a single line of code is written can save companies from massive breaches. She explains how to build "security by design," the dangers of skippi…YOUTUBE.COM
6 AugUkraine claims to have hacked secrets from Russia’s newest nuclear submarineUkraine's Defence Intelligence agency (HUR) claims that its hackers have successfully stolen secret files and classified data on a state-of-the-art Russian nuclear submarine, the “Knyaz Pozharsky." Read more in my article on the Hot for Security blog.BITDEFENDER.COM
6 AugWhy Hardcoded Tokens Are a Cybersecurity Nightmare!A fast-paced glimpse into a common developer mistake that quietly grows into a major security threat. Fernando breaks down how hardcoded tokens, added “just for now,” can spread through an app like wildfire—especially when things scale fast. It’s the kind of oversight that sneaks…YOUTUBE.COM
6 AugRansomware plunges insurance company into bankruptcyCollapsed company's founder says that its fortunes were hampered by the refusal of authorities to release the criminals' seized funds to victims. Read more in my article on the Fortra blog.FORTRA.COM
6 AugSocial Engineering Attacks Surged in the First Half of 2025Cybersecurity incidents nearly tripled in the first half of 2025, jumping from 6% in the second half of 2024 to 17% in 2025, according to a new report from LevelBlue.KNOWBE4.COM
6 AugAkira ransomware abuses CPU tuning tool to disable Microsoft DefenderAkira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 26[−]
6 AugISC Stormcast For Wednesday, August 6th, 2025 https://isc.sans.edu/podcastdetail/9558, (Wed, Aug 6th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
6 Aug10 Best IT Asset Management Tools in 2025In today’s fast-paced digital landscape, effective IT Asset Management (ITAM) is crucial for organizations to maintain control over their hardware, software, and cloud assets. Modern ITAM tools in 2025 are evolving beyond simple inventory management, incorporating AI and ma…GBHACKERS.COM
6 AugMicrosoft unveils Project Ire, a prototype AI system that can reverse engineer and identify malicious software autonomously, without human assistancesubmitted by Pro to cybersecurity 1 points | 0 comments https://www.microsoft.com/en-us/research/blog/project-ire-autonomously-identifies-malware-at-scale/INFOSEC.PUB
6 AugBlack Hat USA 2025 – Summary of Vendor Announcements (Part 2)Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 2) appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugThreat Actors Poison Bing Search Results to Distribute Bumblebee Malware via ‘ManageEngine OpManager’ QueriesThreat actors leveraged SEO poisoning techniques to manipulate Bing search results, directing users querying for “ManageEngine OpManager” to a malicious domain, opmanager[.]pro. This site distributed a trojanized MSI installer named ManageEngine-OpManager.msi, which c…GBHACKERS.COM
6 AugFlaws Expose 100 Dell Laptop Models to Implants, Windows Login BypassReVault vulnerabilities in the ControlVault3 firmware in Dell laptops could lead to firmware modifications or Windows login bypass. The post Flaws Expose 100 Dell Laptop Models to Implants, Windows Login Bypass appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugReVault flaws let hackers bypass Windows login on Dell laptopsControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls. [...]BLEEPINGCOMPUTER.COM
6 AugCybersecurity Services, Solutions & Products. Global Provider | Group-IBsubmitted by kid to cybersecurity 2 points | 0 comments https://www.group-ib.com/blog/voice-deepfake-scams/SH.ITJUST.WORKS
6 AugPortkey Fortifies Its AI Gateway with the Prisma AIRS PlatformIn a move designed to bolster the security of rapidly expanding AI ecosystems, we’ve teamed up with Portkey, AI gateway provider, to integrate the comprehensive Prisma AIRS® security platform directly into Portkey's … The post Portkey Fortifies Its AI Gateway with the Prism…PALOALTONETWORKS.COM
6 AugSmart Contract Scams | Ethereum Drainers Pose as Trading Bots to Steal Crypto | SentinelOnesubmitted by kid to cybersecurity 1 points | 0 comments https://www.sentinelone.com/labs/smart-contract-scams-ethereum-drainers-pose-as-trading-bots-to-steal-crypto/SH.ITJUST.WORKS
6 AugOx Security Launches AI Agent That Auto-Generates Code to Fix VulnerabilitiesAn AI extension to the Ox Security platform automatically generates organization specific code to fix vulnerabilities in the codebase. The post Ox Security Launches AI Agent That Auto-Generates Code to Fix Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
6 AugMicrosoft Paid Out $17 Million in Bug Bounties in Past YearMicrosoft handed out $17 million in rewards to 344 security researchers through its bug bounty programs over the past year. The post Microsoft Paid Out $17 Million in Bug Bounties in Past Year appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugCAPTCHAgeddon: Fake CAPTCHA Used in New ClickFix Attack to Deploy Malware PayloadClickFix, which began as a red-team simulation tool in September 2024, has quickly developed into a widespread malware delivery system that outcompetes its predecessors, such as the ClearFake phony browser update fraud. Initially demonstrated by security researcher John Hammond f…GBHACKERS.COM
6 AugKimsuky APT Uses LNK Files to Deploy Reflective Malware and Evade Windows Defendersubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/kimsuky-apt-uses-lnk-files-to-deploy-reflective-malware/SH.ITJUST.WORKS
6 AugThreat Actors Use GenAI to Launch Phishing Attacks Mimicking Government WebsitesThreat actors are increasingly leveraging generative AI (GenAI) tools to craft highly convincing phishing websites that impersonate legitimate government portals. As highlighted by Zscaler ThreatLabz in their recent reports and blogs, the dual nature of GenAI empowering productiv…GBHACKERS.COM
6 AugWhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta SaysMeta linked these scams to a criminal scam center in Cambodia — and said it disrupted the campaign in partnership with ChatGPT maker OpenAI. The post WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers, Meta Says appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugPLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious LoginsSplunk researchers developed a system to fingerprint post-logon behavior, using AI to find subtle signals of intrusion. The post PLoB: A Behavioral Fingerprinting Framework to Hunt for Malicious Logins appeared first on SecurityWeek .SECURITYWEEK.COM
6 AugDo You Trust AI to Write Secure Code? 😳Developers are loving AI coding assistants, but cybersecurity experts are asking the real question: Can you actually trust the code it writes? 🤖 Rey Bango and Mike dive into the risks of relying on auto-generated code and why trust is more critical than ever in software developme…YOUTUBE.COM
6 AugSharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practicesWe’re excited to launch SFI patterns and practices: a new library of actionable guidance designed to help organizations implement security measures at scale. This launch marks a next step in our journey to make our SFI learnings practical for our customers, partners, and broader …MICROSOFT.COM
6 AugAI Tools Are Just SOAR 2.0?! 😳Security experts Erik Bloch and Adrian Sanabria drop a truth bomb on modern AI cybersecurity tools. 🚨 The hype feels way too familiar—just like the promises made by SOAR companies a decade ago. Are we solving old problems with shiny new wrappers? Or are we falling for the same pi…YOUTUBE.COM
6 AugGov+submitted by griff to cybersecurity 1 points | 0 comments https://www.bbb.org/scamtracker/lookupscam/697511 Gov+ is a scam site (govplus.com) which takes a $98 TSA Precheck application fee and provides nothing in return. When you go to the actual TSA Pre-Check appointment, you ar…SH.ITJUST.WORKS
6 AugMustang Panda Targets Windows Users with ToneShell Malware Disguised as Google ChromeThe China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific and Europe. Active since at…GBHACKERS.COM
6 AugHow AI Is Changing Your Role – Forever.AI is rewriting the rules in cybersecurity—and fast. In this short, Joshua Marpet explains how traditional cybersecurity job roles are being reshaped by artificial intelligence. From task shifts to updated TKS (Task, Knowledge, Skill) statements, nothing is staying the same. Secu…YOUTUBE.COM
6 AugLazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RATNorth Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new Python-based remote access trojan (RAT) dubbed PyLangGhost. This malware represents a reimplementation o…GBHACKERS.COM
6 AugThis AI Clicks EVERYTHING… Including Malicious Links 😬An alarming discovery reveals that browser-based AI agents aren't just helpful—they're dangerous. In this short, cybersecurity expert Aaran breaks down new findings from Square X showing that these AI assistants can become massive liabilities. Why? Because they’ll click literally…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
6 AugLunaSpy hides as a spyware antivirus on Android | Kaspersky official blogWe tell you how new spyware gets inside Android, and what to do about it.KASPERSKY.COM
6 AugMicrosoft Launches Project Ire to Autonomously Classify Malware Using AI ToolsMicrosoft on Tuesday announced an autonomous artificial intelligence (AI) agent that can analyze and classify software without assistance in an effort to advance malware detection efforts. The large language model (LLM)-powered autonomous malware classification system, currently …THEHACKERNEWS.COM
📡 INFOSEC NEWS 11[−]
6 AugAI Is Transforming Cybersecurity Adversarial Testing - Pentera Founder’s VisionWhen Technology Resets the Playing Field In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise cu…THEHACKERNEWS.COM
6 AugMicrosoft pays record $17 million in bounties over the last 12 months​Microsoft paid a record $17 million this year to 344 security researchers across 59 countries through its bug bounty program. [...]BLEEPINGCOMPUTER.COM
6 AugDo sextortion scams still work in 2025?, (Wed, Aug 6th)Sextortion e-mails have been with us for quite a while, and these days, most security professionals tend to think of them more in terms of an “e-mail background noise” rather than as if they posed any serious threat. Given that their existen…ISC.SANS.EDU
6 AugWhatsApp adds new security feature to protect against scamsWhatsApp is introducing a new security feature that will help users spot potential scams when they are being added to a group chat by someone not in their contact list. [...]BLEEPINGCOMPUTER.COM
6 AugHospital fined after patient data found in street food wrappersA hospital in Thailand has been fined after patient's printed records were recycled as snack bags to hold crispy crepes.GRAHAMCLULEY.COM
6 AugFinal call: TechCrunch Disrupt 2025 ticket savings end tonightTechCrunch Disrupt 2025 marks 20 years of shaping the startup world — and tonight’s your last chance to save up to $675 on your ticket. From October 27–29, Disrupt returns to Moscone West in San Francisco. Join 10,000+ tech innovators, founders, VCs, and ecosystem builders for th…TECHCRUNCH.COM
6 AugNational Bank of Canada online systems down due to 'technical issue'National Bank of Canada (Banque Nationale du Canada), the sixth largest commercial bank of Canada is currently experiencing a widespread service outage affecting its online banking and mobile app platforms. [...]BLEEPINGCOMPUTER.COM
6 AugShared secret: EDR killer in the kill chainA look under the hood at a tool designed to disable protectionsSOPHOS.COM
6 AugCitizen Lab director warns cyber industry about US authoritarian descentRon Deibert, the head of the prominent digital human rights groups Citizen Lab, sounds the alarm at the Black Hat security conference about the "dramatic descent into authoritarianism," but one that the cyber community can help to defend against.TECHCRUNCH.COM
6 AugHacker extradited to US for stealing $3.3 million from taxpayersNigerian national Chukwuemeka Victor Amachukwu has been extradited from France to the U.S. to face charges of hacking, fraud, and identity theft for suspected spearphishing attacks on U.S. tax preparation businesses. [...]BLEEPINGCOMPUTER.COM
6 AugA rival Tea app for men is leaking its users’ personal data and driver’s licensesThe newly launched app, now trending on Apple's App Store, contains at least one major security flaw that exposes the private information of its users, including their uploaded selfies and government-issued IDs.TECHCRUNCH.COM