🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
20 AugChrome High-Severity Vulnerability Could Let Attackers Run Arbitrary CodeGoogle has released an emergency security update for Chrome to address a high-severity vulnerability that could potentially allow attackers to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2025-9132, affects the V8 JavaScript engine and represents …GBHACKERS.COM
20 AugMisconfiguration, The Forgotten Vulnerability and the Power and Failure of "Yes" - Dan... - BSW #409The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn…YOUTUBE.COM
20 AugKubernetes Capsule Vulnerability Enables Attackers to Inject Arbitrary LabelsSecurity researchers have disclosed a critical vulnerability in Kubernetes Capsule v0.10.3 and earlier versions that allows authenticated tenant users to inject arbitrary labels into system namespaces, fundamentally breaking multi-tenant isolation. The vulnerability, tracked as C…GBHACKERS.COM
20 AugCERT/CC Issues Alert on Critical Flaws in Workhorse Municipal Accounting SoftwareThe Computer Emergency Response Team Coordination Center (CERT/CC) has issued a critical security advisory warning of severe vulnerabilities in Workhorse Software Services’ municipal accounting software that could enable unauthorized access to sensitive government financial…GBHACKERS.COM
20 AugRussian Government Cyber Actors Targeting Networking Devices, Critical Infrastructuresubmitted by Pro to cybersecurity 1 points | 0 comments https://www.ic3.gov/PSA/2025/PSA250820 cross-posted from: programming.dev/post/36017215 Research with details . Static Tundra is a Russian state-sponsored cyber espionage group linked to the FSB’s Center 16 unit that has bee…SH.ITJUST.WORKS
⚠️ VULNERABILITY DISCLOSURE 32[−]
20 AugNIST’s attempts to secure AI yield many questions, no answersWhen the US National Institute of Standards and Technology (NIST) late last week published a report on how enterprises can protect themselves from AI systems, it focused on categorizing the problems without suggesting any specific mitigation tactics. For that, the organization tu…CSOONLINE.COM
20 AugMcDonald’s Free Nuggets Hack Exposes Sensitive Customer DataA security researcher has revealed multiple critical vulnerabilities in McDonald’s digital infrastructure that exposed sensitive customer data and allowed unauthorized access to internal corporate systems. The researcher discovered these flaws over several months, ultimatel…GBHACKERS.COM
20 AugCybersecurity Breaches: Salesforce, Workday, and Critical Infrastructure HackedIn today's episode of 'Cybersecurity Today,' hosted by Jim Love, we cover several key issues in the cybersecurity landscape. Firstly, a breach involving Workday and social engineering attacks targeting Salesforce customers is discussed. Next, the risks posed by a recent Windows u…CYBERSECURITYTODAY.LIBSYN.COM
20 AugRussia-linked European attacks renew concerns over water cybersecurityTwo incidents reported last week by European leaders have once again spotlighted one of the most unsettling forms of politically motivated cyber malfeasance: attacks on local water facilities. First, the director of the Norwegian Police Security Service, Beate Gangås, said that R…CSOONLINE.COM
20 AugASPM buyer’s guide: 7 products to help secure your applicationsProtecting enterprise applications requires constant vigilance and the right collection of defensive tools. Just as cyberthreats have become more complex and difficult to discover, so too have the applications that fuel your enterprise, living as they do in an assortment of domai…CSOONLINE.COM
20 AugCodeRabbit RCE Flaw Gives Attackers Write Access to 1M RepositoriesA critical remote code execution vulnerability in CodeRabbit, one of GitHub’s most popular AI-powered code review tools, could have allowed attackers to gain read and write access to over one million code repositories, including private ones, according to security researche…GBHACKERS.COM
20 AugHackers Exploit Apache ActiveMQ Flaw to Breach Cloud Linux ServersCybersecurity researchers have uncovered a sophisticated attack campaign where hackers exploiting a critical Apache ActiveMQ vulnerability are taking the unusual step of patching the security flaw after gaining access to victim systems. The Red Canary Threat Intelligence team obs…GBHACKERS.COM
20 AugUK information chiefs demand urgent regulation of AI like DeepSeek over cybersecurity riskssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.artificialintelligence-news.com/news/why-security-chiefs-demand-urgent-regulation-of-ai-like-deepseek cross-posted from: lemmy.sdf.org/post/40764285 Archived […] Anxiety is growing among Chief Information…INFOSEC.PUB
20 AugUK information chiefs demand urgent regulation of AI like DeepSeek over cybersecurity riskssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.artificialintelligence-news.com/news/why-security-chiefs-demand-urgent-regulation-of-ai-like-deepseek cross-posted from: lemmy.sdf.org/post/40764285 Archived […] Anxiety is growing among Chief Information…SH.ITJUST.WORKS
20 AugZero-Day Vulnerability allow attackers to steal users data Found in Password Managers( 1Password, Bitwarden, LastPass, Enpass, iCloud Passwords, and LogMeOnce remain unpatched— still vulnerable)submitted by Pro to cybersecurity 1 points | 0 comments https://marektoth.com/blog/dom-based-extension-clickjacking/ cross-posted from: programming.dev/post/36006277 Independent verification and publication by Socket Security . Fixed: NordPass, ProtonPass, RoboForm, Dashlane, Kee…SH.ITJUST.WORKS
20 AugFlaws in Software Used by Hundreds of Cities and Towns Exposed Sensitive DataCERT/CC has disclosed the details of information exposure vulnerabilities in a Workhorse Software application after patches were released. The post Flaws in Software Used by Hundreds of Cities and Towns Exposed Sensitive Data appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugRetbleed exploitation in realistic setting | Kaspersky official blogGoogle experts have demonstrated how the complex Retbleed hardware vulnerability in AMD CPUs can be effectively exploited.KASPERSKY.COM
20 AugWarlock: From SharePoint Vulnerability Exploit to Enterprise RansomwareWarlock ransomware exploits unpatched Microsoft SharePoint vulnerabilities to gain access, escalate privileges, steal credentials, move laterally, and deploy ransomware with data exfiltration across enterprise environments.TRENDMICRO.COM
20 AugLenovo chatbot breach highlights AI security blind spots in customer-facing systemsCritical vulnerabilities have been found in Lenovo’s AI-powered customer support chatbot that allowed attackers to steal session cookies and potentially gain unauthorized access to the company’s customer support systems using a single malicious prompt. Lenovo’s chatbot “Lena,” wh…CSOONLINE.COM
20 AugCopilot Vulnerability Lets Attackers Bypass Audit Logs and Gain Hidden AccessA critical vulnerability in Microsoft’s M365 Copilot allowed users to access sensitive files without leaving any trace in audit logs, creating significant security and compliance risks for organizations worldwide. The flaw, discovered in July 2024, remained largely hidden f…GBHACKERS.COM
20 AugElastic Refutes Claims of Zero-Day in EDR ProductElastic has found no evidence of a vulnerability leading to RCE after details and PoC of a Defend EDR bypass were published online. The post Elastic Refutes Claims of Zero-Day in EDR Product appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugExperts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden PromptsCybersecurity researchers have demonstrated a new prompt injection technique called PromptFix that tricks a generative artificial intelligence (GenAI) model into carrying out intended actions by embedding the malicious instruction inside a fake CAPTCHA check on a web page. Descri…THEHACKERNEWS.COM
20 AugNew zero-day startup offers $20 million for tools that can hack any smartphonePrices for hacking tools that allow governments to break into mobile phones keep going up, thanks to efforts by tech firms shoring up their cybersecurity.TECHCRUNCH.COM
20 AugMajor password managers can leak logins in clickjacking attacksSix major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. [...]BLEEPINGCOMPUTER.COM
20 AugGPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe ModelsInstead of GPT-5 Pro, your query could be quietly redirected to an older, weaker model, opening the door to jailbreaks, hallucinations, and unsafe outputs. The post GPT-5 Has a Vulnerability: Its Router Can Send You to Older, Less Safe Models appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugThreat Actors Exploit GenAI Platforms to Craft Sophisticated and Realistic Phishing AttacksThe proliferation of generative AI (GenAI) platforms has revolutionized web-based services, enabling rapid code assistance, natural language processing, chatbot deployment, and automated site construction. However, telemetry data reveals a concerning evolution in the GenAI ecosys…GBHACKERS.COM
20 AugQuirkyLoader: A New Malware Loader Spreading Infostealers and Remote Access Trojans (RATs)IBM X-Force has tracked QuirkyLoader, a sophisticated loader malware deployed by threat actors to distribute prominent families such as Agent Tesla, AsyncRAT, FormBook, MassLogger, Remcos, Rhadamanthys, and Snake Keylogger. This multi-stage threat initiates through spam emails fr…GBHACKERS.COM
20 AugDOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data TheftPopular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card details under certain conditions. The technique has …THEHACKERNEWS.COM
20 AugFBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber EspionageA Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks. Cisco Talos, which disclosed details of…THEHACKERNEWS.COM
20 AugApple fixes new zero-day flaw exploited in targeted attacksApple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack." [...]BLEEPINGCOMPUTER.COM
20 AugCVE Reviews: Obsession or Secret Cyber Superpower?A hacker admits he has the weirdest hobby: reviewing CVEs for fun. But what starts as “nerdy obsession” turns out to be a hidden superpower in cybersecurity. By studying past vulnerabilities, he finds unpatched bugs, learns new exploit patterns, and even discovers fresh security …YOUTUBE.COM
20 AugFrom Human Resources to Human Risk: Why HR is the Perfect Department for Cybercriminals to ImpersonateWe all trust HR - or at least we do when we think they’re emailing us! Data from KnowBe4’s HRM+ platform reveals that phishing simulations with internal subject lines dominate the list of most-clicked templates in 2025.KNOWBE4.COM
20 AugGoogle Unveils Enhanced Features to Empower Defenders and Strengthen AI SecurityGoogle Cloud has announced a suite of advanced security enhancements at the 2025 Security Summit, aimed at fortifying AI ecosystems and leveraging artificial intelligence to elevate organizational defenses. These updates focus on proactive vulnerability detection, automated threa…GBHACKERS.COM
20 AugInnovation First, Security Later: Is That Always the Case?In this short clip, cybersecurity expert Sandy Carielli from Forrester breaks down a hard truth: innovation often takes the front seat while security is forced to catch up. The conversation reveals how API shortcuts fuel progress but also repeat the same old mistakes. For cyberse…YOUTUBE.COM
20 AugNews alert: Link11 warns of rising API and bot attacks, launches integrated WAAP platformFrankfurt, Germany, Aug. 20, 2025, CyberNewswire — Link11 , a Germany-based global IT security provider, has released insights into the evolving cybersecurity threat landscape and announced the capabilities of its Web Application and API Protection (WAAP) platform, designed to pr…LASTWATCHDOG.COM
20 AugRingReaper Malware Targets Linux Servers, Stealthily Evading EDR SolutionsA new malware campaign dubbed RingReaper has emerged, targeting servers with advanced post-exploitation capabilities that exploit the kernel’s io_uring asynchronous I/O interface to bypass Endpoint Detection and Response (EDR) systems. This sophisticated agent minimizes rel…GBHACKERS.COM
20 AugRisky Business #803 -- Oracle's CSO Mary Ann Davidson quietly departsOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Oracle’s long term CSO departs, and we’re not that sad about it Canada’s House of Commons gets popped through a Microsoft bug Russia degrades voice calls via Whatsapp and Telegram …RISKY.BIZ
📋 SECURITY BULLETINS 3[−]
20 AugMicrosoft releases emergency updates to fix Windows recoveryMicrosoft has released emergency Windows out-of-band updates to resolve a known issue breaking reset and recovery operations after installing the August 2025 Windows security updates. [...]BLEEPINGCOMPUTER.COM
20 AugMicrosoft Issues Emergency Patch for Windows Reset and Recovery BugMicrosoft has released an emergency out-of-band security update to address a critical issue affecting Windows reset and recovery operations across multiple versions of the operating system. The patch, released on August 19, 2025, resolves problems that emerged after users install…GBHACKERS.COM
20 AugMicrosoft fixes the fixes that broke Windows toolsMicrosoft has issued fixes for a pair of troublesome bugs introduced with its August 2025 Patch Tuesday cumulative security updates. The updates — KB5063875 , KB5063709 , and KB5063877 — not only triggered installation errors that blocked some Windows 11 devices from upgrading, b…CSOONLINE.COM
📢 SECURITY ADVISORIES 9[−]
20 AugDOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS AttacksA 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service (DDoS)-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Depa…THEHACKERNEWS.COM
20 AugNorth Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ FirmsNorth Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025. The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted di…THEHACKERNEWS.COM
20 AugRapperBot Botnet Disrupted, American Administrator IndictedThe US Department of Justice has announced the takedown of the RapperBot botnet and charges against its American administrator. The post RapperBot Botnet Disrupted, American Administrator Indicted appeared first on SecurityWeek .SECURITYWEEK.COM
20 Aug“Rapper Bot” malware seized, alleged developer identified and chargedThe U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the "Rapper Bot" DDoS-for-hire botnet. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 9[−]
20 AugNew Salty 2FA PhaaS Platform Targets Microsoft 365 Users to Steal Login CredentialsThe majority of events globally are caused by phishing, which continues to be the most common vector for cyberattacks in the constantly changing world of cyber threats. The proliferation of affordable Phishing-as-a-Service (PhaaS) platforms such as Tycoon2FA, EvilProxy, and Sneak…GBHACKERS.COM
20 AugPharmaceutical Company Inotiv Confirms Ransomware AttackInotiv has notified the SEC that its business operations took a hit after hackers compromised and encrypted its internal systems. The post Pharmaceutical Company Inotiv Confirms Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugLegitimate Chrome VPN with 100K+ Installs Secretly Captures Screenshots and Exfiltrates Sensitive DataA Chrome extension marketed as FreeVPN.One, boasting over 100,000 installations, a verified badge, and featured placement in the Chrome Web Store, has been exposed as spyware that silently captures screenshots of users’ browsing activities and exfiltrates them to remote ser…GBHACKERS.COM
20 AugSerial Hacker Sentenced for Defacing and Hacking Organizational WebsitesAl-Tahery Al-Mashriky, 26, of Rotherham, South Yorkshire, was given a 20-month prison sentence for several charges of illegal computer access and data exfiltration, part of a major crackdown on ideologically driven cyberthreats. Al-Mashriky, affiliated with extremist hacking coll…GBHACKERS.COM
20 AugScaly Wolf Unleashing Attacks to Expose Organizations’ Hidden SecretsThe Scaly Wolf advanced persistent threat (APT) gang has once again targeted a Russian engineering company in a sophisticated targeted attack that was discovered by Doctor Web’s analysts. This shows that the group is determined to obtain corporate secrets. This incident, oc…GBHACKERS.COM
20 AugHow I Hacked McDonald's (Their Security Contact Was Harder to Find Than Their Secret Sauce Recipe) | bobdahackersubmitted by cm0002 to cybersecurity 2 points | 0 comments https://bobdahacker.com/blog/mcdonalds-security-vulnerabilitiesINFOSEC.PUB
20 AugRansomware Attacks in Japan Surge by 1.4 Times, Signaling a Significant Increase in Cyber ThreatsJapan saw a significant increase in ransomware attacks in the first half of 2025, with incidences increasing by about 1.4 times over the same period the year before. According to a detailed investigation by Cisco Talos, 68 ransomware cases targeted Japanese organizations, includi…GBHACKERS.COM
20 AugWarlock ransomware: What you need to knowThe Warlock ransomware has hit a number of organisations including government agencies and departments, and most recently UK-based telecoms firm Colt. Read more in my article on the Fortra blog.FORTRA.COM
20 AugSmashing Security podcast #431: How to mine millions without paying the billIn episode 431 of the "Smashing Security" podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills. Meanwhile, we look at the growing threat of EDR-killer tools that can quietly swit…GRAHAMCLULEY.COM
🕵️ THREAT INTELLIGENCE 26[−]
20 AugISC Stormcast For Wednesday, August 20th, 2025 https://isc.sans.edu/podcastdetail/9578, (Wed, Aug 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 AugMicrosoft Teams “Couldn’t Connect” Issue After Sidebar Update Gets a FixMicrosoft is actively rolling out a solution to address a widespread service disruption affecting Teams users globally, where the application displays a “couldn’t connect to this app” error message when attempting to launch either the desktop or web versions of …GBHACKERS.COM
20 AugIntel Employee Data Exposed by VulnerabilitiesA researcher said he found vulnerable internal services that exposed the information of 270,000 Intel employees. The post Intel Employee Data Exposed by Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugNew GodRAT Malware Uses Screensaver and Program Files to Target OrganizationsThreat actors have been deploying a novel Remote Access Trojan (RAT) dubbed GodRAT, derived from the venerable Gh0st RAT codebase, to infiltrate financial institutions, particularly trading and brokerage firms. The malware is distributed via Skype as malicious .scr (screensaver) …GBHACKERS.COM
20 AugHigh-Severity Vulnerabilities Patched in Chrome, FirefoxGoogle and Mozilla have released patches for multiple high-severity vulnerabilities affecting Chrome and Firefox. The post High-Severity Vulnerabilities Patched in Chrome, Firefox appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugBLACK HAT FIRESIDE CHAT: Straiker extends ‘red teaming’ to the AI layer as AI attacks surgeThe enterprise software model that defined the past two decades — SaaS — is being rapidly eclipsed by a new center of gravity: AI-native systems. These are autonomous agents wired directly into company data, tools, and workflows. Related: LLMs fuel … (more…) The post BLACK …LASTWATCHDOG.COM
20 AugCitizen Lab Researchers Expose Hidden VPN Networks Sharing Ownership and Security Flaws Linked To Chinasubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://citizenlab.ca/2025/08/hidden-links-analyzing-secret-families-of-vpn-apps/ cross-posted from: lemmy.sdf.org/post/40763938 Archived A new research paper published by the Citizen Lab - “Hidden Links: Analyzing S…INFOSEC.PUB
20 AugCitizen Lab Researchers Expose Hidden VPN Networks Sharing Ownership and Security Flaws Linked To Chinasubmitted by Hotznplotzn to cybersecurity 0 points | 0 comments https://citizenlab.ca/2025/08/hidden-links-analyzing-secret-families-of-vpn-apps/ Archived A new research paper published by the Citizen Lab - “Hidden Links: Analyzing Secret Families of VPN Apps” (opens pdf) - has e…SH.ITJUST.WORKS
20 AugLenovo AI Chatbot Flaw Allows Remote Script Execution on Corporate SystemsCybersecurity researchers have uncovered critical vulnerabilities in Lenovo’s AI-powered customer support chatbot that could allow attackers to execute malicious scripts on corporate systems and steal sensitive session data. The discovery highlights significant security gap…GBHACKERS.COM
20 AugSubverting AIOps Systems Through Poisoned Input DataIn this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then sug…SCHNEIER.COM
20 AugSeemplicity Raises $50 Million for Exposure Management PlatformSeemplicity announced a Series B funding round that will be used to create AI agents for its exposure management solution. The post Seemplicity Raises $50 Million for Exposure Management Platform appeared first on SecurityWeek .SECURITYWEEK.COM
20 AugForscher entdeckt offenen Zugang zu Intel-MitarbeiterdatenEinem Sicherheitsforscher ist es gelungen, auf sensible Daten von Intel zu zugreifen. Mijansk786 – shutterstock.com Der Sicherheitsforscher Eaton Zveare meldete kürzlich, dass mindestens vier interne Websysteme des Chip-Herstellers Intel nicht ausreichend abgesichert waren. Dem E…CSOONLINE.COM
20 AugThe Challenge of Cybersecurity Frenemies and CollaborationMichael Sikorski discusses how cybersecurity relies on "frenemies" building cultural bridges to collaborate against shared threats, as attackers already do. The post The Challenge of Cybersecurity Frenemies and Collaboration appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
20 AugPersonalie: Sotirios Siozos ist neuer CISO bei Drees & Sommersrcset="https://b2b-contenthub.com/wp-content/uploads/2025/08/Picture_Sotirios_Siozos.jpg?quality=50&strip=all 1920w, https://b2b-contenthub.com/wp-content/uploads/2025/08/Picture_Sotirios_Siozos.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
20 AugThe Real Reason Shift Left Fails in SecurityIn this quick breakdown, Yogi exposes why the “Shift Left” approach often falls short in real-world security. While developers embrace early QA and security testing, adding layers of friction can actually slow teams down and miss the true goal: building systems secure by design. …YOUTUBE.COM
20 AugSlow and Steady Security: Lessons from the Tortoise and the HareBy focusing on fundamentals, enterprises can avoid the distraction of hype and build security programs that are consistent, resilient, and effective over the long run. The post Slow and Steady Security: Lessons from the Tortoise and the Hare appeared first on SecurityWeek .SECURITYWEEK.COM
20 Aug[Meta] Can you allow the English language posts?submitted by Pro to cybersecurity 2 points | 1 comments Currently, when selecting the English language as the language of the post and trying to cross-post here it shows that the language is not allowed.INFOSEC.PUB
20 AugStrategic Rewrite: Fixing Security Debt Without Losing SleepA high-performing security team takes on a massive challenge: rewriting their application not out of impulse, but with a strategic plan to eliminate years of technical and security debt. In this clip, Kalyani Pawar reveals how the rewrite not only boosted performance to 500 reque…YOUTUBE.COM
20 AugCan You Break Modbus With Just 3 Lines of Code?A cybersecurity expert reveals how easy it is to impersonate devices on a Modbus network using just PyModbus and a few lines of Python. What was once protected by "security through obscurity" is now dangerously accessible to anyone with GitHub access. This eye-opening moment from…YOUTUBE.COM
20 AugThreat Intelligence Executive Report – Volume 2025, Number 4This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during May and JuneSOPHOS.COM
20 AugWhy Continuous Threat Modeling Is Non-Negotiable 🔥In this short, Farshad Abasi breaks down why threat modeling isn’t just a one-time process. He explains how architecture, requirements, and continuous modeling work together to protect both new and legacy applications. Cybersecurity pros will see why skipping any stage leaves cri…YOUTUBE.COM
20 AugGoogle’s OSS-FuzzGen Is Changing Bug Hunting 🔥Google’s OSS-FuzzGen is revolutionizing the way cybersecurity experts find hidden vulnerabilities. Instead of only testing the most obvious functions, this tool automatically generates harnesses to fuzz overlooked parts of a program—revealing bugs that traditional methods miss. F…YOUTUBE.COM
20 AugThreat Actors Impersonate as Google Support to Sniff Out Your Login CredentialsThreat actors are posing as Google support agents in an increasing number of complex social engineering attacks in order to take advantage of account recovery tools and obtain user credentials without authorization. These campaigns leverage legitimate-looking communication channe…GBHACKERS.COM
20 AugThat ‘Urgent Payroll Update’ Email is a Trap: A Look at the Latest HR Phishing TacticsPhishing attacks impersonating HR are on the rise. Between January 1 – March 31, 2025, our Threat Lab team observed an 120%surge in these attacks reported via our PhishER product versus the previous three months. These attacks have remained at elevated levels since peaking in Feb…KNOWBE4.COM
20 Aug KEVYou’ll Lose Your Job If You Ignore This Tech Shift 😳Kevin Nikkhoo drops a truth bomb every cybersecurity professional and tech student needs to hear in 2025. As AI rapidly transforms the industry, Kevin warns that those who don’t adapt will be left behind. Gone are the days where coding was enough — mastering AI tools is now essen…YOUTUBE.COM
20 AugQuantum-safe security: Progress towards next-generation cryptographyMicrosoft is proactively leading the transition to quantum-safe security by advancing post-quantum cryptography, collaborating with global standards bodies, and helping organizations prepare for the coming quantum era. The post Quantum-safe security: Progress towards next-generat…MICROSOFT.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
20 AugFrom Impact to Action: Turning BIA Insights Into Resilient RecoveryModern businesses face a rapidly evolving and expanding threat landscape, but what does this mean for your business? It means a growing number of risks, along with an increase in their frequency, variety, complexity, severity, and potential business impact. The real question is, …THEHACKERNEWS.COM
20 AugAI website builder Lovable increasingly abused for malicious activityCybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 13[−]
20 AugMicrosoft fixes Windows upgrades failing with 0x8007007F errorMicrosoft has resolved a known issue that caused Windows upgrades to fail with 0x8007007F errors on some Windows 11 and Windows Server systems. [...]BLEEPINGCOMPUTER.COM
20 AugMicrosoft reportedly fixing SSD failures caused by Windows updatesRecently released Windows 11 24H2 updates are reportedly causing data corruption and failure issues for some SSD and HDD models on up-to-date systems. [...]BLEEPINGCOMPUTER.COM
20 Aug🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers DoDo you know how many AI agents are running inside your business right now? If the answer is “not sure,” you’re not alone—and that’s exactly the concern. Across industries, AI agents are being set up every day. Sometimes by IT, but often by business units moving fast to get result…THEHACKERNEWS.COM
20 AugMicrosoft investigates outage impacting Copilot, Office.comMicrosoft is investigating an ongoing issue preventing users across North America from accessing Office.com and the company's Copilot AI-powered assistant. [...]BLEEPINGCOMPUTER.COM
20 AugWhy email security needs its EDR moment to move beyond preventionEmail security is stuck where antivirus was a decade ago—focused only on prevention. Learn from Material Security why it's time for an "EDR for email" mindset: visibility, post-compromise controls, and SaaS-wide protection. [...]BLEEPINGCOMPUTER.COM
20 AugTaegis MDR/XDR now work with Sophos Firewall’s Active Threat ResponseResponse times go from hours or days to seconds.SOPHOS.COM
20 AugHackers steal Microsoft logins using legitimate ADFS redirectsHackers are using a novel technique that combines legitimate office.com links with Active Directory Federation Services (ADFS) to redirect users to a phishing page that steals Microsoft 365 logins. [...]BLEEPINGCOMPUTER.COM
20 AugAirtell Router Scans, and Mislabeled usernames, (Wed, Aug 20th)Looking at new usernames collected by our Cowrie honeypots, you will first of all notice a number of HTTP headers. It is very common for attackers to scan for web servers on ports that are covered by our Telnet honeypots. The result is that HTTP request headers end up in our user…ISC.SANS.EDU
20 AugHarvard dropouts to launch ‘always on’ AI smart glasses that listen and record every conversationAfter developing a facial recognition app for Meta’s Ray-Ban glasses and doxing random people, two former Harvard students are now launching a startup that makes smart glasses with an always-on microphone.TECHCRUNCH.COM
20 AugPerplexity’s Comet AI browser tricked into buying fake items onlineA study looking into agentic AI browsers has found that these emerging tools are vulnerable to both new and old schemes that could make them interact with malicious pages and prompts. [...]BLEEPINGCOMPUTER.COM
20 AugDevice searches at the US border hit record high, new data showsThere have been more border device searches than ever before, per new data, despite the constitutionality of whether these searches are legal.TECHCRUNCH.COM
20 AugOpenAI says GPT-6 is coming and it'll be better than GPT-5 (obviously)OpenAI's CEO Sam Altman told reporters that GPT-6 is already in the works, and it'll not take as long as GPT-5. [...]BLEEPINGCOMPUTER.COM