🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
8 AugCISA Issues Urgent Advisory to Address Microsoft Exchange FlawThe Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 25-02 on August 7, 2025, requiring federal agencies to immediately address a critical vulnerability in Microsoft Exchange hybrid configurations that could allow attackers to escalate from o…GBHACKERS.COM
8 AugWinRAR zero-day flaw exploited by RomCom hackers in phishing attacksA recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 27[−]
8 AugBlack Hat 2025 Recap: A look at new offerings announced at the showBlack Hat 2025 is on its home stretch, having gathered together thousands of security professionals to discuss the latest developments in adversarial tradecraft and cybersecurity defense. Security leaders and teams explored AI-driven threats and innovations, with a focus on the d…CSOONLINE.COM
8 AugSo sparen CISOs, ohne die Sicherheit zu torpedierenGeht’s dem Security-Budget an den Kragen, ist der Spielraum für CISOs denkbar gering. TippaPatt | shutterstock.com Vor etlichen Jahren fand sich David Mahdi , heute CISO Advisor beim IAM-Spezialisten Transmit Security, in einer Situation wieder, vor der wohl jedem Sicherheitsents…CSOONLINE.COM
8 AugRetbleed Vulnerability Exploited to Access Any Process’s Memory on Newer CPUsSecurity researchers have successfully demonstrated a sophisticated exploit of the Retbleed vulnerability, a critical CPU security flaw that allows attackers to read arbitrary memory from any process running on affected systems. The exploit, which builds upon research origin…GBHACKERS.COM
8 AugFlipper Zero Dark Web Firmware Cracks Rolling Code Security in Modern CarsSecurity researchers have discovered alarming new firmware for the popular Flipper Zero device that can completely bypass the rolling code security systems protecting millions of modern vehicles. The breakthrough attack, demonstrated by YouTube channel Talking Sasquatch, represen…GBHACKERS.COM
8 AugCybersecurity Alerts: Black Hat Exposes AI and Firmware VulnerabilitiesIn this episode, host Jim Love thanks listeners for their support of his book 'Elisa, A Tale of Quantum Kisses,' which is available for 99 cents on Kindle. The show then dives into pressing cybersecurity issues discussed at Black Hat USA, including vulnerabilities in AI assistant…CYBERSECURITYTODAY.LIBSYN.COM
8 AugMalicious Go Packages Used by Threat Actors to Deploy Obfuscated Remote PayloadsSocket’s Threat Research Team has identified eleven malicious Go packages distributed via GitHub, with ten remaining active on the Go Module Mirror, posing ongoing risks to developers and CI/CD pipelines. Eight of these packages employ typosquatting techniques, mimicking le…GBHACKERS.COM
8 AugAmazon ECS Internal Protocol Exploited to Steal AWS Credentials from Other TasksSecurity researchers have disclosed a critical vulnerability in Amazon Elastic Container Service (ECS) that allows malicious containers to steal AWS credentials from other tasks running on the same EC2 instance. The attack, dubbed “ECScape,” exploits an undocumented i…GBHACKERS.COM
8 AugUS Confirms Takedown of BlackSuit Ransomware Behind 450+ HacksFederal law enforcement agencies have successfully dismantled the critical infrastructure of BlackSuit ransomware, a sophisticated cybercriminal operation that has compromised over 450 victims across the United States since 2022 and collected more than $370 million in ransom paym…GBHACKERS.COM
8 Aug13 Produkt-Highlights der Black Hat USADas Mandalay Bay Convention Center wird zur Black Hat USA zum Cybersecurity-Hub – 2025 lag der Fokus dabei insbesondere auf Agentic und Generative AI. Andrey Bayda | shutterstock.com Zur Black-Hat-Konferenz haben sich auch 2025 Tausende von Sicherheitsexperten in Las Vegas zusamm…CSOONLINE.COM
8 AugCISA Issues 10 ICS Advisories Detailing Vulnerabilities and ExploitsThe Cybersecurity and Infrastructure Security Agency (CISA) has released ten industrial control systems (ICS) advisories on August 7, 2025, highlighting critical vulnerabilities across various industrial automation and control platforms. These advisories represent a comprehensive…GBHACKERS.COM
8 AugGoogle Project Zero Changes Its Disclosure PolicyGoogle’s vulnerability finding team is again pushing the envelope of responsible disclosure: Google’s Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes pl…SCHNEIER.COM
8 AugPyPI Issues Advisory to Prevent ZIP Parser Confusion Attacks on Python Package InstallersThe Python Package Index (PyPI) has announced new restrictions aimed at mitigating ZIP parser confusion attacks that could exploit discrepancies in how Python package installers and inspectors handle ZIP archives. This move comes in response to vulnerabilities identified in tools…GBHACKERS.COM
8 AugWindows UAC Bypass Exploits Character Map Tool for Privilege EscalationCybersecurity researchers have uncovered a new technique that allows attackers to bypass Windows User Account Control (UAC) protections by exploiting an unexpected vulnerability in the system’s Private Character Editor tool, potentially granting unauthorized administrative …GBHACKERS.COM
8 AugMultiple Security Vulnerabilities Found in WWBN AVideo, MedDream, and Eclipse ThreadXCisco Talos’ Vulnerability Discovery & Research team has disclosed a total of 12 critical security vulnerabilities across three popular software platforms, highlighting significant security risks that could potentially impact millions of users worldwide. The disclosure …GBHACKERS.COM
8 AugBeyond cryptocurrency: Blockchain 101 for CISOs and why it mattersWhen I first heard someone suggest blockchain for enterprise cybersecurity, I nearly rolled my eyes. At the time, I was knee-deep in helping a Fortune 100 company drive a cloud security transformation. Our focus was on hardening IAM policies, tightening perimeter controls and ali…CSOONLINE.COM
8 AugColumbia University Data Breach Exposes Personal and Financial Data of 870,000Columbia University disclosed a significant cybersecurity incident that compromised personal and financial information of nearly 870,000 individuals, making it one of the largest data breaches affecting an educational institution this year. The breach, which occurred between May …GBHACKERS.COM
8 AugECScape: New AWS ECS flaw lets containers hijack IAM roles without breaking outAt Black Hat USA 2025, Sweet Security’s Naor Haziz revealed a significant privilege escalation flaw in Amazon ECS that allows a low-privilege container running on an EC2-backed task to hijack higher-privileged IAM roles from other containers on the same host. Dubbed ECScape, the …CSOONLINE.COM
8 AugAxis Camera Server Vulnerabilities Expose Thousands of Organizations to AttackClaroty’s Team82 research unit has unveiled four vulnerabilities affecting Axis Communications’ widely deployed video surveillance ecosystem, potentially endangering thousands of organizations worldwide. These flaws, centered on the proprietary Axis.Remoting communica…GBHACKERS.COM
8 AugNo Patch, No Mercy: Cisco’s Root NightmareA critical vulnerability in Cisco’s Identity Services Engine and Passive Identity Connector just got exposed—and it’s as bad as it gets. Scoring a perfect 10 on the CVSS scale, these combined flaws could let attackers remotely gain root access to devices. No mitigation exists oth…YOUTUBE.COM
8 AugOver 5,000 Fake Online Pharmacies Caught Selling Counterfeit MedicinesResearchers at Gen have uncovered a vast network of over 5,000 fraudulent online pharmacy domains operated by a single cybercriminal entity dubbed MediPhantom. This elaborate PharmaFraud operation exploits advanced techniques including domain hijacking, search engine optimization…GBHACKERS.COM
8 AugTyposquatted PyPI Packages Used by Threat Actors to Steal Cryptocurrency from Bittensor WalletsGitLab’s Vulnerability Research team has uncovered a highly sophisticated cryptocurrency theft campaign exploiting typosquatted Python packages on the Python Package Index (PyPI) to target the Bittensor decentralized AI network. The operation, detected through GitLab’…GBHACKERS.COM
8 AugCybercrime Rivalry Just Exploded 💥The dark web just got dramatic. In this explosive short, Aaran breaks down the sudden cyberwar between DragonForce and RansomHub—two of the most feared ransomware groups in the world. From affiliate poaching to underground tensions, this isn’t just drama… it’s a shift that could …YOUTUBE.COM
8 AugTap Trap: The Android Hack With ZERO PermissionsA new Android exploit called Tap Trap just flipped the cybersecurity world upside down. This short reveals how hackers can trick users with invisible buttons—no permissions needed. Shown to work on Android 15 & 16, this attack overlays a nearly transparent UI element on top of re…YOUTUBE.COM
8 AugKrebsOnSecurity in New ‘Most Wanted’ HBO Max SeriesA new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online p…KREBSONSECURITY.COM
8 AugFriday Squid Blogging: New Vulnerability in Squid HTTP Proxy ServerIn a rare squid/security combined post, a new vulnerability was discovered in the Squid HTTP proxy server.SCHNEIER.COM
8 AugBlack Hat: Researchers demonstrate zero-click prompt injection attacks in popular AI agentsThe number of tools that large language models (LLMs) get connected to is rapidly increasing, and along with that comes growth in the attack surface, and in the opportunities for attackers to inject unauthorized instructions that can leak sensitive data. Prompt injection is not a…CSOONLINE.COM
8 AugA Vulnerability in SonicWall SonicOS management access and SSLVPN Could Allow for Unauthorized AccessA vulnerability has been discovered in SonicWall SonicOS Management Access and SSLVPN, which could allow for unauthorized resource access and in specific conditions, causing the firewall to crash. SonicOS is SonicWall’s operating system designed for their firewalls and other secu…CISECURITY.ORG
📢 SECURITY ADVISORIES 5[−]
8 AugIn Other News: Nvidia Says No to Backdoors, Satellite Hacking, Energy Sector AssessmentNoteworthy stories that might have slipped under the radar: federal court filing system hack, Chanel data breach, emergency CISA directive. The post In Other News: Nvidia Says No to Backdoors, Satellite Hacking, Energy Sector Assessment appeared first on SecurityWeek .SECURITYWEEK.COM
8 AugYour KnowBe4 Compliance Plus Fresh Content Updates from July 2025Check out the July updates in Compliance Plus so you can stay on top of featured compliance training content.KNOWBE4.COM
8 AugWhy Founders Regret Ignoring Security EarlyEarly-stage founders often prioritize speed over security—but what happens when Series A investors start asking for SOC 2, ISO, or PCI compliance? In this short, Erik Bloch breaks down how security becomes a business enabler, not just a technical checkbox. Perfect for startup lea…YOUTUBE.COM
🔥 INCIDENT REPORTING 11[−]
8 AugUnigame - 843,696 breached accountsIn December 2019, the now defunct gaming website Unigame (maker of Hunter Online) suffered a data breach that was later redistributed as part of a larger corpus of data . The data included 844k email addresses and salted MD5 password hashes.HAVEIBEENPWNED.COM
8 AugRoyal and BlackSuit ransomware gangs hit over 450 US companiesThe U.S. Department of Homeland Security (DHS) says the cybercrime gang behind the Royal and BlackSuit ransomware operations had breached hundreds of U.S. companies before their infrastructure was dismantled last month. [...]BLEEPINGCOMPUTER.COM
8 AugFrench Telecom Firm Bouygues Says Data Breach Affects 6.4M CustomersBouygues has been targeted in a cyberattack that resulted in the personal information of millions of customers getting compromised. The post French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers appeared first on SecurityWeek .SECURITYWEEK.COM
8 AugColumbia University data breach impacts nearly 870,000 individualsAn unknown threat actor has stolen the sensitive personal, financial, and health information of nearly 870,000 Columbia University current and former students and employees after breaching the university's network in May. [...]BLEEPINGCOMPUTER.COM
8 AugTeaOnHer copies everything from Tea – including the data breachesTeaOnHer hasn't stopped at copying the functionality of the original Tea app (albeit skewed towards men rating women). It also appears to have carelessly mimicked the Tea dating advice app's recklessness when it comes to data security. Read more in my article on the Hot for Secur…BITDEFENDER.COM
8 AugColumbia University Data Breach Impacts 860,000Columbia University has been targeted in a cyberattack where hackers stole the personal information of students, applicants, and employees. The post Columbia University Data Breach Impacts 860,000 appeared first on SecurityWeek .SECURITYWEEK.COM
8 AugLeaked Credentials Up 160%: What Attackers Are Doing With ThemWhen an organization’s credentials are leaked, the immediate consequences are rarely visible—but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and pas…THEHACKERNEWS.COM
8 AugU.S. Judiciary confirms breach of court electronic records serviceThe U.S. Federal Judiciary confirms that it suffered a cyberattack on its electronic case management systems hosting confidential court documents and is strengthening cybersecurity measures. [...]BLEEPINGCOMPUTER.COM
8 AugHow the NSA Hacked Huawei: Operation Shotgiantsubmitted by Amoxtli to cybersecurity 2 points | 0 comments https://m.youtube.com/watch?v=aQNgelm7JeESH.ITJUST.WORKS
8 AugRed Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for EnterpriseResearchers demonstrate how multi-turn “storytelling” attacks bypass prompt-level filters, exposing systemic weaknesses in GPT-5’s defenses. The post Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise appeared first on SecurityWeek .SECURITYWEEK.COM
8 AugNot Just a Hacker. A Nation’s Weapon.A skilled developer, hired from overseas, turns out to be much more than he seemed. In this jaw-dropping short, cybersecurity expert Aaran reveals how desperate operatives moonlight as IT freelancers — not just to survive, but to secretly fund state weapons programs. It’s not you…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 22[−]
8 AugCyber Resilience Corps - Protecting America's Communities Togethersubmitted by ryokimball to cybersecurity 1 points | 0 comments https://www.cybervolunteers.us/en Just heard about this on a podcast, and I’ve often looked for ways to put my skills to use on a volunteer basis. This would probably also be an excellent resume builder for students /…INFOSEC.PUB
8 AugISC Stormcast For Friday, August 8th, 2025 https://isc.sans.edu/podcastdetail/9562, (Fri, Aug 8th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
8 AugChatGPT-5 Launches – Discover What’s New in the Next-Gen AI AgentOpenAI has officially launched ChatGPT-5, marking a significant leap forward in artificial intelligence technology with a revolutionary unified system that combines multiple specialized models to deliver unprecedented performance and versatility. The launch represents the most su…GBHACKERS.COM
8 AugOver 60 Malicious RubyGems Packages Used to Steal Social Media and Marketing CredentialsSocket’s Threat Research Team has exposed a persistent campaign involving over 60 malicious RubyGems packages that masquerade as automation tools for platforms like Instagram, Twitter/X, TikTok, WordPress, Telegram, Kakao, and Naver. Active since at least March 2023, the th…GBHACKERS.COM
8 AugOops Safari, I think You Spilled Something!submitted by Pro to cybersecurity 1 points | 0 comments https://blog.exodusintel.com/2025/08/04/oops-safari-i-think-you-spilled-something/ Lobsters .INFOSEC.PUB
8 AugBlack Hat USA 2025 – Summary of Vendor Announcements (Part 4)Many companies are showcasing their products and services this week at the 2025 edition of the Black Hat conference in Las Vegas. The post Black Hat USA 2025 – Summary of Vendor Announcements (Part 4) appeared first on SecurityWeek .SECURITYWEEK.COM
8 AugRecord-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from VictimsThe threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over $1 million in cryptocurrency from victims. This coordinated assault, uncovered by Koi Secu…GBHACKERS.COM
8 AugVexTrio TDS Deploys Malicious VPN Apps on Google Play and App StoreVexTrio, a sophisticated threat actor known for operating a massive traffic distribution system (TDS), has expanded its malicious activities by deploying fake VPN applications on major app stores, including Google Play and the Apple App Store. Originating from a merger between It…GBHACKERS.COM
8 AugYour KnowBe4 Fresh Content Updates from July 2025Check out the 36 new pieces of training content added in July, alongside the always fresh content update highlights, new features and events.KNOWBE4.COM
8 AugHelp Desk at Risk: Scattered Spider Shines Light on Overlook Threat VectorAs attackers target help desks and identity systems, traditional security perimeters are proving insufficient against agile, socially-engineered threats. The post Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector appeared first on SecurityWeek .SECURITYWEEK.COM
8 AugDevelopers Love AI… Hackers Love It More 😈AI tools like GitHub Copilot and Gemini are changing how developers write code — faster, cleaner, smarter. But what if that code isn’t secure? In this short, Rey Bango explains why AI-generated code might look perfect... but still open the door to attackers. Junior devs love the …YOUTUBE.COM
8 AugSecurity Researchers found a way to trick Windows Hello authentication, but there is a simple fix - gHacks Tech Newssubmitted by Amoxtli to cybersecurity 1 points | 0 comments https://www.ghacks.net/2025/08/08/security-researchers-found-a-way-to-trick-windows-hello-authentication-but-there-is-a-simple-fix/SH.ITJUST.WORKS
8 AugGRC Isn’t Just Finance Anymore… Here’s WhyMany companies still treat risk like it lives in separate boxes—finance risk here, cyber risk there. But Alla Valente explains why this outdated siloed model is dangerous for modern organizations. With threats evolving across every part of the enterprise, cybersecurity profession…YOUTUBE.COM
8 AugCodeSecCon 2025: Where Software Security’s Next Chapter UnfoldsTaking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon 2025: Where Software Security’s Next Chapter Unfolds appea…SECURITYWEEK.COM
8 AugDarkCloud Stealer Targets Windows Systems to Harvest Login Credentials and Financial DataA new variant of the DarkCloud information-stealer malware has been observed targeting Microsoft Windows systems, primarily affecting Windows users by collecting sensitive data such as login credentials, financial information, and personal contacts. Discovered in early July 2025 …GBHACKERS.COM
8 AugDEFCON Twitch Streams are livesubmitted by scytale to cybersecurity 1 points | 0 comments https://dctv.defcon.org/INFOSEC.PUB
8 AugWould You Do Yoga… with a Honey Badger?! 🦡😳What starts as a relaxing goat yoga session quickly spirals into chaos when honey badgers enter the mix 😱🦡. Cybersecurity pros Doug and Josh joke about the ultimate stress test—replacing goats with wild animals! But what if your next team-building event looked like this? Pure mad…YOUTUBE.COM
8 AugDarkCloud Stealer Uses Novel Infection Chain and ConfuserEx Obfuscation TechniquesUnit 42 researchers have identified a significant evolution in the distribution tactics of DarkCloud Stealer, an infostealer malware first observed shifting its delivery mechanisms in early April 2025. This update introduces a novel infection chain that incorporates advanced obfu…GBHACKERS.COM
8 AugEfimer Malicious Script Spreads via WordPress Sites, Torrents, and Email in Massive Attack WaveKaspersky researchers have uncovered a widespread campaign involving the Efimer malicious script, a sophisticated Trojan-dropper primarily aimed at stealing cryptocurrency. First detected in June 2025, the malware impersonates legal correspondence from major companies, accusing r…GBHACKERS.COM
8 AugSonicWall, Informants Exposed, Cisco Vishing, Perplexity, GPT‑5, Josh Marpet–SWN #501 - SWN #501This week we have, SonicWall, Confidential Informants Exposed, Cisco Vishing, Perplexity vs robots.txt, Microsoft’s Project Ire, Meta–Flo Jury Verdict, GPT‑5 Lands, TeaOnHer Data Leak, Josh Marpet, and more on the Security Weekly News.. Visit https://www.securityweekly.com/swn fo…YOUTUBE.COM
8 AugWhen Your AI Coworker Starts Lying To You…A cybersecurity expert asks an AI to write code—and things go off the rails fast. What starts as a simple task turns into a hilarious back-and-forth where the AI overpromises, underdelivers, and straight-up lies. From failed math solutions to the AI saying, “I can do that!” when …YOUTUBE.COM
8 AugIs it fine if a website says "email already in use" before you hit submit?submitted by Jankatarch to cybersecurity 1 points | 0 comments I remember hearing before that it’s a sign they are storing your info unencrypted but I never checked. Is this true? I was logging into a .gov website and noticed it does that.SH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 3[−]
8 AugThe Efimer Trojan steals cryptocurrency via malicious torrent files and WordPress websites | Kaspersky official blogThe Efimer Trojan steals cryptocurrency via WordPress websites and malicious torrent files. Here's how to protect yourself from this new cyberthreat.KASPERSKY.COM
8 AugRubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security ChangesA fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users. The activity is assessed to be active since a…THEHACKERNEWS.COM
8 AugAI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 VictimsCybersecurity researchers are drawing attention to a new campaign that's using legitimate generative artificial intelligence (AI)-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a …THEHACKERNEWS.COM
📡 INFOSEC NEWS 7[−]
8 AugGreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet ExtensionsA newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets. The published browser add-ons masquerade as MetaM…THEHACKERNEWS.COM
8 AugMicrosoft will kill the Lens PDF scanner app for iOS, AndroidMicrosoft announced that it will phase out the Microsoft Lens PDF scanner app for Android and iOS devices starting September 15, 2025. [...]BLEEPINGCOMPUTER.COM
8 AugMicrosoft 365 apps to soon block file access via FPRPC by defaultMicrosoft has announced that the Microsoft 365 apps for Windows will start blocking access to files via the insecure FPRPC legacy authentication protocol by default starting late August. [...]BLEEPINGCOMPUTER.COM
8 AugFTC: older adults lost record $700 million to scammers in 2024Americans aged 60 and older lost a staggering $700 million to online scams in 2024, marking a sharp rise in fraud targeting seniors, according to the Federal Trade Commission. [...]BLEEPINGCOMPUTER.COM
8 AugOpenAI to fix GPT-5 issues, double rate limits for paid users after outrageOpenAI's CEO, Sam Altman, overpromised on GPT-5, and real-life results are underwhelming, but it looks like a new update is rolling out that might address some of the concerns. [...]BLEEPINGCOMPUTER.COM
8 AugBlack Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?A sky-high premium may not always reflect your company’s security postureWELIVESECURITY.COM
8 AugAndroid adware: What is it, and how do I get it off my device?Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here’s what to do.WELIVESECURITY.COM