213Articles
9Categories
2025-08-12Date
🚨 CISA KEV 1[−]
12 Aug KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2013-3893 Microsoft Internet Explorer Resource Management Errors Vulnerability CVE-2007-0671 Microsoft Office Excel Remote Code Execution …CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 113[−]
12 AugApache bRPC Vulnerability Lets Attackers Crash Services Remotely via NetworkA critical security vulnerability has been discovered in Apache bRPC that allows attackers to remotely crash services through network-based denial of service attacks. The vulnerability, designated as CVE-2025-54472, affects all versions of Apache bRPC prior to 1.14.1 and stems fr…GBHACKERS.COM
12 Aug KEVNCSC: Citrix NetScaler Flaw (CVE-2025-6543) is Being Actively Exploited to Breach OrganizationsThe National Cyber Security Centre (NCSC) in the Netherlands has issued an urgent update on a series of sophisticated cyberattacks exploiting a zero-day vulnerability in Citrix NetScaler systems, identified as CVE-2025-6543. This flaw, affecting Citrix NetScaler Application Deliv…GBHACKERS.COM
12 AugOT Networks Targeted in Widespread Exploitation of Erlang/OTP VulnerabilityThe recently patched Erlang/OTP flaw CVE-2025-32433 has been exploited since early May, shortly after its existence came to light. The post OT Networks Targeted in Widespread Exploitation of Erlang/OTP Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
12 AugDutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical SectorsThe Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix NetScaler ADC products to breach organizations in the country. The NCSC-NL said it discovered the exploitation of CVE-2025-6543 t…THEHACKERNEWS.COM
12 Aug KEV7,000 Citrix NetScaler Devices Still Vulnerable to CVE-2025-5777 and CVE-2025-6543A significant number of Citrix NetScaler devices continue to pose serious security risks, with approximately 7,000 systems still vulnerable to two critical exploits that have been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnera…GBHACKERS.COM
12 Aug1,500 Jenkins Servers Vulnerable to Command Injection via Git Parameter PluginJenkins disclosed CVE-2025-53652, also known as SECURITY-3419, as part of a batch of 31 plugin vulnerabilities. Initially rated as medium severity, this flaw affects the Git Parameter plugin and was described merely as enabling attackers to inject arbitrary values into Git parame…GBHACKERS.COM
12 AugCVE-2025-49751 Windows Hyper-V Denial of Service VulnerabilityMissing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.MSRC.MICROSOFT.COM
12 AugCVE-2025-49745 Microsoft Dynamics 365 (on-premises) Cross-site Scripting VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-49758 Microsoft SQL Server Elevation of Privilege VulnerabilityImproper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53727 Microsoft SQL Server Elevation of Privilege VulnerabilityImproper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53729 Microsoft Azure File Sync Elevation of Privilege VulnerabilityImproper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-33051 Microsoft Exchange Server Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53730 Microsoft Office Visio Remote Code Execution VulnerabilityUse after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53741 Microsoft Excel Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53759 Microsoft Excel Remote Code Execution VulnerabilityUse of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53760 Microsoft SharePoint Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53761 Microsoft PowerPoint Remote Code Execution VulnerabilityUse after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-24999 Microsoft SQL Server Elevation of Privilege VulnerabilityImproper access control in SQL Server allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53772 Web Deploy Remote Code Execution VulnerabilityDeserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53773 GitHub Copilot and Visual Studio Remote Code Execution VulnerabilityImproper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53781 Azure Virtual Machines Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-25005 Microsoft Exchange Server Tampering VulnerabilityImproper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-25006 Microsoft Exchange Server Spoofing VulnerabilityImproper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-25007 Microsoft Exchange Server Spoofing VulnerabilityImproper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-49743 Windows Graphics Component Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-49757 Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-49759 Microsoft SQL Server Elevation of Privilege VulnerabilityImproper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-49761 Windows Kernel Elevation of Privilege VulnerabilityUse after free in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-49762 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-50153 Desktop Windows Manager Elevation of Privilege VulnerabilityUse after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-50154 Microsoft Windows File Explorer Spoofing VulnerabilityExposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50156 Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityUse of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50158 Windows NTFS Information Disclosure VulnerabilityTime-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-50159 Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege VulnerabilityUse after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-50160 Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50161 Win32k Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-50162 Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50163 Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50164 Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50165 Windows Graphics Component Remote Code Execution VulnerabilityUntrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50166 Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure VulnerabilityInteger overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50167 Windows Hyper-V Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-50168 Win32k Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-50169 Windows SMB Remote Code Execution VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50170 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImproper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-50171 Remote Desktop Spoofing VulnerabilityMissing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50172 DirectX Graphics Kernel Denial of Service VulnerabilityAllocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50173 Windows Installer Elevation of Privilege VulnerabilityWeak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-50176 DirectX Graphics Kernel Remote Code Execution VulnerabilityAccess of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-50177 Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityUse after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53131 Windows Media Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53132 Win32k Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53133 Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityUse after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53134 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53135 DirectX Graphics Kernel Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53136 NT OS Kernel Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53137 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53138 Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityUse of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53140 Windows Kernel Transaction Manager Elevation of Privilege VulnerabilityUse after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53141 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityNull pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53142 Microsoft Brokering File System Elevation of Privilege VulnerabilityUse after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53143 Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53144 Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53145 Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53147 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53148 Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityUse of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53149 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege VulnerabilityHeap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53151 Windows Kernel Elevation of Privilege VulnerabilityUse after free in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53152 Desktop Windows Manager Remote Code Execution VulnerabilityUse after free in Desktop Windows Manager allows an authorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53153 Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityUse of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53154 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityNull pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53155 Windows Hyper-V Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53156 Windows Storage Port Driver Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Storage Port Driver allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53716 Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityNull pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53718 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53719 Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityUse of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53720 Windows Routing and Remote Access Service (RRAS) Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53721 Windows Connected Devices Platform Service Elevation of Privilege VulnerabilityUse after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53722 Windows Remote Desktop Services Denial of Service VulnerabilityUncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53723 Windows Hyper-V Elevation of Privilege VulnerabilityNumeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53724 Windows Push Notifications Apps Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53725 Windows Push Notifications Apps Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53726 Windows Push Notifications Apps Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53728 Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-47954 Microsoft SQL Server Elevation of Privilege VulnerabilityImproper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53731 Microsoft Office Remote Code Execution VulnerabilityUse after free in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53732 Microsoft Office Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53733 Microsoft Word Remote Code Execution VulnerabilityIncorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53734 Microsoft Office Visio Remote Code Execution VulnerabilityUse after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53735 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53736 Microsoft Word Information Disclosure VulnerabilityBuffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53737 Microsoft Excel Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53738 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53739 Microsoft Excel Remote Code Execution VulnerabilityAccess of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53740 Microsoft Office Remote Code Execution VulnerabilityUse after free in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53765 Azure Stack Hub Information Disclosure VulnerabilityExposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53766 GDI+ Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53769 Windows Security App Spoofing VulnerabilityExternal control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-50157 Windows Routing and Remote Access Service (RRAS) Information Disclosure VulnerabilityUse of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-50155 Windows Push Notifications Apps Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53778 Windows NTLM Elevation of Privilege VulnerabilityImproper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53779 Windows Kerberos Elevation of Privilege VulnerabilityRelative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53783 Microsoft Teams Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-53784 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53788 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege VulnerabilityTime-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53789 Windows StateRepository API Server file Elevation of Privilege VulnerabilityMissing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-53793 Azure Stack Hub Information Disclosure VulnerabilityImproper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-48807 Windows Hyper-V Remote Code Execution VulnerabilityImproper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-49755 Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityUser interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-49707 Azure Virtual Machines Spoofing VulnerabilityImproper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 AugCVE-2025-49712 Microsoft SharePoint Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 AugCVE-2025-49736 Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityThe ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
12 Aug KEVMicrosoft August 2025 Patch Tuesday, (Tue, Aug 12th)This month&#;x26;#;39;s Microsoft patch update addresses a total of 111 vulnerabilities, with 17 classified as critical. Among these, one vulnerability was disclosed prior to the patch release, marking it as a zero-day. While none of the vulnerabilitie…ISC.SANS.EDU
⚠️ VULNERABILITY DISCLOSURE 32[−]
12 AugWeekly Update 464Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing I think the most amusing comment I had during this live stream was one to the effect of expecting me to have all my tech things neat and ordered. As I look arou…TROYHUNT.COM
12 AugSo verwundbar sind KI-AgentenKI-Agenten sind nützlich – und gefährlich, wie aktuelle Untersuchungserkenntnisse von Sicherheitsexperten demonstrieren. amgun | shutterstock.com Large Language Models (LLMs) werden mit immer mehr Tools und Datenquellen verbunden. Das bringt Vorteile, vergrößert aber auch die Ang…CSOONLINE.COM
12 AugNews alert: INE named among top providers of practical, career-ready cybersecurity training in 2025Cary, NC, Aug. 11, 2025, CyberNewswire — INE has been selected for Training Industry’s 2025 Top 20 Online Learning Library Companies list, recognizing the company’s leadership in cybersecurity training, cybersecurity certifications, and IT training that emphasizes han…LASTWATCHDOG.COM
12 AugReddit Blocks Internet Archive Amid AI Data Scraping ConcernsReddit has announced it will restrict the Internet Archive’s Wayback Machine from accessing most of its content, citing concerns about AI companies exploiting the digital preservation service to scrape data in violation of platform policies. The move significantly limits wh…GBHACKERS.COM
12 AugCritical Vulnerability in Carmaker Portal Allows Hackers to Unlock Cars RemotelySecurity researcher Eaton Zveare unveiled a critical flaw in a major automaker’s dealer portal that could allow attackers to unlock and start consumer vehicles from anywhere. The vulnerability, discovered in an obscure centralized dealer software platform used by over 1,000 deale…GBHACKERS.COM
12 Aug5 key takeaways from Black Hat USA 2025Transformational developments in cybersecurity and agentic AI were front and center during presentations and product announcements at Black Hat and DEF CON in Las Vegas last week. Here are the top takeaways from hacker summer camp that CISOs should consider while developing their…CSOONLINE.COM
12 AugRecord $250K Bug Bounty Awarded for Discovering Critical Chrome RCE FlawGoogle has awarded a record-breaking $250,000 bug bounty to security researcher Micky for discovering a critical remote code execution vulnerability in Google Chrome that could allow attackers to escape the browser’s sandbox protection. The flaw, tracked internally as issue…GBHACKERS.COM
12 AugThe Future of Supply Chain Security - Janet Worthington - ASW #343Open source software is a massive contribution that provides everything from foundational frameworks to tiny single-purpose libraries. We walk through the dimensions of trust and provenance in the software supply chain with Janet Worthington. And we discuss how even with new code…YOUTUBE.COM
12 AugSAP Patches Critical S/4HANA VulnerabilitySAP has released 15 new security notes on the August 2025 Patch Tuesday, including for critical vulnerabilities. The post SAP Patches Critical S/4HANA Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
12 AugGPT-5 jailbroken hours after launch using ‘Echo Chamber’ and Storytelling exploitJust hours after OpenAI dropped GPT-5, the newest brain behind ChatGPT, researchers busted it with a multi-turn jailbreak built on “ Echo-Chamber ” and Storytelling tricks. The attack, detailed by researchers at NeuralTrust, injects seemingly harmless details into a conversation …CSOONLINE.COM
12 AugOver 29,000 Exchange servers unpatched against high-severity flawsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/over-29-000-exchange-servers-unpatched-against-high-severity-flaw/SH.ITJUST.WORKS
12 AugResearchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewallssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/08/researchers-spot-surge-in-erlangotp-ssh.htmlSH.ITJUST.WORKS
12 AugAdult sites trick users into Liking Facebook posts using a clickjack Trojansubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.malwarebytes.com/blog/news/2025/08/adult-sites-trick-users-into-liking-facebook-posts-using-a-clickjack-trojan A new malware campaign discovered in August 2025 uses adult websites to spread a clickjack Trojan …INFOSEC.PUB
12 AugOver 3,000 NetScaler devices left unpatched against CitrixBleed 2 bugOver 3,300 Citrix NetScaler devices remain unpatched against a critical vulnerability that allows attackers to bypass authentication by hijacking user sessions, nearly two months after patches were released. [...]BLEEPINGCOMPUTER.COM
12 AugIvanti Connect Secure, Policy Secure, and ZTA Flaws Allow Attackers to Launch DoS AttacksIvanti has released critical security updates addressing multiple vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateway products that could allow remote attackers to launch denial-of-service attacks. The company disclosed four vulnerabilities on August 12, 2025, w…GBHACKERS.COM
12 AugFortinet SSL VPN Targeted by Hackers from 780 Unique IP AddressesCybersecurity researchers at GreyNoise have detected an alarming surge in brute-force attacks against Fortinet SSL VPN systems, with over 780 unique IP addresses launching coordinated attacks in a single day—marking the highest daily volume recorded for this type of attack in rec…GBHACKERS.COM
12 AugShinyHunters Claims BreachForums Seized by Law Enforcement, Now a HoneypotThe threat actor known as ShinyHunters has publicly disclosed what they claim is a covert seizure of BreachForums, a notorious online platform used for trading stolen data and discussing illicit hacking activities. According to ShinyHunters’ announcement, the forum’s …GBHACKERS.COM
12 AugCybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on BusinessesAn ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show. "This latest wave of ShinyHunters-attri…THEHACKERNEWS.COM
12 AugCISA Releases Seven Industrial Control Systems AdvisoriesCISA released seven Industrial Control Systems (ICS) advisories on August 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-224-01 Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share I…CISA.GOV
12 AugShinyHunters Unveils That BreachForums Taken by Law Enforcement Agencies, Now It Is a Honeypotsubmitted by PhilipTheBucket to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/breachforums-taken-by-law-enforcement-agencies/ The threat actor collective ShinyHunters has recently announced that BreachForums—one of the most prolific breeding grounds for stolen…SH.ITJUST.WORKS
12 Aug3 Zero Days Rated 9.3 🤯 You Better Patch That ESXi!When Doug White heard about four new ESXi zero-day vulnerabilities discovered at Pwn2Own Berlin—three of them rated 9.3 severity—he couldn’t believe it. These flaws allow programs running inside virtual machines to break out and execute code on the host system… the ultimate night…YOUTUBE.COM
12 AugMicrosoft August 2025 Patch Tuesday fixes one zero-day, 107 flawsToday is Microsoft's August 2025 Patch Tuesday, which includes security updates for 107 flaws, including one publicly disclosed zero-day vulnerability in Windows Kerberos. [...]BLEEPINGCOMPUTER.COM
12 AugFortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManagerCybersecurity researchers are warning of a "significant spike" in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence firm GreyNoise, was observed on August 3, 2025, with over 780 unique IP addresses participating in the effort…THEHACKERNEWS.COM
12 AugMicrosoft Patch Tuesday August 2025: 107 Vulnerabilities Patched, Including 35 RCE FlawsMicrosoft has rolled out its August 2025 Patch Tuesday fixes, addressing a total of 107 vulnerabilities across its ecosystem. This month’s release stands out for its sheer volume and the inclusion of 35 remote code execution (RCE) bugs, which could allow attackers to run ma…GBHACKERS.COM
12 AugAndroid’s pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security CertificationPosted by Dave Kleidermacher, VP Engineering, Android Security & Privacy Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics. Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android…SECURITY.GOOGLEBLOG.COM
12 AugQuick Assist Is Built In... So Is the Risk 🔓Everyone has it. Most don’t realize how dangerous it is. In this short, Rob Allen and Doug White reveal how Quick Assist—a remote access tool built into every Windows machine—is being weaponized by cybercriminals. All it takes is one fake “Microsoft” call and a little trust… and …YOUTUBE.COM
12 AugLaw Enforcement Seizes BlackSuit Ransomware Servers Targeting U.S. Critical InfrastructureThe U.S. Department of Justice, in collaboration with multiple domestic and international law enforcement agencies, announced the seizure of critical infrastructure associated with the BlackSuit ransomware group, formerly known as Royal. Authorities dismantled four command-and-co…GBHACKERS.COM
12 AugNo Regulator, No Rules: Crypto’s Wild West Is HereIn this short, cybersecurity expert Joshua Marpet breaks down a critical problem: the lack of regulation over stablecoin issuers. Without a dedicated watchdog, the crypto space is turning into the Wild West — where legitimate players make money, and scammers thrive. His warning? …YOUTUBE.COM
12 AugHackers leak Allianz Life data stolen in Salesforce attacksHackers have released stolen data belonging to US insurance giant Allianz Life, exposing 2.8 million records with sensitive information on business partners and customers in ongoing Salesforce data theft attacks. [...]BLEEPINGCOMPUTER.COM
12 AugCritical Patches Issued for Microsoft Products, August 12, 2025Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, o…CISECURITY.ORG
12 AugMultiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Commerce is a comprehensive, enterprise-grade e-commerce platform, formerly known as Magento Commerce, that allows businesses to build, person…CISECURITY.ORG
📋 SECURITY BULLETINS 3[−]
12 AugSAP Security Patch Day Fixes 15 Flaws, Including 3 Injection VulnerabilitiesSAP released critical security updates on August 12, 2025, addressing 15 vulnerabilities across its enterprise software portfolio, with three severe code injection flaws receiving the highest CVSS scores of 9.9. The monthly Security Patch Day also included four updates to previou…GBHACKERS.COM
12 AugWindows 10 KB5063709 update fixes extended security updates enrollmentMicrosoft has released the KB5063709 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including a fix for a bug that prevented enrollment in extended security updates. [...]BLEEPINGCOMPUTER.COM
12 AugMicrosoft Patch Tuesday, August 2025 EditionMicrosoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft's most-dire "critical" rating, meaning they could be abused by malware or malcontents to gain remote access to a Wi…KREBSONSECURITY.COM
📢 SECURITY ADVISORIES 5[−]
12 AugDigitale Souveränität für Deutschland vorerst unerreichbarBSI-Präsidentin Plattner: “Wir haben technologische Abhängigkeiten an ganz vielen Stellen.” Jan Waßmuth Seine Abhängigkeit von Cloud-Lösungen, KI-Modellen und anderen Tech-Produkten aus dem Ausland wird Deutschland nach Einschätzung des Bundesamtes für Sicherheit in der Informati…CSOONLINE.COM
12 AugAPT27 Doesn’t Knock… They Blow In 🔓When cybersecurity experts talk about APT27, aka Silk Typhoon, they're not just naming a hacker group — they’re pointing straight at China’s Ministry of State Security. In this short, Aaran unpacks how state-sponsored cyberattacks are hiding behind meteorological names like Silk,…YOUTUBE.COM
🔥 INCIDENT REPORTING 22[−]
12 AugDarkBit Hackers Target VMware ESXi Servers to Deploy Ransomware and Encrypt VMDK FilesA sophisticated ransomware attack by a previously unknown cybercriminal group called “DarkBit” has targeted a major organization’s VMware ESXi infrastructure, encrypting critical virtual machine files and raising concerns about potential state-sponsored cyber wa…GBHACKERS.COM
12 AugNorth Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information OnlineA member of North Korea’s notorious Kimsuky espionage group has experienced a significant data breach after insiders leaked hundreds of gigabytes of internal files and tools to the public. The breach, which emerged in early June 2025, exposed the group’s sophisticated backdoors, …GBHACKERS.COM
12 AugNew Ransomware Charon Uses Earth Baxia APT Techniques To Target EnterprisesWe uncovered Charon, a new ransomware strainfamily that uses advanced APT-style techniques, including DLL sideloading, process injection, and anti-EDR capabilities, to target organizations with customized ransom demands.TRENDMICRO.COM
12 AugRoyal Enfield Reportedly Targeted in Ransomware Attack, Hackers Claim Data EncryptionRoyal Enfield, the storied motorcycle manufacturer celebrated for its classic designs and global fan base, is reportedly grappling with a significant cybersecurity breach. A hacker collective posted a “Complete Breach Notice” on an underground forum, claiming full system compromi…GBHACKERS.COM
12 AugThe “Incriminating Video” ScamA few years ago, scammers invented a new phishing email. They would claim to have hacked your computer, turned your webcam on, and videoed you watching porn or having sex. BuzzFeed has an article talking about a “shockingly realistic” variant, which includes photos of…SCHNEIER.COM
12 AugSaint Paul cyberattack linked to Interlock ransomware gangThe mayor of Saint Paul, Minnesota's capital city, has confirmed that the Interlock ransomware gang is responsible for a cyberattack that disrupted many of the city's systems and services in July. [...]BLEEPINGCOMPUTER.COM
12 AugScattered Spider’s New Telegram Channel Names Targeted OrganizationsA new Telegram channel that combined the names of well-known threat actor organizations Shiny Hunters, Scattered Spider, and Lapsus$ emerged on Friday afternoon in a daring uptick in cyberthreat activity. This platform, potentially short-lived due to Telegram’s moderation p…GBHACKERS.COM
12 AugManpower discloses data breach affecting nearly 145,000 peopleManpower, one of the world's largest staffing companies, is notifying nearly 145,000 individuals that their information was stolen by attackers who breached the company's systems in December 2024. [...]BLEEPINGCOMPUTER.COM
12 AugREvil Actor Accuses Russia of Planning 2021 Kaseya Attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/revil-actor-russia-planning-2021-kaseya-attackSH.ITJUST.WORKS
12 Aug275M patient records breached—How to meet HIPAA password manager requirementsHealthcare led all industries in 2024 breaches—over 275M patient records exposed, mostly via weak or stolen passwords. See how the self-hosted password manager by Passwork helps providers meet HIPAA requirements, protect ePHI, and keep care running. Try it free for 1 month. [...]BLEEPINGCOMPUTER.COM
12 AugUS reveals it seized $1 million worth of Bitcoin from Russian BlackSuit ransomware gangThe United States Department of Justice has revealed that the recent takedown of the BlackSuit ransomware gang's servers, domains, and dark web extortion site, also saw the seizure of US $1,091,453 worth of cryptocurrency. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
12 AugMcPwned: The McHire Breach Explained 💻🛑When researchers uncovered the breach in McDonald’s McHire system, they weren’t cracking some ultra-secure firewall or breaking through advanced encryption. Nope—just a guessed username and the world’s worst password: 123456. In this short, Doug White hilariously breaks down how …YOUTUBE.COM
12 AugUS govt seizes $1 million in crypto from BlackSuit ransomware gangThe U.S. Department of Justice (DoJ) seized cryptocurrency and digital assets worth $1,091,453 at the time of confiscation, on January 9, 2024, from the BlackSuit ransomware gang. [...]BLEEPINGCOMPUTER.COM
12 AugThink Your Site’s Safe? Gravity Forms Just Got Hit.A massive wake-up call for WordPress users. Gravity Forms—a trusted plugin used by millions—was found to have a backdoor after a supply chain attack. Cybersecurity expert Doug White explains how this legitimate plugin was compromised and what it means for small business websites …YOUTUBE.COM
12 AugNew Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises | Trend Micro (US)submitted by kid to cybersecurity 1 points | 0 comments https://www.trendmicro.com/en_us/research/25/h/new-ransomware-charon.htmlSH.ITJUST.WORKS
12 AugSaint Paul cyberattack linked to Interlock ransomware gangsubmitted by kid to cybersecurity 4 points | 0 comments https://www.bleepingcomputer.com/news/security/saint-paul-cyberattack-linked-to-interlock-ransomware-gang/SH.ITJUST.WORKS
12 AugHackers breach and expose a major North Korean spying operationTwo hackers broke into the computer of a North Korean government hacker and leaked its contents, offering a rare glimpse inside the secretive nation's spying operations.TECHCRUNCH.COM
12 AugResearchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain RisksNew research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the…THEHACKERNEWS.COM
12 AugDocker Hub still hosts dozens of Linux images with the XZ backdoorsubmitted by tonytins to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/docker-hub-still-hosts-dozens-of-linux-images-with-the-xz-backdoor/ The XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on D…INFOSEC.PUB
12 AugRussian government hackers said to be behind US federal court filing system hack: reportOfficials are reportedly blaming a recent breach of the U.S. federal court's filing system on Russia, whose hackers used the access to snoop on midlevel criminal cases in the New York City area and other jurisdictions.TECHCRUNCH.COM
12 AugIf Cybersecurity Had a Superpower… It'd Be THIS.This short dives into a mind-blowing cybersecurity tool built to handle over 10 million files per hour—yes, million. Designed for scalability, automation, and raw speed, it combines Docker, access control, and seamless investigation workflows all in one place. It’s not just fast—…YOUTUBE.COM
12 AugRussia Is Suspected to Be Behind Breach of Federal Court Filing Systemsubmitted by sundray to cybersecurity 0 points | 0 comments https://archive.ph/wUKm1SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 21[−]
12 AugISC Stormcast For Tuesday, August 12th, 2025 https://isc.sans.edu/podcastdetail/9566, (Tue, Aug 12th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
12 AugEx-White House cyber, counter-terrorism guru: Microsoft considers security an annoyance, not a necessitysubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/08/08/exwhite_house_cyber_and_counterterrorism/INFOSEC.PUB
12 AugNews alert: New Heimdal study reveals tool overload is driving fatigue, missed threats in MSPsLondon, Aug. 11, 2025, CyberNewswire—A survey of 80 North American MSPs shows fragmented security stacks drive fatigue, missed threats, and business inefficiency Security tools meant to protect managed service providers are instead overwhelming them. A new study from Heimdal and …LASTWATCHDOG.COM
12 AugResearchers Detail Script-Masking Tactics That Bypass DefensesSecurity researchers and cybersecurity professionals are highlighting the growing sophistication of payload obfuscation techniques that allow malicious actors to bypass traditional defense mechanisms. As organizations increasingly rely on web application firewalls (WAFs) and auto…GBHACKERS.COM
12 AugForging a Secure Digital FutureThe South Africa cloud location signifies the Palo Alto Networks commitment to the region's digital transformation journey and its cybersecurity resilience. The post Forging a Secure Digital Future appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
12 AugSHARED INTEL Q&A: From Code Red to the ‘new control plane’ — Marc Maiffret on identityThe identity security market got its moment of validation. Related: Inside Palo Alto Networks acquisition of CyberArk Palo Alto Networks’ blockbuster $25 billion acquisition of CyberArk — its largest to date — underscores a strategic inflection point: identity has become … …LASTWATCHDOG.COM
12 AugHonoring KnowBe4’s 15 Years of Excellence with a New Brand IdentityAs I reflect on KnowBe4's incredible journey, I'm filled with both pride for how far we've come and excitement for what’s ahead.KNOWBE4.COM
12 AugHackers steal Google Ads business contact data | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/hackers-steal-google-potential-ads-customer-data/SH.ITJUST.WORKS
12 AugCodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event)Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained. The post CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (…SECURITYWEEK.COM
12 AugFlaws in Major Automaker's Dealership Systems Allowed Car Hacking, Personal Data Theft - SecurityWeeksubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/flaws-in-major-automakers-dealership-systems-allowed-car-hacking-personal-data-theft/SH.ITJUST.WORKS
12 Aug1Kosmos Raises $57 Million for Identity Verification and Authentication Platform1Kosmos has raised $57 million in Series B funding, which brings the total raised by the company to $72 million. The post 1Kosmos Raises $57 Million for Identity Verification and Authentication Platform appeared first on SecurityWeek .SECURITYWEEK.COM
12 AugNew ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova AttacksA previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks. "They repeatedly tried to extract the NTDS database from doma…THEHACKERNEWS.COM
12 AugDon't Just Watch Cyber Happen—Shape ItAs AI transforms the cybersecurity landscape, most professionals remain silent. But Joshua Marpet has a different message: speak up or be left behind. In this powerful moment, he urges SOC analysts and cyber pros to get involved, leave public comments, and help shape the very rol…YOUTUBE.COM
12 AugCurly COMrades cyberspies hit govt orgs with custom malwareA new cyber-espionage threat group has been using a new backdoor malware that provides persistent access through a seemingly inactive scheduled task. [...]BLEEPINGCOMPUTER.COM
12 AugInside the Dark Web’s Access Economy: How Hackers Sell the Keys to Enterprise NetworksRapid7’s analysis of dark web forums reveals a thriving market where elite hackers sell corporate network access to buyers, turning cybercrime into a streamlined business. The post Inside the Dark Web’s Access Economy: How Hackers Sell the Keys to Enterprise Networks appeared fir…SECURITYWEEK.COM
12 AugDow’s 125-year legacy: Innovating with AI to secure a long futureMicrosoft recently spoke with Mario Ferket, Chief Information Security Officer for Dow, about the company’s approach to AI in security. The post Dow’s 125-year legacy: Innovating with AI to secure a long future appeared first on Microsoft Security Blog .MICROSOFT.COM
12 AugPoisonSeed Phishing Kit Bypasses MFA to Steal Credentials from Users and OrganizationsThe threat actor known as PoisonSeed, loosely affiliated with groups like Scattered Spider and CryptoChameleon, has deployed an active phishing kit designed to circumvent multi-factor authentication (MFA) and harvest credentials from individuals and organizations. This kit, opera…GBHACKERS.COM
12 AugScattered Spider and ShinyHunters' Next Move: Leaking Datasubmitted by kid to cybersecurity 1 points | 0 comments https://www.bankinfosecurity.com/scattered-spider-shinyhunters-next-move-leaking-data-a-29170SH.ITJUST.WORKS
12 AugElectronic Arts Blocks 300,000 Cheating Attempts After Battlefield 6 Beta LaunchElectronic Arts’ SPEAR Anti-Cheat Team has released a noteworthy update, stating that since the Battlefield 6 Open Beta Early Access launch, the company’s Javelin anti-cheat technology has successfully prevented over 330,000 attempts to cheat or tamper with security c…GBHACKERS.COM
12 AugGoogle, Bing, Brave… And the AI Mafia Behind It All 🤖AI isn't just knocking on the door — it's kicking it in. In this chaotic short, cybersecurity expert Doug White breaks down how Microsoft, Google, and Bing are integrating AI into browsers whether users want it or not. From sarcastic quips about Bing’s obsession with Brave to omi…YOUTUBE.COM
12 Aug300 Baud, Buddy Hackett Nudes, Dell, badUSB, Exchange, Erlang/OTP, Josh Marpet... - SWN #502300 Baud, Buddy Hackett Nudes, Dell, badUSB, Exchange, Erlang/OTP, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-502YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
12 AugThe AI Fix #63: GPT-5 is the best AI ever, and Jim Acosta interviews a murdered teenager’s avatarIn episode 63 of The AI Fix, Unitree Robotics looks to Black Mirror episode “Metalhead” for tips on marketing its new robot dog, ChatGPT is secretly running Sweden, OpenAI introduces its first open weight model since GPT-2, and your private and personal ChatGPT conversations coul…GRAHAMCLULEY.COM
12 AugDocker Hub still hosts dozens of Linux images with the XZ backdoorThe XZ-Utils backdoor, first discovered in March 2024, is still present in at least 35 Linux images on Docker Hub, potentially putting users, organizations, and their data at risk. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 14[−]
12 AugSleepwalk: a sophisticated way to steal encryption keys | Kaspersky official blogThe theoretical Sleepwalk attack can reconstruct encryption keys by analyzing power consumption spikes.KASPERSKY.COM
12 AugThe Ultimate Battle: Enterprise Browsers vs. Secure Browser ExtensionsMost security tools can’t see what happens inside the browser, but that’s where the majority of work, and risk, now lives. Security leaders deciding how to close that gap often face a choice: deploy a dedicated Enterprise Browser or add an enterprise-grade control layer to the br…THEHACKERNEWS.COM
12 AugWindows 11 23H2 Home and Pro reach end of support in NovemberMicrosoft announced today that systems running Home and Pro editions of Windows 11 23H2 will stop receiving updates in three months. [...]BLEEPINGCOMPUTER.COM
12 AugEnhancements and new offerings for Sophos’ email security portfolioFollowing multiple enhancements to Sophos Email – the only MDR-optimized email security solution – Sophos is introducing two new offerings to boost email security posture.SOPHOS.COM
12 AugAndroid's pKVM hypervisor earns SESIP Level 5 security certificationGoogle announced that its protected Kernel-based Virtual Machine (pKVM) for Android has achieved SESIP Level 5 certification, the highest security assurance level for IoT and mobile platforms. [...]BLEEPINGCOMPUTER.COM
12 AugWindows 11 KB5063878 & KB5063875 cumulative updates releasedMicrosoft has released Windows 11 KB5063878 and KB5063875 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]BLEEPINGCOMPUTER.COM
12 AugOpenAI rolls out Gmail, Calendar, and Contacts integration in ChatGPTOpenAI wants ChatGPT to know more about you, including your emails, calendar events in Google Calendar and even your Google contacts to reference everything in a conversation. [...]BLEEPINGCOMPUTER.COM
12 AugChatGPT's new subscription costs less than $5, but it's not for everyoneOpenAI has begun updating its pricing page to include a new plan called 'ChatGPT Go.' It costs 399 INR (Indian Rupee) or roughly $4.55, but there's a catch. [...]BLEEPINGCOMPUTER.COM
12 AugClaude gets 1M tokens support via API to take on Gemini 2.5 ProClaude Sonnet 4 has been upgraded, and it can now remember up to 1 million tokens of context, but only when it's used via API. This could change in the future. [...]BLEEPINGCOMPUTER.COM
12 AugSupply-chain dependencies: Check your resilience blind spotDoes your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them?WELIVESECURITY.COM
12 AugHow the always-on generation can level up its cybersecurity gameDigital natives are comfortable with technology, but may be more exposed to online scams and other threats than they thinkWELIVESECURITY.COM