66Articles
7Categories
2025-08-18Date
🚨 CISA KEV 1[−]
18 Aug KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.  CVE-2025-54948 Trend Micro Apex One OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malici…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
18 AugRockwell ControlLogix Ethernet Vulnerability Exposes Systems to Remote Code ExecutionA critical vulnerability in Rockwell Automation’s ControlLogix Ethernet modules has been discovered that could allow remote attackers to execute malicious code on industrial control systems. The vulnerability, identified as CVE-2025-7353, affects multiple ControlLogix commu…GBHACKERS.COM
18 AugCritical PostgreSQL Flaws Allow Code Injection During RestorationThe PostgreSQL Global Development Group released emergency security updates on August 14, 2025, addressing three critical vulnerabilities that enable code injection attacks during database restoration processes. The flaws affect all supported versions from PostgreSQL 13 through 1…GBHACKERS.COM
18 Aug KEVUK’s Colt hit by cyberattack, support systems offline amid ransom threatColt Technology Services, a UK-based telecom giant connecting 900 data centers across Europe, Asia, and North America, has been hit by a cyberattack that began on August 12. Initially labelled a “technical issue” by the company, the disruption evolved into a confirmed cyberattack…CSOONLINE.COM
18 AugHundreds of N-able N-central Instances Affected by Exploited VulnerabilitiesMore than 870 N-able N-central instances have not been patched against CVE-2025-8875 and CVE-2025-8876, two exploited vulnerabilities. The post Hundreds of N-able N-central Instances Affected by Exploited Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
18 AugLinux Kernel Netfilter Flaw Enables Privilege EscalationA critical vulnerability in the Linux kernel’s netfilter subsystem has been discovered that allows local attackers to escalate privileges through an out-of-bounds write condition. The flaw, identified as CVE-2024-53141, affects the ipset bitmap functionality and could enabl…GBHACKERS.COM
18 AugTechnical Details of SAP 0-Day Exploitation Script for RCE RevealedCybersecurity researchers have unveiled the inner workings of an exploit script targeting a critical zero-day vulnerability in SAP NetWeaver’s Visual Composer Metadata Uploader, now designated as CVE-2025–31324. This flaw stems from a missing authorization check on the HTTP…GBHACKERS.COM
18 AugMicrosoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx MalwareCybersecurity researchers have lifted the lid on the threat actors' exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks. The attacks involve the exploitation of CVE-2025-29824, a privilege escalation vul…THEHACKERNEWS.COM
18 AugThreat Actors Exploit Microsoft Help Index File to Deploy PipeMagic MalwareCybersecurity researchers have uncovered a sophisticated campaign where threat actors leverage a Microsoft Help Index File (.mshi) to deploy the PipeMagic backdoor, marking a notable evolution in malware delivery methods. This development ties into the exploitation of CVE-2025-29…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 22[−]
18 AugBreaking Cybersecurity News: Canada's House of Commons Breached and Windows 10 Support Ending SoonIn this episode of Cybersecurity Today, host David Shipley reports from Fredericton, New Brunswick, amidst severe forest fires. The main story covers a data breach in Canada’s House of Commons involving parliamentary employee information, attributed to a recent Microsoft vulnerab…CYBERSECURITYTODAY.LIBSYN.COM
18 AugHundreds of TeslaMate Servers Expose Real-Time Vehicle DataA security researcher has discovered that hundreds of self-hosted TeslaMate servers are exposing sensitive Tesla vehicle data to the public internet without any authentication, revealing real-time location tracking, charging patterns, and driving habits of unsuspecting owners. Te…GBHACKERS.COM
18 AugAgentic AI promises a cybersecurity revolution — with asterisksThe hottest topic at this year’s Black Hat and DEF CON conferences was the meteoric emergence of artificial intelligence tools for both cyber adversaries and defenders, particularly the use of agentic AI to strengthen cybersecurity programs. Although cyber defenders have relied o…CSOONLINE.COM
18 AugHR giant Workday discloses data breach amid Salesforce attacksHuman resources giant Workday has disclosed a data breach after attackers gained access to a third-party customer relationship management (CRM) platform in a recent social engineering attack. [...]BLEEPINGCOMPUTER.COM
18 AugScammers Target Back-to-School Deals, Diverting Shoppers to Fraud SitesAs the back-to-school season intensifies, cybercriminals are exploiting the heightened online shopping activity by deploying sophisticated scams aimed at siphoning funds and personal data from unsuspecting consumers. According to retail analytics, U.S. households allocate approxi…GBHACKERS.COM
18 AugWorkday Data Breach Exposes HR Records via Third-Party CRM HackEnterprise software giant Workday has disclosed a security incident involving unauthorized access to employee information through a compromised third-party customer relationship management (CRM) platform. The breach, discovered as part of a broader social engineering campaign tar…GBHACKERS.COM
18 Aug25% of security leaders replaced after ransomware attackCISOs have a one in four chance of their job surviving a successful ransomware attack, according to a recent Sophos report. The report’s findings are a wakeup call for CISOs regardless of whether they are found at fault or have any meaningful authority to block such attacks, indu…CSOONLINE.COM
18 AugRethinking risk based vulnerability management, Black Hat expo insights, and the news ... - ESW #420nterview with Snehal Antani - Rethinking Risk-Based Vulnerability Management Vulnerability management is broken. Organizations basically use math to turn a crappy list into a slightly less crappy list, and the hardest part of the job as a CIO is deciding what NOT to fix. There ha…YOUTUBE.COM
18 AugNorth Korean Hackers’ Secret Linux Malware Surfaces OnlinePhrack Magazine’s latest issue #72 has unveiled a significant data leak from a suspected North Korean hacking operation, including exploit tactics, compromised system details, and a sophisticated Linux rootkit. The dump, linked to a Chinese threat actor targeting South Kore…GBHACKERS.COM
18 AugWorkday Data Breach Bears Signs of Widespread Salesforce HackWorkday appears to have joined the list of major companies that had their Salesforce instances targeted by hackers. The post Workday Data Breach Bears Signs of Widespread Salesforce Hack appeared first on SecurityWeek .SECURITYWEEK.COM
18 AugMalicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain AttacksCybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor, realizes its nefa…THEHACKERNEWS.COM
18 AugDoJ Seizes $2.8M in Crypto from Zeppelin Ransomware GroupThe Department of Justice has announced a significant victory against cybercriminals, seizing over $2.8 million in cryptocurrency and additional assets from a Zeppelin ransomware operation. The coordinated law enforcement action targeted Ianis Aleksandrovich Antropenko, who faces…GBHACKERS.COM
18 AugBragg Confirms Cyberattack, Internal IT Systems BreachedBragg Gaming Group (NASDAQ: BRAG, TSX: BRAG), a prominent content and technology provider in the online gaming industry, has disclosed a cybersecurity incident that compromised its internal computer systems over the weekend. The company discovered the breach on August 16, 2025, a…GBHACKERS.COM
18 Aug⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & MorePower doesn’t just disappear in one big breach. It slips away in the small stuff—a patch that’s missed, a setting that’s wrong, a system no one is watching. Security usually doesn’t fail all at once; it breaks slowly, then suddenly. Staying safe isn’t about knowing everything—it’…THEHACKERNEWS.COM
18 AugA Practical Guide to the European Union’s Cybersecurity Funding for SMEsFor any small- to medium-sized enterprise (SME), the cybersecurity landscape can be intimidating. You are informed of a variety of threats, reliable expertise is scarce, and there is limited (if any) budget available.KNOWBE4.COM
18 AugThreat Actors Exploit Telegram as the Communication Channel to Exfiltrate Stolen DatatLab Technologies, a Kazakhstan-based company that specializes in advanced threat prevention, discovered one of the first known phishing attempts in the region that targeted public sector clients in a recent cybersecurity incident. The attack leveraged a professionally crafted fa…GBHACKERS.COM
18 AugFBI: This Common Security Habit Is Now DangerousWhen the FBI warns that a common security habit might be putting millions at risk, cybersecurity pros pay attention. In this short, viewers learn how attackers are exploiting automated password resets by sending fake breach alerts, triggering panic clicks, and stealing credential…YOUTUBE.COM
18 Aug KEVOver 800 N-able servers left unpatched against critical flawsOver 800 N-able N-central servers remain unpatched against a pair of critical security vulnerabilities tagged as actively exploited last week. [...]BLEEPINGCOMPUTER.COM
18 AugERMAC Android malware source code leak exposes banking trojan infrastructureThe source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator's infrastructure. [...]BLEEPINGCOMPUTER.COM
18 AugCVEs = Unplanned Work? Here’s How to Make Every Fix Count ⚡When a dev team faces a flood of CVEs, not all fixes are created equal. In this short, cybersecurity experts break down why chasing every score is a waste—and how to focus on high-impact, low-effort changes that actually strengthen security. From the pitfalls of “just do it” orde…YOUTUBE.COM
18 AugAllianz Life - 1,115,061 breached accountsIn July 2025, Allianz Life was the victim of a cyber attack which resulted in millions of records later being leaked online . Allianz attributed the attack to "a social engineering technique" which targeted data on Salesforce and resulted in the exposure of 1.1M unique email addr…HAVEIBEENPWNED.COM
18 AugDissecting PipeMagic: Inside the architecture of a modular backdoor frameworkA comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application. Beneath its disguise, PipeMagic is a sophisticated malware framework designed for flexibility and persistence. Once…MICROSOFT.COM
📢 SECURITY ADVISORIES 8[−]
18 AugWazuh for Regulatory ComplianceOrganizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organizations operating in regulated sectors such as healthcare, finan…THEHACKERNEWS.COM
18 AugBlue Locker Ransomware Launches Targeted Attacks on the Oil and Gas Sector in PakistanPakistan’s National Cyber Emergency Response Team (NCERT) has issued a high-alert advisory to 39 key ministries and institutions, warning of severe risks from the “Blue Locker” ransomware, which has compromised critical infrastructure including Pakistan Petroleu…GBHACKERS.COM
🔥 INCIDENT REPORTING 7[−]
18 AugUS Seizes $2.8 Million From Zeppelin Ransomware OperatorThe US has indicted Zeppelin ransomware operator Ianis Antropenko, seizing over $2.8 million in cryptocurrency from his wallet. The post US Seizes $2.8 Million From Zeppelin Ransomware Operator appeared first on SecurityWeek .SECURITYWEEK.COM
18 AugNew Ghost-Tapping Attacks Target Apple Pay and Google Pay Users’ Linked CardsChinese-speaking cybercriminals are using ghost-tapping techniques to take advantage of Near Field Communication (NFC) relay tactics in a sophisticated evolution of payment card fraud. They are mainly targeting mobile payment services such as Apple Pay and Google Pay. This attack…GBHACKERS.COM
18 AugHR giant Workday says hackers stole personal data in recent breachThe HR tech giant said it had no indication of any unauthorized access to customer systems, but has not ruled out a breach affecting customers' personal information.TECHCRUNCH.COM
18 AugWhy Psychological Safety Is Your Best Defense Against CyberattacksIn this short, Danielle Ruderman reveals how cultural norms and psychological safety can make or break a company’s cybersecurity defense. She explains why some global development teams stay silent about risks — and how that silence can leave systems wide open to attacks. By showi…YOUTUBE.COM
18 AugKeeping an Eye on MFA-Bombing Attacks, (Mon, Aug 18th)I recently woke up (as one does each day, hopefully) and saw a few Microsoft MFA prompts had pinged me overnight. Since I had just awakened, I just deleted them, then two minutes later clued in - this means that one of my passwords was compromised, and I had no idea which site th…ISC.SANS.EDU
18 AugUK sentences “serial hacker” of 3,000 sites to 20 months in prisonA 26-year old in the UK who claimed to have hacked thousands of websites was sentenced to 20 months in prison after pleading guilty earlier this year. [...]BLEEPINGCOMPUTER.COM
18 AugAllianz Life data breach affects 1.1 million customersData breach notification site Have I Been Pwned notified 1.1 million customers of a July data breach, a number not previously reported.TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 15[−]
18 AugISC Stormcast For Monday, August 18th, 2025 https://isc.sans.edu/podcastdetail/9574, (Mon, Aug 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 AugThe AI-Powered Trojan Horse Returns: How LLMs Revive Classic Cyber ThreatsIn an era where users rely on vigilance against shady websites and file hashing via platforms like VirusTotal, a new wave of trojan horses is challenging traditional defenses. These threats masquerade as legitimate desktop applications, such as recipe savers, AI-powered image enh…GBHACKERS.COM
18 AugWeb Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value TargetsChinese APT UAT-7237 has been targeting Taiwanese web infrastructure for long-term access to high-value entities. The post Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value Targets appeared first on SecurityWeek .SECURITYWEEK.COM
18 AugCRITICAL INSIGHT Q&A: The high-stakes push to safeguard ‘FirstNet’ broadband spectrumFirst responders have long depended on calling for backup and clearing the airwaves. Since its launch in 2018, FirstNet—America’s public safety broadband network—has become indispensable. Related: The FirstNet petition With over 7.5 million connections , support for more than 30,…LASTWATCHDOG.COM
18 AugEavesdropping on Phone Conversations Through VibrationsResearchers have managed to eavesdrop on cell phone voice conversations by using radar to detect vibrations. It’s more a proof of concept than anything else. The radar detector is only ten feet away, the setup is stylized, and accuracy is poor. But it’s a start.SCHNEIER.COM
18 AugSHARED INTEL Q&A: Rethinking Zero Trust to close the widening gap on file-borne threatsFor years, “Zero Trust” has reshaped cybersecurity architecture — pushing organizations to move beyond the perimeter and reframe everything around identity, access control, and segmentation. Related: The Zero-Trust revolution These shifts are overdue. But as the frameworks mature…LASTWATCHDOG.COM
18 AugUnternehmen zu lax bei KI-Sicherheitsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/08/shutterstock_2645792801.jpg?quality=50&strip=all 3840w, https://b2b-contenthub.com/wp-content/uploads/2025/08/shutterstock_2645792801.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
18 AugCelebrating KnowBe4's 6th Consecutive TrustRadius Tech Cares AwardFor the sixth year in a row, we've been honored with the TrustRadius Tech Cares Award!KNOWBE4.COM
18 AugGoogle's 'AI Overview' Pointed Him to a Customer Service Number. It Was a Scam - Slashdotsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://yro.slashdot.org/story/25/08/18/0223228/googles-ai-overview-pointed-him-to-a-customer-number-it-was-a-scam A real estate developer fell victim to a cruise line scam after calling a phone number provided by Google’…INFOSEC.PUB
18 AugNovel 5G Attack Bypasses Need for Malicious Base StationResearchers detailed a new 5G attack named Sni5Gect that can allow attackers to sniff traffic and cause disruption. The post Novel 5G Attack Bypasses Need for Malicious Base Station appeared first on SecurityWeek .SECURITYWEEK.COM
18 AugHow to Survive the 2025 Cybersecurity Budget FreezeIn 2025, cybersecurity teams face a brutal challenge: rising cyber threats in the middle of shrinking budgets and global uncertainty. This short captures how leaders can protect their organizations, adapt to geopolitical risks, and still do more with less. A must-watch for CISOs,…YOUTUBE.COM
18 AugWeaponized Python Package “termncolor” Uses Windows Run Key for PersistenceCybersecurity experts discovered a complex supply chain attack that originated from the Python Package Index (PyPI) in a recent disclosure from Zscaler ThreatLabz. The package in question, termed “termncolor,” masquerades as a benign color utility for Python terminals…GBHACKERS.COM
18 AugInside the Mind of a Non-Compliant ScraperCybersecurity expert Aaran breaks down how non-compliant scrapers operate like digital chameleons—rotating IPs, mimicking human clicks, and dodging detection at every turn. Viewers will learn why traditional allow/block lists are useless against these advanced bots, and how layer…YOUTUBE.COM
18 AugThreat Actors Use Pirated Games to Bypass Microsoft Defender SmartScreen and AdblockersCybersecurity researchers have uncovered a sophisticated campaign where threat actors leverage pirated game downloads to distribute HijackLoader, a modular malware loader, effectively bypassing common defenses like adblockers and Microsoft Defender SmartScreen. Sites such as Dodi…GBHACKERS.COM
18 AugXenoRAT malware campaign hits multiple embassies in South KoreaA state-sponsored espionage campaign is targeting foreign embassies in South Korea to deploy XenoRAT malware from malicious GitHub repositories. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 5[−]
18 AugA parent’s guide to keeping a child blogger safe | Kaspersky official blogHow can a parent help their kid who’s decided to become a blogger? At the very least, tell them about online threats and what content is unsafe to publish.KASPERSKY.COM
18 AugMicrosoft: Recent Windows updates may fail to install via WUSAMicrosoft has mitigated a known issue that caused Windows update failures when installing them from a network share using the Windows Update Standalone Installer (WUSA). [...]BLEEPINGCOMPUTER.COM
18 AugMozilla warns Germany could soon declare ad blockers illegalA recent ruling from Germany's Federal Supreme Court (BGH) has revived a legal battle over whether browser-based ad blockers infringe copyright, raising fears about a potential ban of the tools in the country. [...]BLEEPINGCOMPUTER.COM
18 AugNebraska man gets 1 year in prison for $3.5M cryptojacking schemeA Nebraska man was sentenced to one year in prison for defrauding cloud computing providers of over $3.5 million to mine cryptocurrency worth nearly $1 million. [...]BLEEPINGCOMPUTER.COM
18 AugInvestors beware: AI-powered financial scams swamp social mediaCan you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.WELIVESECURITY.COM