64Articles
6Categories
2025-08-15Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 13[−]
15 AugMatrix protocol bugs could let hackers seize control of sensitive chat roomsThe nonprofit Matrix Foundation , custodian of the eponymous open standard communications protocol, has released details and patching information for two vulnerabilities that could allow hackers to take over classified chat rooms. Matrix announced the vulnerabilities a month ago,…CSOONLINE.COM
15 AugCisco Secure Firewall Vulnerability Lets Attackers Execute Remote Shell CommandsCisco has disclosed a critical security vulnerability in its Secure Firewall Management Center software that could allow unauthenticated attackers to remotely execute shell commands with elevated privileges. The flaw, tracked as CVE-2025-20265, carries a maximum CVSS score of 10.…GBHACKERS.COM
15 AugHTTP/2 MadeYouReset Vulnerability Enables Massive DDoS AttacksSecurity researchers have disclosed a critical vulnerability in the HTTP/2 protocol that could enable massive distributed denial-of-service (DDoS) attacks, potentially affecting millions of web servers worldwide. The flaw, dubbed “MadeYouReset” and assigned CVE-2025-8…GBHACKERS.COM
15 AugCisco Secure Firewall Snort 3 Vulnerability Enable DoS AttacksA critical vulnerability discovered in Cisco’s Secure Firewall Threat Defense Software has been identified as CVE-2025-20217, posing significant risks to network security infrastructure worldwide. The vulnerability, affecting the Snort 3 Detection Engine, could allow unauth…GBHACKERS.COM
15 AugCisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code ExecutionCisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems. The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS scor…THEHACKERNEWS.COM
15 AugPalo Alto GlobalProtect Vulnerability Allows Privilege Escalation via Certificate BypassA newly disclosed vulnerability in Palo Alto Networks’ GlobalProtect application could allow attackers to escalate privileges and install malicious software on affected systems through improper certificate validation. The security flaw, tracked as CVE-2025-2183, was publish…GBHACKERS.COM
15 AugF5 Fixes HTTP/2 Flaw Affecting Multiple Products in Massive DoS AttacksF5 Networks has disclosed a new HTTP/2 vulnerability affecting multiple BIG-IP products that could allow attackers to launch denial-of-service attacks against enterprise networks. The vulnerability, designated CVE-2025-54500 and published on August 13, 2025, exploits a flaw in HT…GBHACKERS.COM
15 AugMadeYouReset: Turning HTTP/2 Server Against Itself | Impervasubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.imperva.com/blog/madeyoureset-turning-http-2-server-against-itself/ MadeYouReset: A New HTTP/2 Vulnerability Security researchers from Tel Aviv University have discovered a critical vulnerability in HTTP/2 imp…INFOSEC.PUB
15 AugChromium: CVE-2025-8882 Use after free in AuraThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
15 AugChromium: CVE-2025-8881 Inappropriate implementation in File PickerThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
15 AugChromium: CVE-2025-8901 Out of bounds write in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
15 AugChromium: CVE-2025-8880 Race in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
15 AugChromium: CVE-2025-8879 Heap buffer overflow in libaomThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 18[−]
15 AugSIEM-KaufratgeberDie kontextuellen Daten, die SIEM-Lösungen liefern, sind eine grundlegende Komponente moderner Security-Stacks. PeopleImages.com – Yuri A | shutterstock.com Protokoll-Daten zu auditieren, zu überprüfen und zu managen, ist alles andere als eine glamouröse Aufgabe – aber ein entsch…CSOONLINE.COM
15 Aug300 Million In Crypto Fraud Funds Frozen: Cybersecurity TodayCyber Crime Crackdown: $300 Million in Crypto Frozen, FBI Accounts Hacked, and Critical Microsoft Patches Released In this episode of Cybersecurity Today, host Jim Love covers major recent events in cybercrime and cybersecurity. Over $300 million in cryptocurrency tied to cybercr…CYBERSECURITYTODAY.LIBSYN.COM
15 Aug9 hottest IT security certs for higher pay todayWith change a constant, IT professionals looking to improve their careers can benefit from the latest insights into employers’ needs. Data from Foote Partners on the skills and certification most in demand today may provide helpful signposts. Analyzing more than 640 certification…CSOONLINE.COM
15 AugCisco Patches Critical Vulnerability in Firewall Management PlatformCisco has released over 20 advisories as part of its August 2025 bundled publication for ASA, FMC and FTD products. The post Cisco Patches Critical Vulnerability in Firewall Management Platform appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugSource Code of ERMAC V3.0 Malware Exposed by ‘changemeplease’ PasswordA significant security breach has exposed the complete source code of ERMAC V3.0, a sophisticated banking trojan that targets over 700 financial applications worldwide. The leak, discovered by cybersecurity firm Hunt.io in March 2024, was made possible by a surprisingly weak defa…GBHACKERS.COM
15 AugHexStrike AI Links ChatGPT, Claude, and Copilot to 150+ Security ToolsHexStrike AI, the leading autonomous cybersecurity framework, today announced seamless integration with ChatGPT, Claude, and GitHub Copilot, enabling these AI agents to orchestrate over 150 professional security tools for comprehensive penetration testing and vulnerability intell…GBHACKERS.COM
15 AugPlex warns users to patch security vulnerability immediatelyPlex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability. [...]BLEEPINGCOMPUTER.COM
15 AugPhishing Campaign Exploits Japanese Character “ん” to Imitate Forward SlashSecurity researchers have uncovered a sophisticated new phishing campaign that exploits the Japanese hiragana character “ん” to create deceptively authentic-looking URLs that can fool even vigilant internet users. The attack, first identified by security researcher JAM…GBHACKERS.COM
15 AugCaught in the cyber crosshairs: A candy manufacturer’s 2025 ransomware ordealI never imagined that a 150-year-old chocolate company could be brought to its knees by a few clicks on a computer. As the head of IT for Ganong Bros. — Canada’s longest-running family-owned candy manufacturer, established in 1873 — I’ve overseen everything from upgrading our agi…CSOONLINE.COM
15 AugImageMagick Vulnerabilities Cause Memory Corruption and Integer OverflowsThe popular open-source image manipulation software ImageMagick has addressed four critical security vulnerabilities discovered by Google’s artificial intelligence-powered security research tool, Big Sleep. These flaws, affecting millions of applications worldwide that rely…GBHACKERS.COM
15 AugCisco warns of max severity flaw in Firewall Management CenterCisco is warning about a critical remote code execution (RCE) vulnerability in the RADIUS subsystem of its Secure Firewall Management Center (FMC) software. [...]BLEEPINGCOMPUTER.COM
15 AugZero Login. Full Control. Welcome To FireAnt.When FireAnt, a China-linked cyber espionage group, started exploiting virtualization software like VMware ESXi and vCenter, it wasn’t just another hack—it was a wake-up call. Using unauthenticated host-to-guest command execution, FireAnt gained total access without even needing …YOUTUBE.COM
15 AugTaiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking ToolsA Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. The activity has been attri…THEHACKERNEWS.COM
15 AugHow Hackers Skip MFA Using Just Cookies 🍪Hackers have found a sneaky way to bypass Multi-Factor Authentication—without even breaking it. In this short, Aaran reveals how cybercriminals are exploiting stolen Microsoft account session cookies to skip MFA entirely. From AI-written phishing emails to the importance of condi…YOUTUBE.COM
15 AugWarning: Patch this hole in Cisco Secure FMC fastAdmins using Cisco Systems Secure Firewall Management Center (FMC) Software for network login authentication are being warned to quickly patch a major vulnerability that could allow a remote attacker to breach security. At risk are deployments configured for RADIUS authentication…CSOONLINE.COM
15 Aug KEVFrom KEV to EPSS: Smarter Threat PrioritizationIn just 30 seconds, Mike breaks down how cybersecurity pros can move from reactive threat lists like CISA’s Known Exploited Vulnerabilities (KEV) to predictive scoring with EPSS. By combining real-world exploit data with probability models, this approach helps teams spot vulnerab…YOUTUBE.COM
15 AugMultiple Vulnerabilities in Cisco Security Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Cisco security products that could allow for arbitrary code execution. Cisco Secure Firewall Management Center (FMC) is a centralized management solution for Cisco Secure Firewall devices, enabling policy control, event monitoring,…CISECURITY.ORG
15 AugRisky Biz Soap Box: How to measure vulnerability reachabilityIn this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications. It’s great to know there’s a CVE in a library you’re using, but it’s even better if you can …RISKY.BIZ
📢 SECURITY ADVISORIES 7[−]
15 Aug KEVCisco IOS, IOS XE, and Secure Firewall Flaws Allow Remote DoS AttacksCisco Systems has issued a high-priority security advisory addressing multiple critical vulnerabilities in the Internet Key Exchange Version 2 (IKEv2) feature across its networking and security product portfolio. Published on August 14, 2025, the advisory warns of six separate vu…GBHACKERS.COM
15 AugHow your solar rooftop became a national security issueTexas solar company EG4 became the poster child for home energy cybersecurity risks this week after federal officials published an advisory detailing how hackers could hijack its inverters.TECHCRUNCH.COM
15 AugCreepy chatbots, Fortinet, CISA, Agentic AI, FIDO, EDR, Aaran Leyland, and More... - SWN #503Creepy chatbots, Fortinet, CISA, Agentic AI, FIDO, EDR, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-503YOUTUBE.COM
🔥 INCIDENT REPORTING 7[−]
15 Aug10 Best Managed Detection And Response (MDR) Companies in 2025Organizations of all sizes face an unrelenting barrage of sophisticated cyber threats, from highly evolved ransomware strains and stealthy advanced persistent threats (APTs) to cunning social engineering campaigns—challenges that increasingly drive the adoption of MDR Services to…GBHACKERS.COM
15 AugUS sanctions Grinex crypto-exchange, Garantex’s successorThe U.S. Department of the Treasury has announced sanctions against Grinex, the successor to Russian cryptocurrency exchange Garantex, which was previously sanctioned for helping ransomware gangs launder their money. [...]BLEEPINGCOMPUTER.COM
15 AugU.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto TransactionsThe U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) on Thursday renewed sanctions against Russian cryptocurrency exchange platform Garantex for facilitating ransomware actors and other cybercriminals by processing more than $100 million in transactions l…THEHACKERNEWS.COM
15 AugIn Other News: Critical Zoom Flaw, City’s Water Threatened by Hack, $330 Billion OT Cyber RiskOther noteworthy stories that might have slipped under the radar: Canada’s House of Commons hacked, Russia behind court system attack, Pennsylvania AG targeted in cyberattack. The post In Other News: Critical Zoom Flaw, City’s Water Threatened by Hack, $330 Billion OT Cyber…SECURITYWEEK.COM
15 AugColt Telecom attack claimed by WarLock ransomware, data up for saleUK-based telecommunications company Colt Technology Services is dealing with a cyberattack that has caused a multi-day outage of some of the company's operations, including hosting and porting services, Colt Online and Voice API platforms. [...]BLEEPINGCOMPUTER.COM
15 Aug10 Best Free Data Recovery Software 2025Free data recovery software or tools are among the most essential tools, playing a crucial role in our lives. Although you can find dozens of them nowadays, their importance remains significant. Losing our data from a device due to failure of the device, an attack by ransomware o…GBHACKERS.COM
15 AugMobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout SchemeCybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block us…KREBSONSECURITY.COM
🕵️ THREAT INTELLIGENCE 16[−]
15 AugSNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations, (Thu, Aug 14th)As the world gradually adopts and transitions to using 5G for mobile, operational technology (OT), automation and Internet-of-Things (IoT) devices, a secure 5G network infrastructure remains critical. Recently, the Automated Systems SEcuriTy (ASSET) Research Group have released a…ISC.SANS.EDU
15 AugISC Stormcast For Friday, August 15th, 2025 https://isc.sans.edu/podcastdetail/9572, (Fri, Aug 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 AugCritical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix ProductsRockwell Automation has published several advisories describing critical and high-severity vulnerabilities affecting its products. The post Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugVirtualBox 7.2 Adds Windows 11/Arm VM Support and Key Bug FixesOracle has released VirtualBox 7.2.0, a major update that significantly expands ARM virtualization capabilities and introduces comprehensive Windows 11/ARM support. Released on August 14, 2025, this update represents a substantial leap forward in cross-platform virtualization tec…GBHACKERS.COM
15 AugGoogle Says Android pKVM Earns Highest Level of Security AssuranceAndroid pKVM has achieved SESIP Level 5 certification, which means it’s resistant to highly skilled, motivated, and funded attackers. The post Google Says Android pKVM Earns Highest Level of Security Assurance appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugTight Cybersecurity Budgets Accelerate the Shift to AI-Driven DefenseWith cybersecurity budgets strained, organizations are turning to AI-powered automation to plug staffing gaps, maintain defenses, and survive escalating threats. The post Tight Cybersecurity Budgets Accelerate the Shift to AI-Driven Defense appeared first on SecurityWeek .SECURITYWEEK.COM
15 AugTrojans Embedded in .svg FilesPorn sites are hiding code in .svg files: Unpacking the attack took work because much of the JavaScript in the .svg images was heavily obscured using a custom version of “JSFuck,” a technique that uses only a handful of character types to encode JavaScript into a camo…SCHNEIER.COM
15 AugThe Rolls Royce of Malware? 😳When cybersecurity experts start calling a malware loader “the Rolls Royce of malware,” you know things have taken a wild turn. In this short, two pros break down how hackers are now branding their malware with polished marketing language and even catering to “fastidious clients.…YOUTUBE.COM
15 AugNorth Korea’s Secret Cyber Army 😱North Korea may have secretly deployed over 3,000 skilled IT workers around the world—posing as freelancers to infiltrate tech companies and funnel millions back to the regime. In this short, cybersecurity expert Doug White breaks down how this covert cyber army operates under fa…YOUTUBE.COM
15 AugExecutive Support, Ownership & Safety: Cybersecurity’s Holy TrinityIn this short, Danielle Ruderman breaks down Amazon’s three key ingredients for a thriving culture of security: strong executive support from the top, distributed ownership across every team, and psychological safety so people feel confident speaking up. It’s a quick, powerful lo…YOUTUBE.COM
15 AugFrom Corporate to Cloud: Governance Made SimpleIn this short, Yogi breaks down how the core principles of corporate governance can transform cloud governance into a clear, measurable strategy. Viewers see how KPIs, goal-setting, and oversight fit together to manage risk and prove real results to the board. Perfect for cyberse…YOUTUBE.COM
15 AugBeyond the Inbox: How Old-School Mail Scams Are Still Stealing Your MoneyIn a world so full of digital online scams, it’s hard to remember that scammers abuse our postal mailing systems as well.KNOWBE4.COM
15 AugAlert: Tech Support Scammers Send Phony Podcast InvitesThe Better Business Bureau (BBB) has warned that scammers are targeting high-profile employees and influencers with fake invitations to appear as a guest on popular celebrity podcasts.KNOWBE4.COM
15 AugSmarter AI = Smarter Hacks? Here’s the Truth 🔍As AI tools get faster, smarter, and safer, the cybersecurity landscape is shifting. In this clip, Aaran explains how advanced AI could boost the capabilities of hacktivists, script kiddies, and social engineers — and why developers and defenders need to rethink their strategies.…YOUTUBE.COM
15 AugTop 10 Best NDR Solutions (Network Detection and Response) in 2025The network remains the central nervous system of every organization. While endpoints and cloud environments are crucial, all digital activity ultimately traverses the network. Implementing the best NDR solutions is essential for monitoring and securing this critical infrastructu…GBHACKERS.COM
15 AugFriday Squid Blogging: Squid-Shaped UFO Spotted Over TexasHere’s the story. The commenters on X (formerly Twitter) are unimpressed. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
📡 INFOSEC NEWS 3[−]
15 AugI never ordered this: fraud with delivered packages and letters — brushing and quishing | Kaspersky official blogKey signs of brushing, quishing, and other mail/package delivery scamsKASPERSKY.COM
15 AugZero Trust + AI: Privacy in the Age of Agentic AIWe used to think of privacy as a perimeter problem: about walls and locks, permissions, and policies. But in a world where artificial agents are becoming autonomous actors — interacting with data, systems, and humans without constant oversight — privacy is no longer about control…THEHACKERNEWS.COM
15 AugMicrosoft reminds of Windows 10 support ending in two monthsMicrosoft has reminded customers that Windows 10 will be retired in two months after all editions of Windows 10, version 22H2 reach their end of servicing on October 14. [...]BLEEPINGCOMPUTER.COM