🚨 CISA KEV 1[−]
13 Aug KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-8875 N-able N-central Insecure Deserialization Vulnerability CVE-2025-8876 N-able N-central Command Injection Vulnerability These…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 15[−]
13 Aug KEVAugust Patch Tuesday: Authentication hole in Windows Server 2025 now has a fixA critical zero-day vulnerability in Windows servers running the Kerberos authentication system, first disclosed in May, has now been patched by Microsoft, but must be given high priority by admins because there’s also an available exploit threat actors can use. The fix is among …CSOONLINE.COM
13 Aug KEVCitrix NetScaler flaw likely has global impactAttackers are exploiting a Citrix NetScaler vulnerability to breach critical organizations, notably in the Netherlands, but most likely in other countries as well. The Netherlands’ National Cyber Security Centre (NCSC) has tracked vulnerabilities caused by a memory overflow bug t…CSOONLINE.COM
13 AugMicrosoft Teams RCE Flaw Allows Hackers to Read, Modify, and Delete MessagesMicrosoft has disclosed a critical remote code execution vulnerability in Microsoft Teams that could allow attackers to execute malicious code and potentially access, modify, or delete user messages. The vulnerability, tracked as CVE-2025-53783, was published on August 12, 2025, …GBHACKERS.COM
13 AugNew Zero-Click NTLM Credential Leak Exploit Bypasses Microsoft Patch for CVE-2025-24054Security researchers at Cymulate Research Labs have discovered a critical zero-click NTLM credential leakage vulnerability that successfully bypasses Microsoft’s security patch for CVE-2025-24054, demonstrating that the original fix was incomplete and leaving millions of Wi…GBHACKERS.COM
13 AugFortiWeb Authentication Bypass Vulnerability Allows Logins as Any Existing UserA critical security vulnerability in Fortinet’s FortiWeb web application firewall has been discovered that allows unauthenticated attackers to bypass authentication and impersonate any existing user on affected devices. The flaw, tracked as CVE-2025-52970 and dubbed “…GBHACKERS.COM
13 AugCritical FortiSIEM Vulnerability Allows Attackers to Execute Malicious Commands, PoC Found in the WildSecurity researchers have discovered a critical vulnerability in Fortinet’s FortiSIEM platform that enables remote attackers to execute unauthorized commands without authentication. The flaw, tracked as CVE-2025-25256, has achieved a maximum CVSS score of 9.8 and poses an i…GBHACKERS.COM
13 AugCVE-2017-11882 Will Never Die, (Wed, Aug 13th)One of the key messages broadcasted by security professionals is: "Patch, patch and patch again!". But they are nasty vulnerabilities that remain exploited by attackers even if they are pretty old. %%cve:2017-11882%% is one of them: this remote code execu…ISC.SANS.EDU
13 AugGitHub Copilot RCE Vulnerability via Prompt Injection Enables Full System CompromiseA critical security vulnerability in GitHub Copilot has been disclosed, allowing attackers to achieve remote code execution and complete system compromise through sophisticated prompt injection techniques. The vulnerability, tracked as CVE-2025-53773, was patched by Microsoft in …GBHACKERS.COM
13 AugWindows Remote Desktop Services Flaw Allows Network-Based Denial-of-Service AttacksMicrosoft disclosed a critical vulnerability in Windows Remote Desktop Services on August 12, 2025, that enables attackers to launch denial-of-service attacks remotely without requiring authentication or user interaction. The flaw, tracked as CVE-2025-53722, has been assigned an …GBHACKERS.COM
13 AugMicrosoft Exchange Server Flaws Allow Network-Based Spoofing and Data TamperingMicrosoft has disclosed critical security vulnerabilities in Exchange Server that could enable attackers to conduct network-based spoofing attacks and tamper with sensitive data, according to security bulletins released on August 12, 2025. The vulnerabilities, identified as CVE-2…GBHACKERS.COM
13 AugMicrosoft Office Vulnerabilities Allow Attackers to Execute Remote CodeMicrosoft has disclosed three critical security vulnerabilities in its Office suite that could enable attackers to execute malicious code remotely on affected systems. The vulnerabilities, identified as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, were released on August 1…GBHACKERS.COM
13 AugHackers exploit unpatched Erlang/OTP to crack OT firewallsA max-severity remote code execution (RCE) issue affecting the SSH daemon (sshd) of Erlang’s Open Telecom Platform (OTP) was exploited by attackers in the wild, days after a patch was issued in April 2025. According to Unit 42, attackers began exploiting the flaw, tracked as CVE-…CSOONLINE.COM
13 AugFortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit CodeFortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0. "An improper neutralization of special elements used …THEHACKERNEWS.COM
13 AugNew ransomware ‘Charon’ uses DLL sideloading to breach critical infrastructureTrend Micro has identified a new ransomware strain, Charon, which is being deployed in highly targeted attacks against aviation and public sector entities in the Middle East. Unlike conventional ransomware, Charon leverages advanced persistent threat (APT)-style techniques, such …CSOONLINE.COM
13 AugZoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE FlawsZoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution. The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
13 AugGet Pwned, Get Local Advice From a Trusted Gov SourcePresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing We were recently travelling to faraway lands, doing meet and greets with gov partners, when one of them posed an interesting idea: What if people from our part …TROYHUNT.COM
13 AugSchwachstellen managen: Die besten Vulnerability-Management-ToolsSchwachstellen zu managen, muss keine Schwerstarbeit sein. Wenn Sie die richtigen Tools einsetzen. Das sind die besten in Sachen Vulnerability Management. Foto: eamesBot – shutterstock.com Nicht nur das Vulnerability Management hat sich im Laufe der Jahre erheblich verändert, son…CSOONLINE.COM
13 AugAdobe Patches Over 60 Vulnerabilities Across 13 ProductsAdobe’s security updates fix vulnerabilities in Commerce, Substance, InDesign, FrameMaker, Dimension and other products. The post Adobe Patches Over 60 Vulnerabilities Across 13 Products appeared first on SecurityWeek .SECURITYWEEK.COM
13 AugDigital siege puts Taiwan’s resilience to the test: Taipei bets on transparency, civil society as China increases cyber attackssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.aspistrategist.org.au/digital-siege-puts-taiwans-resilience-to-the-test cross-posted from: lemmy.sdf.org/post/40359316 Archived Taiwan’s approach is also notable for its emphasis on transparency and civil…INFOSEC.PUB
13 AugDigital siege puts Taiwan’s resilience to the test: Taipei bets on transparency, civil society as China increases cyber attackssubmitted by Hotznplotzn to cybersecurity 2 points | 0 comments https://www.aspistrategist.org.au/digital-siege-puts-taiwans-resilience-to-the-test cross-posted from: lemmy.sdf.org/post/40359316 Archived Taiwan’s approach is also notable for its emphasis on transparency and civil…SH.ITJUST.WORKS
13 AugUrgent Vulnerabilities: Patching Exchange, Citrix, and FortinetIn this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full…CYBERSECURITYTODAY.LIBSYN.COM
13 AugMicrosoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New FlawsMicrosoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release. Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are…THEHACKERNEWS.COM
13 AugDefending Trust & Reputation as CISOs and Leaders Prepare Their AI Strategy - Santosh ... - BSW #408As brands grow more digital, the threats grow more personal. Attackers impersonate executives, spin up fake websites, and leak sensitive data — hurting business reputations and breaking customer trust. How do you defend your organization's reputation and customers' trust? Santosh…YOUTUBE.COM
13 AugMultiple GitLab Vulnerabilities Allow Account Takeover and Stored XSS AttacksGitLab has released critical security patches addressing multiple high-severity vulnerabilities that could enable attackers to execute account takeovers and stored cross-site scripting (XSS) attacks across both Community Edition (CE) and Enterprise Edition (EE) platforms. The vul…GBHACKERS.COM
13 AugWeb DDoS and App Exploitation Attacks Surge in First Half of 2025Radware’s monitoring showed a 39% increase in Web DDoS attacks compared to the second half of 2024, culminating in a record 54% quarter-over-quarter increase in Q2, indicating a dramatic escalation of cyber threats during the first half of 2025. This escalation reflects a s…GBHACKERS.COM
13 AugSilicon under siege: Nation-state hackers target semiconductor supply chainsCyberattacks targeting the global semiconductor industry surged more than 600% since 2022, with confirmed ransomware losses exceeding $1.05 billion since 2018, according to new research published Wednesday by cybersecurity firm CloudSEK. The comprehensive threat landscape report …CSOONLINE.COM
13 AugSerbia is secretly expanding Chinese surveillance system despite EU warnings and local oppositionsubmitted by randomname to cybersecurity 2 points | 0 comments https://vreme.com/en/vesti/rse-srbija-tajno-siri-kineski-sistem-nadzora-uprkos-upozorenjima-eu cross-posted from: scribe.disroot.org/post/4016991 Archived … Confidential documents … reveal that Serbia is procuring equ…INFOSEC.PUB
13 AugSerbia is secretly expanding Chinese surveillance system despite EU warnings and local oppositionsubmitted by randomname to cybersecurity 2 points | 0 comments https://vreme.com/en/vesti/rse-srbija-tajno-siri-kineski-sistem-nadzora-uprkos-upozorenjima-eu cross-posted from: scribe.disroot.org/post/4016991 Archived … Confidential documents … reveal that Serbia is procuring equ…SH.ITJUST.WORKS
13 AugShinyHunters May Have Teamed Up With Scattered Spider in Salesforce Attack CampaignsThe financially motivated threat group ShinyHunters has returned with a sophisticated series of attacks targeting Salesforce instances across high-profile enterprises in industries like retail, aviation, and insurance, after a year of relative quiet following member arrests in Ju…GBHACKERS.COM
13 AugOver 3,000 NetScaler devices left unpatched against CitrixBleed 2 bugsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/over-3-000-netscaler-devices-left-unpatched-against-actively-exploited-citrixbleed-2-flaw/SH.ITJUST.WORKS
13 AugHe Almost Got Fired… for Having Nmap Installed 😱When cybersecurity expert Doug White shared a wild real-life story, the internet listened. A professional nearly lost his job for having Nmap—a common network scanning tool—on his work machine. The company assumed it was malware. But was it? This short dives into the razor-thin l…YOUTUBE.COM
13 AugHackers Deploy Dedicated Phishlet for FIDO Authentication Downgrade AttacksProofpoint researchers have uncovered a novel technique allowing threat actors to bypass FIDO-based authentication through downgrade attacks, leveraging a custom phishlet within adversary-in-the-middle (AiTM) frameworks. This method exploits gaps in browser compatibility and user…GBHACKERS.COM
13 Aug2 SharePoint Zero Days… AFTER the Patch?! 😳🚨 Even after Microsoft’s emergency patch for SharePoint, cybersecurity experts were stunned when two more zero-day vulnerabilities were discovered — still exploitable even with the patch installed. During Pwn2Own Berlin, attackers used a flaw called ToolShell to achieve remote co…YOUTUBE.COM
13 AugSpike in Fortinet VPN brute-force attacks raises zero-day concernsA massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift in targeting that has historically preceded new vulnerability disclosures. [...]BLEEPINGCOMPUTER.COM
13 AugThe Altair 8800: Cybersecurity’s Grandfather? #throwbacktechBack in 1975, the Altair 8800 hit the scene as one of the very first microcomputers—complete with just 1KB of RAM and an Intel 8080 CPU. It was bulky, modular, and way ahead of its time. But here’s what most cybersecurity pros don’t realize: this humble machine helped spark a dig…YOUTUBE.COM
13 AugAdobe’s August 2025 Patch Tuesday Fixes 60 Vulnerabilities Across Multiple ProductsAdobe has rolled out its August 2025 Patch Tuesday updates, addressing a total of 60 vulnerabilities across a wide array of products, including key creative tools and enterprise solutions. These patches primarily focus on out-of-bounds read and write issues, use-after-free errors…GBHACKERS.COM
13 AugThe Creepy New AI Pricing Tactic No One Told You AboutAI is no longer just predicting trends — it's setting prices based on your personal data. In this short, Doug White explains how companies are using surveillance pricing to analyze your browser, device, and even your perceived wealth to decide what you’ll pay. This creepy new tac…YOUTUBE.COM
13 AugGoogle’s Android pKVM Framework Achieves SESIP Level 5 CertificationGoogle has revealed that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework (AVF), has achieved SESIP Level 5 certification, marking a major breakthrough for open-source security and consumer electronics. This milestone positions pKVM as the ina…GBHACKERS.COM
13 AugThey Hacked an AI Assistant With Markdown 😱An AI assistant. A harmless readme file. But behind the scenes? A stealthy exploit that bypassed security using natural language commands. In less than 48 hours, researchers tricked Gemini CLI into executing hidden instructions—all embedded in a simple README.md. No flashy malwar…YOUTUBE.COM
13 AugEmerging AI-Driven Phishing Trends Reshape Cybercrime TacticsArtificial intelligence (AI) in advances and adaptive social engineering techniques have led to a significant revolution in phishing and scams within the continually changing realm of cybercrime. Cybercriminals are leveraging neural networks and large language models (LLMs) to cr…GBHACKERS.COM
13 AugFortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wildFortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. [...]BLEEPINGCOMPUTER.COM
13 AugThat 16 Billion Password Story (AKA "Data Troll")Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing Spoiler: I have data from the story in the title of this post, it's mostly what I expected it to be, I've just added it to HIBP where I've called…TROYHUNT.COM
13 AugRussian APT group Curly COMrades employs novel backdoor and persistence tricksResearchers have observed new cyberespionage campaigns against key organizations from EU-hopefuls Moldova and Georgia using a previously unknown backdoor program and novel persistence techniques. Absent of evidence to link this activity to known APT groups, the researchers have a…CSOONLINE.COM
13 AugRisky Business #802 -- Accessing internal Microsoft apps with your Hotmail credsOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: CISA warns about the path from on-prem Exchange to the cloud Microsoft awards a crisp zero dollar bill for a report about what a mess its internal Entra-authed apps are Everyone an…RISKY.BIZ
📋 SECURITY BULLETINS 6[−]
13 AugMicrosoft Patches Over 100 VulnerabilitiesMicrosoft’s August 2025 Patch Tuesday updates address critical vulnerabilities in Windows, Office, and Hyper-V. The post Microsoft Patches Over 100 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
13 AugChrome Security Update Fixes High-Severity Flaws Allowing Arbitrary Code ExecutionGoogle has released a critical security update for its Chrome browser, addressing six security vulnerabilities, including three high-severity flaws that could potentially allow arbitrary code execution on affected systems. The stable channel update, version 139.0.7258.127/.128 fo…GBHACKERS.COM
13 AugICS Patch Tuesday: Major Vendors Address Code Execution VulnerabilitiesAugust 2025 ICS Patch Tuesday advisories have been published by Siemens, Schneider, Aveva, Honeywell, ABB and Phoenix Contact. The post ICS Patch Tuesday: Major Vendors Address Code Execution Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
13 AugFortinet, Ivanti Release August 2025 Security PatchesFortinet and Ivanti have published new security advisories for their August 2025 Patch Tuesday updates. The post Fortinet, Ivanti Release August 2025 Security Patches appeared first on SecurityWeek .SECURITYWEEK.COM
13 AugChipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, NvidiaIntel, AMD and Nvidia have published security advisories describing vulnerabilities found recently in their products. The post Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia appeared first on SecurityWeek .SECURITYWEEK.COM
13 AugAugust Patch Tuesday includes blasts from the (recent) pastMicrosoft haul this month covers 109 CVEs… more or lessSOPHOS.COM
📢 SECURITY ADVISORIES 14[−]
13 AugCISA and Partners Release Asset Inventory Guidance to Strengthen Operational Technology SecurityCISA.GOV
13 AugCISA and Partners Release Asset Inventory Guidance for Operational Technology Owners and OperatorsCISA, along with the National Security Agency, the Federal Bureau of Investigation, Environmental Protection Agency, and several international partners, released comprehensive guidance to help operational technology (OT) owners and operators across all critical infrastructure sec…CISA.GOV
13 AugCritical SSH vulnerabilities expose enterprise network infrastructure as patching lagsThe Secure Shell (SSH ) protocol serves as the backbone of modern network administration, providing encrypted remote access to virtually every server, network device and embedded system in enterprise environments. From routers and switches to industrial control systems and cloud …NETWORKWORLD.COM
13 AugWindows 11 24H2 updates failing again with 0x80240069 errorsThe KB5063878 Windows 11 24H2 cumulative update, released earlier this week, fails to install on some systems according to widespread reports from Windows administrators. [...]BLEEPINGCOMPUTER.COM
13 AugCISA’s Free Security Scan: Game-Changer or Gimmick? 🤔CISA is offering free cybersecurity tools and on-site security scans for critical infrastructure—and most professionals don’t even know it. In this short, Doug White breaks down what’s available and why it could be a total game-changer for underfunded orgs. From next-gen malware …YOUTUBE.COM
🔥 INCIDENT REPORTING 10[−]
13 AugCharon Ransomware Hits Middle East Sectors Using APT-Level Evasion TacticsCybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East's public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirro…THEHACKERNEWS.COM
13 AugMalicious npm Package Lures Job Seekers and Exfiltrates Sensitive DataA self-proclaimed Ukrainian Web3 team targeted a community member during an interview’s first round by instructing them to clone and run a GitHub repository named EvaCodes-Community/UltraX. Suspecting foul play, the individual contacted the SlowMist security team, who condu…GBHACKERS.COM
13 AugNew Charon Ransomware Uses DLL Sideloading and Anti-EDR Tactics in Targeted AttacksTrend Micro researchers have uncovered a novel ransomware family dubbed Charon, deployed in a sophisticated campaign targeting the public sector and aviation industry in the Middle East. This operation employs advanced persistent threat (APT)-style techniques, including DLL sidel…GBHACKERS.COM
13 AugWebinar: What the Next Wave of AI Cyberattacks Will Look Like — And How to SurviveThe AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work. But here’s the uncomfortable truth: Attackers are evolving just as fast. Every leap forwar…THEHACKERNEWS.COM
13 Aug‘Curly COMrades’ APT Hackers Target Critical Organizations Across Multiple CountriesBitdefender Labs has identified a sophisticated advanced persistent threat (APT) group dubbed “Curly COMrades,” active since mid-2024, targeting critical infrastructure in geopolitically sensitive regions. This Russian-aligned actor has focused on judicial and governm…GBHACKERS.COM
13 AugManpower Says Data Breach Stemming From Ransomware Attack Impacts 140,000The RansomHub ransomware group stole sensitive information from staffing and recruiting firm Manpower in January. The post Manpower Says Data Breach Stemming From Ransomware Attack Impacts 140,000 appeared first on SecurityWeek .SECURITYWEEK.COM
13 AugThe MedusaLocker ransomware gang is hiring penetration testersMedusaLocker, the ransomware-as-a-service group that has been active since 2019 is openly recruiting for penetration testers to help it compromise more businesses. Read more in my article on the Fortra blog.FORTRA.COM
13 AugPennsylvania attorney general's email, site down after cyberattackThe Office of the Pennsylvania Attorney General has announced that a recent cyberattack has taken down its systems, including landline phone lines and email accounts. [...]BLEEPINGCOMPUTER.COM
13 AugData Troll Stealer Logs - 109,532,219 breached accountsIn June 2025, headlines erupted over a "16 billion password" breach . In reality, the dataset was a compilation of publicly accessible stealer logs, mostly repurposed from older leaks, with only a small portion of genuinely new material. HIBP received 2.7B rows containing 109M un…HAVEIBEENPWNED.COM
13 AugNorwegian Police Say Pro-Russian Hackers Were Likely Behind Suspected Sabotage at a DamDuring the April incident, hackers gained access to a digital system which remotely controls one of the dam’s valves and opened it to increase the water flow. The post Norwegian Police Say Pro-Russian Hackers Were Likely Behind Suspected Sabotage at a Dam appeared first on Securi…SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 18[−]
13 AugISC Stormcast For Wednesday, August 13th, 2025 https://isc.sans.edu/podcastdetail/9568, (Wed, Aug 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 AugGPT-5 ist geknacktDie Grenzen von KI-Modellen lassen sich mit relativ einfachen Mitteln überwinden, wie der Jailbreak von GPT-5 demonstriert. Nelson Antoine | shutterstock.com Research-Experten des Sicherheitsanbieters NeuralTrust haben GPT-5 mit einem mehrstufigen Jailbreak geknackt – nicht einma…CSOONLINE.COM
13 AugHacker verkaufen Ausweispapiere Zehntausender Italien-UrlauberGescannte Reisepässe, Personalausweise und anderen Ausweisdokumente haben Hacker über die Buchungssysteme verschiedener Hotels gestohlen. DC Studio – shutterstock.com Aus italienischen Hotels sind die Daten mehrerer Zehntausend Urlauber über die Ausweispapiere, die man bei der An…CSOONLINE.COM
13 AugSIGINT During World War IIThe NSA and GCHQ have jointly published a history of World War II SIGINT: “ Secret Messengers: Disseminating SIGINT in the Second World War .” This is the story of the British SLUs (Special Liaison Units) and the American SSOs (Special Security Officers).SCHNEIER.COM
13 AugBlack Hat Fireside Chat: Automation takes center stage as TLS lifespans grow ever shorterThe countdown is on for security teams still managing digital certificates with spreadsheets and manual workarounds. Related: Preparing for the quantum future Starting in 2026, TLS certificate lifespans will begin dropping sharply — from 398 days to just 47 by … (more…) The…LASTWATCHDOG.COM
13 AugVexTrio Hackers Use Fake CAPTCHAs and Malicious Apps on Google Play & App Store to Target UsersSecurity researchers at Infoblox Threat Intel have revealed the complex workings of VexTrio, a highly skilled cybercriminal network that has been active since at least 2017. This discovery highlights the ongoing dangers in the digital economy. Formerly known simply as VexTrio, th…GBHACKERS.COM
13 AugResearchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Riskssubmitted by kid to cybersecurity 3 points | 0 comments https://thehackernews.com/2025/08/researchers-spot-xz-utils-backdoor-in.htmlSH.ITJUST.WORKS
13 AugHome Office Phishing Scam Targets UK Immigration Sponsors - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/home-office-phishing-uk/SH.ITJUST.WORKS
13 AugHackers Raid Dutch Lab, Stealing Data on 500,000 Patients - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/hackers-raid-dutch-lab-steal-data/SH.ITJUST.WORKS
13 AugOzone, Coffee & Code: The Smell of Legacy Gear ☕Doug White takes viewers on a nostalgic trip through the chaotic beauty of legacy equipment — where burning coffee, ozone, and ancient compilers still keep critical systems alive. In this hilarious yet painfully relatable moment for cybersecurity pros, he reveals why some machine…YOUTUBE.COM
13 AugSmartLoader Malware Masquerades as Legitimate GitHub Repository to Infect UsersAhnLab Security Intelligence Center (ASEC) has uncovered a sophisticated campaign involving the massive dissemination of SmartLoader malware through GitHub repositories designed to mimic legitimate software projects. These repositories target users searching for popular illicit c…GBHACKERS.COM
13 AugAI Applications in CybersecurityThere is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And here’s where to register to attend, or participate, in the fourth. Some really great stuff here.SCHNEIER.COM
13 Aug10 Best Purple Teaming Companies in 2025The landscape of cybersecurity in mid-2025 is undergoing a profound transformation. As threats become more sophisticated and persistent, organizations are realizing that siloed security teams are no longer sufficient. In response, many are turning to Purple Teaming Services to fo…GBHACKERS.COM
13 AugDEF CON research takes aim at ZTNA, calls it a bustZero Trust Network Access (ZTNA) has been promoted by vendors over the last several years as a foundational approach for network security. The basic premise is to never trust and always verify. While the core ideas behind ZTNA are valid, this multi-billion dollar market faced a b…NETWORKWORLD.COM
13 AugInfamous XZ Backdoor Found Hidden in Docker Images for Over a YearSecurity researchers at Binarly have discovered that the sophisticated supply chain hack still exists in publicly accessible Docker images on Docker Hub, more than a year after the startling revelation of the XZ Utils backdoor in March 2024. The backdoor, attributed to a pseudony…GBHACKERS.COM
13 AugMicrosoft Just Ranked Who AI Will Replace First 👀Microsoft just revealed which jobs are most likely to be replaced by AI — and cybersecurity professionals are watching closely 👀. In this short clip, Doug White breaks down how AI is reshaping tech careers, referencing Microsoft's latest study and comparing it to historic shifts …YOUTUBE.COM
13 AugWhy Threat Modeling Turns Devs into Security Ninjas 🥷When developers master threat modeling, they don’t just write code—they become the first line of defense against cyber threats. In this short, Danielle Ruderman explains how learning even the basics of threat modeling can transform any dev into a security powerhouse. From underst…YOUTUBE.COM
13 AugConnect with the security community at Microsoft Ignite 2025Join us at Microsoft Ignite 2025 for a week of immersive learning, hands-on experiences, and strategic insights tailored for security leaders, practitioners, and innovators. The post Connect with the security community at Microsoft Ignite 2025 appeared first on Microsoft Security…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
13 AugNew PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory AttacksCybersecurity researchers have discovered a new malvertising campaign that's designed to infect victims with a multi-stage malware framework called PS1Bot. "PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infec…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
13 AugSmashing Security podcast #430: Poisoned Calendar invites, ChatGPT, and BromideA poisoned Google Calendar invite that can hijack your smart home, a man is hospitalised after ChatGPT told him to season his food with… pesticide, and some thoughts on Superman’s latest cinematic outing. All this and more is discussed in the latest edition of the "Smashing Secur…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 11[−]
13 AugOpenAI adds new GPT-5 models, restores o3, o4-mini and it's a mess all over againOne of the few things many disliked about ChatGPT was the confusing number of models. OpenAI claimed GPT-5 would fix this, but it seems to have made it worse. [...]BLEEPINGCOMPUTER.COM
13 AugTelegram scams in 2025 | Kaspersky official blogAll about Telegram scams and phishing in 2025, and how to protect yourself.KASPERSKY.COM
13 AugAI SOC 101: Key Capabilities Security Leaders Need to KnowSecurity operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consumin…THEHACKERNEWS.COM
13 AugMicrosoft asks users to ignore certificate enrollment errorsMicrosoft has asked customers this week to disregard incorrect CertificateServicesClient (CertEnroll) errors that appear after installing the July 2025 preview update and subsequent Windows 11 24H2 updates. [...]BLEEPINGCOMPUTER.COM
13 AugMicrosoft removes PowerShell 2.0 from Windows 11, Windows ServerMicrosoft will remove PowerShell 2.0 from Windows starting in August, eight years after announcing its deprecation and keeping it around as an optional feature. [...]BLEEPINGCOMPUTER.COM
13 AugHow we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutesExclusive: A dating gossip app for men exposed thousands of users' personal data, including scans of driver's licenses. The app's developer, Xavier Lampkin, won't say if he plans to notify affected users about the app's security lapse.TECHCRUNCH.COM
13 AugJoint guidance on foundations for operational technology cyber security and asset inventory guidance for owners and operatorsThis joint guidance outlines the process for OT owners and operators to create an asset inventory and OT taxonomy.CYBER.GC.CA
13 AugNew downgrade attack can bypass FIDO auth in Microsoft Entra IDSecurity researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. [...]BLEEPINGCOMPUTER.COM
13 AugOpenAI relaxes GPT-5 rate limit, promises to improve the personalityOpenAI is slowly addressing all concerns around GPT-5, including rate limits and now its personality, which has been criticized for being less affirmative. [...]BLEEPINGCOMPUTER.COM
13 AugGoogle Gemini's Deep Research is finally coming to APIGoogle Gemini's one of the most powerful features is Deep Research, but up until now, it has been strictly limited to the Gemini interface. This could change soon. [...]BLEEPINGCOMPUTER.COM