110Articles
8Categories
2025-08-07Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 23[−]
7 AugResearchers uncover RCE attack chains in popular enterprise credential vaultsResearchers have found 14 logic flaws in various components of HashiCorp Vault and CyberArk Conjur, two open-source credential management systems, allowing attacks that could bypass authentication checks, access secrets, impersonate identities and execute arbitrary code. In enter…CSOONLINE.COM
7 AugNew Microsoft Exchange Server Vulnerability Allows Unauthorized Admin Privilege EscalationMicrosoft has disclosed a high-severity security vulnerability affecting Exchange Server hybrid deployments that could allow attackers with administrative access to escalate privileges and potentially compromise an organization’s entire cloud and on-premises infrastructure.…GBHACKERS.COM
7 AugAkamai Ghost Platform Flaw Allows Hidden Second Request InjectionAkamai Technologies disclosed a critical HTTP request smuggling vulnerability affecting its content delivery network platform that could allow attackers to inject hidden secondary requests through a sophisticated exploitation technique. The vulnerability, designated CVE-2025-3209…GBHACKERS.COM
7 AugHashiCorp Vault & CyberArk Conjur kompromittiertSecrets Management und Remote Code Exceution gehen nicht gut zusammen. Alexsander Ovsyannikov | shutterstock.com In Enterprise-Umgebungen übersteigt die Anzahl nicht-menschlicher Identitäten (wie sie beispielsweise von Anwendungen und Maschinen verwendet werden), die Anzahl mensc…CSOONLINE.COM
7 AugOrganizations Warned of Vulnerability in Microsoft Exchange Hybrid DeploymentCISA and Microsoft have issued advisories for CVE-2025-53786, a high-severity flaw allowing privilege escalation in cloud environments. The post Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment appeared first on SecurityWeek .SECURITYWEEK.COM
7 AugMicrosoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid SetupsMicrosoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk…THEHACKERNEWS.COM
7 AugSonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-DaySonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse. "We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerabi…THEHACKERNEWS.COM
7 AugCISA Warns of ‘ToolShell’ Exploitation Chain Targeting SharePoint Servers; IOCs and Detections ReleasedThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an exploitation chain dubbed “ToolShell” targeting on-premises Microsoft SharePoint servers. It leverages multiple vulnerabilities including CVE-2025-49704 (a remote code…GBHACKERS.COM
7 AugCISA Issues ED 25-02: Mitigate Microsoft Exchange VulnerabilityToday, CISA issued Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE-2025-53786 , a vulnerability in Microsoft Exchange server hybrid deployments.   ED 25-02 directs all Federal Civilian Executive Branch (FCEB) agencies with Microso…CISA.GOV
7 AugHybrid Exchange environment vulnerability needs fast actionAdministrators with hybrid Exchange Server environments are urged by Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) to quickly plug a high-severity vulnerability or risk system compromise. Hybrid Exchange deployments offer organizations the ability t…CSOONLINE.COM
7 AugCISA orders fed agencies to patch new Exchange flaw by MondayCISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday morning at 9:00 AM ET. [...]BLEEPINGCOMPUTER.COM
7 AugChromium: CVE-2025-8582 Insufficient validation of untrusted input in DOMMicrosoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
7 AugChromium: CVE-2025-8581 Inappropriate implementation in ExtensionsMicrosoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
7 AugChromium: CVE-2025-8580 Inappropriate implementation in FilesystemsMicrosoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
7 AugChromium: CVE-2025-8578 Use after free in CastMicrosoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
7 AugChromium: CVE-2025-8576 Use after free in ExtensionsMicrosoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
7 AugChromium: CVE-2025-8583 Inappropriate implementation in PermissionsMicrosoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
7 AugChromium: CVE-2025-8579 Inappropriate implementation in Gemini Live in ChromeMicrosoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
7 AugChromium: CVE-2025-8577 Inappropriate implementation in Picture In PictureMicrosoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
7 AugCVE-2025-53792 Azure Portal Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
7 AugCVE-2025-53767 Azure OpenAI Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 31[−]
7 AugResearchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential TheftCybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack techn…THEHACKERNEWS.COM
7 AugDurch Datenlecks verursachte Kosten sind gefallenDurch KI unterstützte Angriffe wie Phishing und Deepfakes nehmen weiter zu, doch Unternehmen zögern in gleichem Maße nachzurüsten. karthik o – shutterstock.com Die gute Nachricht zuerst: Wie IBM in seinem jährlich erscheinenden Cost of a Data Breach Report herausfand, sind die du…CSOONLINE.COM
7 AugIT-Security-Jobs – 5 bittere WahrheitenViel Geld schützt nicht vor Burnout. Volodymyr TVERDOKHLIB | shutterstock.com Die Nachfrage nach Cybersecurity-Spezialisten ist ähnlich hoch wie deren Gehälter. Laut einem aktuellen, US-zentrischen Benchmark Report von IANS und Artico Search liegt das durchschnittliche Grundgehal…CSOONLINE.COM
7 AugBeef up AI security with zero trust principlesMany CSOs worry about their firm’s AI agents spitting out advice to users on how to build a bomb, or citing non-existent legal decisions. But those are the least of their worries, said a security expert at this week’s Black Hat security conference in Las Vegas. Systems using larg…CSOONLINE.COM
7 AugGoogle’s Salesforce Environment Compromised – User Information ExfiltratedGoogle has confirmed that one of its corporate Salesforce instances was breached in June by sophisticated threat actors, resulting in the theft of contact information for small and medium businesses. The incident highlights the growing threat of voice phishing attacks targeting e…GBHACKERS.COM
7 AugHackers Exploit Social Engineering to Gain Remote Access in Just 5 MinutesCybersecurity experts are raising alarms over a sophisticated social engineering attack that allowed threat actors to compromise corporate systems in under five minutes, according to a recent incident response investigation by NCC Group’s Digital Forensics and Incident Resp…GBHACKERS.COM
7 AugWhatsApp Removes 6.8 Million Accounts Over Malicious Activity ConcernsWhatsApp has permanently removed 6.8 million accounts during the first half of 2024 as part of an aggressive crackdown on global scamming operations, parent company Meta announced this week. The massive account purge primarily targeted sophisticated fraud networks operating from …GBHACKERS.COM
7 AugHTTP/1.1 Vulnerability Could Let Attackers Hijack Millions of SitesSecurity researchers have unveiled a fundamental vulnerability in HTTP/1.1 that could allow attackers to hijack millions of websites, highlighting a persistent threat that has plagued web infrastructure for over six years despite ongoing mitigation efforts. PortSwigger’s la…GBHACKERS.COM
7 Aug6 ways hackers hide their tracksCISOs have an array of ever-growing tools at their disposal to monitor networks and endpoint systems for malicious activity. But cybersecurity leaders face a growing responsibility of educating their organization’s workforce and driving cybersecurity awareness efforts. Cybersecur…CSOONLINE.COM
7 AugMicrosoft warns of high-severity flaw in hybrid Exchange deploymentsMicrosoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud environments without leaving any traces. [...]BLEEPINGCOMPUTER.COM
7 AugHeartCrypt-Packed ‘AVKiller’ Tool Actively Deployed in Ransomware Attacks to Disable EDRThreat actors are placing a higher priority on neutralizing endpoint detection and response (EDR) systems in order to remain stealthy in the dynamic world of multi-stage cyberattacks. Since 2022, malware sophistication has surged, with tools specifically engineered to disable EDR…GBHACKERS.COM
7 AugNew Active Directory Attack Method Bypasses Authentication to Steal DataSecurity researchers have uncovered a novel attack technique that exploits weaknesses in hybrid Active Directory (AD) and Entra ID environments to bypass authentication and exfiltrate sensitive data. The method, showcased at Black Hat USA 2025 by cybersecurity expert Dirk-jan Mol…GBHACKERS.COM
7 AugAir France and KLM disclose data breaches impacting customersAir France and KLM announced on Wednesday that attackers had breached a customer service platform and stolen the data of an undisclosed number of customers. [...]BLEEPINGCOMPUTER.COM
7 Aug‘Ghost Calls’ Attack Exploits Web Conferencing as Hidden Command-and-Control ChannelSecurity researchers have unveiled a sophisticated new attack technique called “Ghost Calls” that exploits popular web conferencing platforms to establish covert command-and-control (C2) channels, effectively turning trusted business communication tools into hidden pa…GBHACKERS.COM
7 AugCracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vaultsubmitted by Pro to cybersecurity 1 points | 0 comments https://cyata.ai/blog/cracking-the-vault-how-we-found-zero-day-flaws-in-authentication-identity-and-authorization-in-hashicorp-vault/ Hackernews Secrets vaults are the backbone of digital infrastructure. They store the crede…INFOSEC.PUB
7 Aug‘We too were breached,’ says Google, months after revealing Salesforce attacksGoogle has now confirmed that it too was impacted by the Salesforce data theft attacks originally uncovered by its own threat intelligence group (GTIG) in June. In an August 5 update to its June disclosure about an ongoing voice phishing (vishing) campaign targeting Salesforce cu…CSOONLINE.COM
7 AugAir France, KLM Say Hackers Accessed Customer DataAirlines Air France and KLM have disclosed a data breach stemming from unauthorized access to a third-party platform. The post Air France, KLM Say Hackers Accessed Customer Data appeared first on SecurityWeek .SECURITYWEEK.COM
7 AugProject Ire: Microsoft’s autonomous AI agent that can reverse engineer malwareMicrosoft has introduced Project Ire, an autonomous AI agent capable of analyzing and classifying software as either malicious or benign, without any prior knowledge of its origin or purpose. Developed in collaboration between Microsoft Research, Microsoft Defender Research, and …CSOONLINE.COM
7 AugHackers Exploit Legitimate Drivers to Disable Antivirus and Weaken System DefensesThreat actors have been deploying a novel antivirus (AV) killer since at least October 2024, leveraging the legitimate ThrottleStop.sys driver to execute Bring Your Own Vulnerable Driver (BYOVD) tactics. This malware, detected by Kaspersky as Win64.KillAV., systematically termina…GBHACKERS.COM
7 AugGemini AI Exploited via Google Invite Prompt Injection to Steal Sensitive User DataSecurity researchers have discovered a series of critical vulnerabilities in Google’s Gemini AI assistant that allow attackers to exploit the system through seemingly innocent Google Calendar invitations and emails, potentially compromising users’ sensitive data and e…GBHACKERS.COM
7 Aug6,500 Axis Servers Expose Remoting Protocol, 4,000 in U.S. Vulnerable to ExploitsCybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. "The attack results in pre-authentication remote code execution on Axis Device Manager,…THEHACKERNEWS.COM
7 AugWeaponizing Microsoft 365 Direct Send to Bypass Email Security DefensesSecurity researchers at StrongestLayer, in collaboration with Jeremy, a seasoned Security Architect at a major manufacturing firm, have exposed a multi-layered spear phishing attack that exploits Microsoft 365’s Direct Send feature to infiltrate corporate email systems. The…GBHACKERS.COM
7 AugGoogle suffers data breach in ongoing Salesforce data theft attackssubmitted by kid to cybersecurity 4 points | 0 comments https://www.bleepingcomputer.com/news/security/google-suffers-data-breach-in-ongoing-salesforce-data-theft-attacks/SH.ITJUST.WORKS
7 AugWeaponized npm Packages Target WhatsApp Developers with Remote Kill SwitchSocket’s Threat Research Team has uncovered a sophisticated supply chain attack targeting developers integrating with the WhatsApp Business API. Two malicious npm packages, naya-flore and nvlore-hsc, published by the npm user nayflore using the email idzzcch@gmail.com, disg…GBHACKERS.COM
7 AugSonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flawSonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw. [...]BLEEPINGCOMPUTER.COM
7 AugCISA Releases Ten Industrial Control Systems AdvisoriesCISA released ten Industrial Control Systems (ICS) advisories on August 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-219-01 Delta Electronics DIAView ICSA-25-219-02 Johnson Controls FX80…CISA.GOV
7 AugSonicWall Says Recent Attacks Don’t Involve Zero-Day VulnerabilitySonicWall has been investigating reports about a zero-day potentially being exploited in ransomware attacks, but found no evidence of a new vulnerability. The post SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
7 AugHackers Exploit SVG Files with Embedded JavaScript to Deploy Malware on Windows SystemsThreat actors are increasingly using Scalable Vector Graphics (SVG) files to get beyond traditional defenses in the quickly developing field of cybersecurity. Unlike raster formats such as JPEG or PNG, which store pixel-based data, SVGs are XML-structured documents that define ve…GBHACKERS.COM
7 AugHashiCorp Vault 0-Day Flaws Enable Remote Code Execution AttacksResearchers at Cyata have disclosed nine previously unknown zero-day vulnerabilities in HashiCorp Vault, a widely adopted open-source secrets management platform, enabling attackers to bypass authentication, escalate privileges, and achieve remote code execution (RCE). These flaw…GBHACKERS.COM
7 AugFBI Report: Attackers Are Sending Physical Packages with Malicious QR CodesThe FBI has issued an advisory warning that scammers are distributing QR code phishing (quishing) links via unsolicited packages sent by snail mail. Recipients may scan the code to find out where the package came from, which will land them on a phishing page.KNOWBE4.COM
📢 SECURITY ADVISORIES 3[−]
7 AugWindows tips for reducing the ransomware threatAs Scattered Spider headlines have reminded us of late, ransomware is always in season. The group has been around for many years, and this year it is pivoting from industry to industry to find new targets. In addition to using social media to identify relationships to better targ…CSOONLINE.COM
7 AugBlack Hat USA 2025: Policy compliance and the myth of the silver bulletWho’s to blame when the AI tool managing a company’s compliance status gets it wrong?WELIVESECURITY.COM
🔥 INCIDENT REPORTING 15[−]
7 AugAkira ransomware abuses CPU tuning tool to disable Microsoft Defendersubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/akira-ransomware-abuses-cpu-tuning-tool-to-disable-microsoft-defender/INFOSEC.PUB
7 AugSocGholish Uses Parrot and Keitaro TDS to Spread Malware via Fake UpdatesSocGholish, operated by the threat actor group TA569, has solidified its role as a prominent Malware-as-a-Service (MaaS) provider, functioning as an Initial Access Broker (IAB) that sells compromised system access to various cybercriminal clients. Since its emergence around 2017-…GBHACKERS.COM
7 AugData breach at French telecom giant Bouygues affects millions of customersThis is the latest cyberattack to hit a French cellular carrier in recent weeks, following an attack on Orange Telecom in July.TECHCRUNCH.COM
7 AugKLM Confirms Customer Data Breach Linked to Third-Party Systemsubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/klm-customer-data-breach-linked-third-party-system/SH.ITJUST.WORKS
7 AugUkraine claims to have hacked secrets from Russia's newest nuclear submarinesubmitted by kid to cybersecurity 3 points | 0 comments https://www.bitdefender.com/en-us/blog/hotforsecurity/ukraine-claims-to-have-hacked-secrets-from-russias-newest-nuclear-submarineSH.ITJUST.WORKS
7 AugMakop Ransomware Identified in Attacks in South Korea - ASECsubmitted by kid to cybersecurity 1 points | 0 comments https://asec.ahnlab.com/en/89397/SH.ITJUST.WORKS
7 AugIf Frameworks Are So Secure... Why Do We Still Get Hacked?Most devs trust their frameworks to keep apps safe… but is that enough? 🤔 In this short, Rey Bango highlights the gap between built-in security features and real-world vulnerabilities. It’s not just about OWASP—it’s about what devs don’t know their tools already do. From sanitiza…YOUTUBE.COM
7 AugBouygues Telecom confirms data breach impacting 6.4 million customersBouygues Telecom warns it suffered a data breach after the personal information of 6.4 million customers was exposed in a cyberattack. [...]BLEEPINGCOMPUTER.COM
7 AugNew EDR killer tool used by eight different ransomware groupsA new Endpoint Detection and Response (EDR) killer that is considered to be the evolution of 'EDRKillShifter,' developed by RansomHub, has been observed in attacks by eight different ransomware gangs. [...]BLEEPINGCOMPUTER.COM
7 AugSplunk Unveils PLoB Tool to Detect Compromised Credential UsageSplunk has introduced PLoB (Post-Logon Behaviour Fingerprinting and Detection) in a world where compromised credentials remain the primary vector for initial access in more than half of cybersecurity incidents, as noted in the Cisco Talos IR Trends report for Q1 2025 and supporte…GBHACKERS.COM
7 AugSocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and OthersThe threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The core of their operation is a sophisticated Malware-as-a-Service (Ma…THEHACKERNEWS.COM
7 Aug10 Best Red Teaming Companies for Advanced Attack Simulation in 2025Red teaming companies are specialized cybersecurity firms that use a proactive, adversarial approach to test an organization’s defenses by simulating a real-world cyberattack. Unlike traditional penetration testing, which typically focuses on finding specific vulnerabilitie…GBHACKERS.COM
7 Aug KEVDevices Are Attacking - PSW #886* Why should hate AI * When firmware attacks * The 300 second breach * Old ways still work, AI might help * And so begins the crawler wars * Turn off your SonicWall VPN * Your Pie may be wrapped in PII * Attackers will find a way * Signed kernel drivers * D-Link on the KEV * Rasp…YOUTUBE.COM
7 AugThe Shocking Truth About Double Ransom AttacksWhen companies think paying a ransom will stop the cyberattack... they’re dead wrong. In this shocking short, cybersecurity expert Aaran breaks down how some hacker groups now double-dip, attacking the same victim multiple times and demanding separate ransoms. Paying once doesn’t…YOUTUBE.COM
7 AugTapjacking: How A Simple Click Can Destroy Your Data!When cybersecurity expert Doug White explains tapjacking, it sounds like digital mischief—but the threat is very real. In this Short, viewers discover how Android animations can be hijacked to trick users into giving permissions or even triggering dangerous commands. It’s like ty…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 25[−]
7 AugFake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription ScamsThe malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device "monitoring" a…THEHACKERNEWS.COM
7 AugMass Internet Scanning from ASN 43350 [Guest Diary], (Thu, Aug 7th)[This is a Guest Diary by Duncan Woosley, an ISC intern as part of the SANS.edu BACS program] ISC.SANS.EDU
7 AugISC Stormcast For Thursday, August 7th, 2025 https://isc.sans.edu/podcastdetail/9560, (Thu, Aug 7th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
7 AugNews alert: SpyCloud’s AI-powered platform mimics veteran analysts, speeds threat detectionAustin, TX, Aug. 6, 2025, CyberNewswire: SpyCloud , the leader in identity threat protection, today announced a significant enhancement to its SaaS Investigations solution: the integration of advanced AI-powered insights that mirror the tradecraft of SpyCloud’s seasoned investiga…LASTWATCHDOG.COM
7 AugNvidia Denies Presence of Backdoors, Kill Switches, or Spyware in Its ChipsNvidia has issued a comprehensive denial regarding allegations that its graphics processing units contain backdoors, kill switches, or spyware, emphasizing that such features would fundamentally undermine global digital infrastructure and cybersecurity principles. The chipmaker&#…GBHACKERS.COM
7 AugNew HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of WebsitesA desync attack method leveraging HTTP/1.1 vulnerabilities impacted many websites and earned researchers more than $200,000 in bug bounties. The post New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites appeared first on SecurityWeek .SECURITYWEEK.COM
7 AugChina Accuses Nvidia of Putting Backdoors into Their ChipsThe government of China has accused Nvidia of inserting a backdoor into their H20 chips: China’s cyber regulator on Thursday said it had held a meeting with Nvidia over what it called “serious security issues” with the company’s artificial intelligence chi…SCHNEIER.COM
7 AugAccuKnox partners with SecuVerse.ai to deliver Zero Trust CNAPP Security for National Gaming InfrastructureAccuKnox, a global leader in Zero Trust Cloud Native Application Protection Platforms (CNAPP), has partnered with SecuVerse.ai to deliver ASPM [Application Security Posture Management] for Lonaci Loterie Nationale de Côte d’Ivoire (LONACI), the state-operated national lottery aut…GBHACKERS.COM
7 AugMY TAKE: The GenAI security crisis few can see — but these startups are quietly mapping the gapsLAS VEGAS — A decade ago, the rise of public cloud brought with it a familiar pattern: runaway innovation on one side, and on the other, a scramble to retrofit security practices not built for the new terrain. Related: GenAI … (more…) The post MY TAKE: The GenAI security cr…LASTWATCHDOG.COM
7 AugIRGC-Linked Hackers Target Financial, Government, and Media OrganizationsA sophisticated network of hackers with ties to Iran’s Islamic Revolutionary Guard Corps (IRGC) unleashed a barrage of cyber-operations designed to disrupt adversaries, steal sensitive data, and propagate ideological narratives. SecurityScorecard’s STRIKE threat intel…GBHACKERS.COM
7 AugAnatomy of a Vishing ScamI hear about a ton of similar-sounding scam calls, where the scammer is pretending to be from a service you use (or used), offering you a substantial monthly discount (30% or more) if you pay some fee ahead of time.KNOWBE4.COM
7 AugBlack Hat USA 2025 – Summary of Vendor Announcements (Part 3)Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 3) appeared first on SecurityWeek .SECURITYWEEK.COM
7 AugWhy GitHub Actions Are a Cybersecurity Game-ChangerWhen Sergey Gorbaty dropped this insight, cybersecurity pros paid attention. In this short, he breaks down how GitHub Actions isn’t just automation—it’s a powerful identity bridge to the cloud. With GitHub acting as an identity provider, the boundaries between CI/CD and IAM are g…YOUTUBE.COM
7 AugGenAI Used to Impersonate Brazil’s Govt Websites | ThreatLabzsubmitted by kid to cybersecurity 1 points | 0 comments https://www.zscaler.com/blogs/security-research/genai-used-phishing-websites-impersonating-brazil-s-governmentSH.ITJUST.WORKS
7 AugShared secret: EDR killer in the kill chain – Sophos Newssubmitted by kid to cybersecurity 1 points | 0 comments https://news.sophos.com/en-us/2025/08/06/shared-secret-edr-killer-in-the-kill-chain/SH.ITJUST.WORKS
7 AugScarCruft Hacker Group Launches New Rust-Based Malware Attack Leveraging PubNubThe North Korean state-sponsored advanced persistent threat (APT) group known as ScarCruft has been linked to a sophisticated malware campaign targeting South Korean users. Disguised as a postal-code update notice, this infection chain was uncovered by S2W’s Threat Analysis and I…GBHACKERS.COM
7 AugHacker Extradited to U.S. for $2.5 Million Tax Fraud SchemeChukwuemeka Victor Amachukwu, also known as Chukwuemeka Victor Eletuo and So Kwan Leung, was extradited from France to the United States to face charges related to sophisticated hacking, wire fraud, and aggravated identity theft operations. The 39-year-old Nigerian national was p…GBHACKERS.COM
7 AugAnnouncing public preview: Phishing triage agent in Microsoft DefenderThe Phishing Triage Agent in Microsoft Defender is now available in Public Preview. It tackles one of the most repetitive tasks in the SOC: handling reports of user-submitted phish. The post Announcing public preview: Phishing triage agent in Microsoft Defender appeared first on …TECHCOMMUNITY.MICROSOFT.COM
7 AugThis is Why Tech Makes Money But Solves NothingTech veteran Erik Bloch drops a brutal truth about the cybersecurity industry — billions made, but the same problems remain. In this clip, he explains how companies prioritize profit-driven features over real security fixes, revealing a deep misalignment in the industry. 20 years…YOUTUBE.COM
7 AugRisk Velocity EXPLAINED in 15 Seconds! ⚡In this lightning-fast explainer, Alla Valente breaks down risk velocity—the speed at which a risk event impacts an organization. With digitalization and globalization accelerating interconnectivity, disruptions now hit instantly. This short unpacks the butterfly effect of modern…YOUTUBE.COM
7 AugFake News at Lightspeed!AI is changing the game—and not in a good way. In this short, cybersecurity expert Doug White breaks down how artificial intelligence is fueling the rise of deepfakes, misinformation, and a growing distrust in news and democracy. As voters struggle to keep up, politicians are eve…YOUTUBE.COM
7 AugHow Machine Learning Detects Living off the Land (LotL) AttacksElite cybercriminals prefer LotL attacks because they’re incredibly hard to spot. Instead of deploying obvious malware, attackers use the same trusted tools that an IT team relies on daily, such as PowerShell, Windows Management Instrumentation (WMI) and various integrated …GBHACKERS.COM
7 AugIs Cybercrime the Next Big Investment? 😳Cybersecurity expert Doug White drops a jaw-dropping stat: by 2029, cybercrime could generate $15.6 trillion in global economic activity—surpassing the combined GDP of Germany, India, and Japan. In this short, he jokingly suggests creating an index fund with the ticker “SCAM” to …YOUTUBE.COM
7 AugWho's Still Making Money in Crypto? 🤔In this short, Aaran questions the downfall of the crypto craze—daily active wallets are down, NFT trading volumes have crashed over 90%, and platforms like OpenSea have lost billions in volume. Is anyone still profiting in this space? This clip captures the raw moment he reflect…YOUTUBE.COM
7 AugHTTP/1.1 Must Die: What This Means for AppSec Leadershipsubmitted by cron to cybersecurity 2 points | 0 comments https://portswigger.net/blog/http-1-1-must-die-what-this-means-for-appsec-leadership In his groundbreaking new research, HTTP/1.1 Must Die: The Desync Endgame , Kettle challenges the security community to completely rethink…INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 3[−]
7 AugWebinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You NeedPython is everywhere in modern software. From machine learning models to production microservices, chances are your code—and your business—depends on Python packages you didn’t write. But in 2025, that trust comes with a serious risk. Every few weeks, we’re seeing fresh headlines…THEHACKERNEWS.COM
7 AugUEBA rules in Kaspersky SIEM | Kaspersky official blogWe've added a “user and entity behavior analytics” (UEBA) rule package to the Kaspersky Unified Monitoring and Analysis PlatformKASPERSKY.COM
7 AugMalicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data WipesCybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. "At runtime the code silently spawns a shell, pulls a second-stage payload from an…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
7 AugBlack Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?Success in cybersecurity is when nothing happens, plus other standout themes from two of the event’s keynotesWELIVESECURITY.COM
📡 INFOSEC NEWS 9[−]
7 AugMicrosoft accidentally confirms GPT-5, GPT-5-Mini, GPT-5-Nano ahead of launchOpenAI is hosting a live stream at 10AM PT to announce GPT-5, but Microsoft has already confirmed the details. [...]BLEEPINGCOMPUTER.COM
7 AugMassive IPTV piracy service with 28,000 channels taken offlineThe Alliance for Creativity and Entertainment (ACE) announced the shutdown of Rare Breed TV, a major illegal IPTV service provider, after reaching a financial settlement with its operators. [...]BLEEPINGCOMPUTER.COM
7 AugAnthropic targets DevSecOps with Claude Code update as AI rivals gear upAnthropic has introduced automated security reviews in its Claude Code product, aiming to help developers identify and fix vulnerabilities earlier in the software development process. The update includes a GitHub Actions integration and a new “/security-review” command, allowing …INFOWORLD.COM
7 AugCryptomixer founders pled guilty to laundering money for cybercriminalsThe founders of the Samourai Wallet (Samourai) cryptocurrency mixer have pleaded guilty to laundering over $200 million for criminals. [...]BLEEPINGCOMPUTER.COM
7 AugThe AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud DefenseNow that we are well into 2025, cloud attacks are evolving faster than ever and artificial intelligence (AI) is both a weapon and a shield. As AI rapidly changes how enterprises innovate, security teams are now tasked with a triple burden: Secure AI embedded in every part of the …THEHACKERNEWS.COM
7 AugWave of 150 crypto-draining extensions hits Firefox add-on storeA malicious campaign dubbed 'GreedyBear' has snuck onto the Mozilla add-ons store, targeting Firefox users with 150 malicious extensions and stealing an estimated $1,000,000 from unsuspecting victims. [...]BLEEPINGCOMPUTER.COM
7 AugChatGPT's GPT-5 models released: everything you need to knowAfter a long wait, GPT-5 is finally rolling out. It's available for free, Plus, Pro and Team users today. This means everyone gets to try GPT-5 today, but paid users get higher limits. [...]BLEEPINGCOMPUTER.COM
7 AugSophos AI at Black Hat USA ’25: Anomaly detection betrayed us, so we gave it a new jobFollowing on from our preview, here's Ben Gelman and Sean Bergeron's research on enhancing command line classification with benign anomalous dataSOPHOS.COM
7 AugFake WhatsApp developer libraries hide destructive data-wiping codeTwo malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer's computers. [...]BLEEPINGCOMPUTER.COM