🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
22 Aug14 Million-Download SHA JavaScript Library Exposes Users to Hash Manipulation AttacksA critical security vulnerability has been discovered in the widely-used sha.js npm package, exposing millions of applications to sophisticated hash manipulation attacks that could compromise cryptographic operations and enable unauthorized access to sensitive systems. The vulner…GBHACKERS.COM
22 AugWindows Docker Desktop Vulnerability Allows Full Host CompromiseA critical vulnerability in Docker Desktop for Windows has been discovered that allows any container to achieve full host system compromise through a simple Server-Side Request Forgery (SSRF) attack. The flaw, designated CVE-2025-9074, was patched in Docker Desktop version 4.44.3…GBHACKERS.COM
22 AugAI Systems Capable of Generating Working Exploits for CVEs in Just 10–15 MinutesCybersecurity researchers have developed an artificial intelligence system capable of automatically generating working exploits for published Common Vulnerabilities and Exposures (CVEs) in just 10-15 minutes at approximately $1 per exploit, fundamentally challenging the tradition…GBHACKERS.COM
22 AugOracle-CSO mit überraschendem AbgangDie CSO von Oracle, Mary Ann Davidson, verlässt das Unternehmen. Tada Images – shutterstock.com Die langjährige CSO (Chief Security Officer) von Oracle, Mary Ann Davidson, verlässt das Unternehmen unerwartet und beendet damit ihre fast vier Jahrzehnte währende Karriere in der Ges…CSOONLINE.COM
22 Aug KEVCISA Warns of Actively Exploited 0-Day Vulnerability in Apple iOS, iPadOS, and macOSThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability affecting Apple iOS, iPadOS, and macOS systems that is being actively exploited in the wild. CVE-2025-43300, an out-of-bounds write vulnerability in Ap…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 22[−]
22 AugThe Triple Threats CISOs cannot ignore: A Perfect Storm of Digital Frontlines, Dark AI and Quantum LeapsIn the ever-evolving digital battleground, the Southeast Asia region is at a critical inflection point. A new wave of threats is sweeping across governments, businesses, and everyday users, fueled not just by human intent, but increasingly, by the rapid digitalization of every fa…CSOONLINE.COM
22 AugChatGPT-5 Downgrade Attack Allows Hackers to Evade AI Defenses With Minimal PromptsSecurity researchers from Adversa AI have uncovered a critical vulnerability in ChatGPT-5 and other major AI systems that allows attackers to bypass safety measures using simple prompt modifications. The newly discovered attack, dubbed PROMISQROUTE, exploits AI routing mechanisms…GBHACKERS.COM
22 AugNew HTTP Smuggling Technique Allows Hackers to Inject Malicious RequestsCybersecurity researchers have uncovered a sophisticated HTTP request smuggling attack that exploits inconsistent parsing behaviors between front-end proxy servers and back-end application servers. This newly discovered technique leverages malformed chunk extensions to bypass sec…GBHACKERS.COM
22 AugCybersecurity Today: Massive Data Exposures, Microsoft Failures, and PayPal Breach ClaimsIn this episode of Cybersecurity Today, host Jim Love covers a range of recent cybersecurity incidents. A major privacy failure has hit Elon Musk's Grok chatbot, exposing over 370,000 private conversations with sensitive information. Microsoft's recent security update has caused …CYBERSECURITYTODAY.LIBSYN.COM
22 AugEnsuring security in a borderless world: The 30th anniversary of Schengen systemIn an international tariff context and divisions, in which multilateralism is being questioned, the European Union remains a showcase of cooperation between countries. Perhaps one of the most visible examples of this cooperation is the Schengen area or the elimination of internal…CSOONLINE.COM
22 AugColt Confirms Ransomware Attack Resulted in Customer Data TheftIndustrial technology company Colt has confirmed that a recent ransomware attack on its business support systems resulted in the theft of customer data, marking the latest in a series of high-profile cybersecurity incidents affecting critical infrastructure providers. The company…GBHACKERS.COM
22 AugAzure Default API Connection Flaw Enables Full Cross-Tenant CompromiseA critical security vulnerability in Microsoft Azure’s API Connection architecture has been discovered that could allow attackers to completely compromise resources across different tenant environments, potentially exposing sensitive data stored in Key Vaults, Azure SQL dat…GBHACKERS.COM
22 AugAWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as SecureAWS has addressed a vulnerability that could have been leveraged to bypass Trusted Advisor’s S3 bucket permissions check. The post AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure appeared first on SecurityWeek .SECURITYWEEK.COM
22 AugCPAP Medical Data Breach Impacts 90,000 PeopleCPAP Medical Supplies and Services has disclosed a data breach resulting from an intrusion that occurred in December 2024. The post CPAP Medical Data Breach Impacts 90,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
22 AugMassive anti-cybercrime operation leads to over 1,200 arrests in AfricaLaw enforcement authorities in Africa have arrested over 1,200 suspects as part of 'Operation Serengeti 2.0,' an INTERPOL-led international crackdown targeting cross-border cybercriminal gangs. [...]BLEEPINGCOMPUTER.COM
22 AugRogue Go Module Doubles as Fast SSH Brute-Forcer, Sends Stolen Passwords via TelegramSocket’s Threat Research Team has uncovered a deceptive Go module named golang-random-ip-ssh-bruteforce, which masquerades as an efficient SSH brute-forcing tool but secretly exfiltrates stolen credentials to its creator. Published on June 24, 2022, this package remains active on…GBHACKERS.COM
22 AugChinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom EspionageCybersecurity researchers are calling attention to malicious activity orchestrated by a China-nexus cyber espionage group known as Murky Panda that involves abusing trusted relationships in the cloud to breach enterprise networks. "The adversary has also shown considerable abilit…THEHACKERNEWS.COM
22 AugFeatured Chrome extension FreeVPN.One caught capturing and transmitting user dataChrome extension, FreeVPN.One, has been found secretly capturing screenshots of users’ browsing sessions and transmitting them to a remote server without consent, according to Koi Security. The extension, which until recently displayed a verified badge on the Chrome Web Store, st…CSOONLINE.COM
22 AugChinese Silk Typhoon Hackers Exploited Commvault Zero-DaySilk Typhoon was seen exploiting Citrix NetScaler and Commvault vulnerabilities for initial access to victim systems. The post Chinese Silk Typhoon Hackers Exploited Commvault Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
22 AugClickFix Exploit Emerges: Microsoft Flags Cross-Platform Attacks Targeting Windows and macOSMicrosoft Threat Intelligence has spotlighted the escalating adoption of the ClickFix social engineering technique, a sophisticated method that manipulates users into executing malicious commands on their devices, bypassing traditional automated security defenses. Observed since …GBHACKERS.COM
22 AugLinux Malware Delivered via Malicious RAR Filenames Evades Antivirus DetectionCybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell. The "Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file," Trellix researcher Sagar …THEHACKERNEWS.COM
22 AugCISA Requests Public Comment for Updated Guidance on Software Bill of MaterialsCISA released updated guidance for the Minimum Elements for a Software Bill of Materials (SBOM) for public comment—comment period begins today and concludes on October 3, 2025. These updates build on the 2021 version of the National Telecommunications and Information Administrati…CISA.GOV
22 AugHelp TDS Hacks Legitimate Websites, Using PHP Templates to Display Fake Microsoft Security AlertsGoDaddy Security researchers have unveiled a detailed analysis of Help TDS, a sophisticated Traffic Direction System operational since at least 2017, which exploits compromised websites to funnel traffic toward malicious scams. This operation supplies affiliates with PHP code tem…GBHACKERS.COM
22 AugDisgruntled developer gets four-year sentence for revenge attack on employer’s networkA software developer who launched disruptive logic bombs inside his employer’s network as an act of revenge has been sentenced to four years in prison by an Ohio court. According to the US Department of Justice, 55 year-old Chinese national Davis Lu was unhappy that a 2018 reorga…CSOONLINE.COM
22 AugHackers Hijack VPS Servers to Breach Software-as-a-Service AccountsVirtual Private Servers (VPS) have long served as versatile tools for developers and businesses, offering dedicated resources on shared physical hardware with enhanced control and scalability. However, threat actors are increasingly exploiting these platforms to orchestrate steal…GBHACKERS.COM
22 AugAPI Security Took Years… AI Took Just Months 🤯Cybersecurity didn’t always move this fast. It took decades to figure out code security, years for open-source security, and only a few for API security. Now with AI, the industry is learning at lightning speed ⚡. This short explores how security conversations around artificial i…YOUTUBE.COM
22 AugMurky Panda hackers exploit cloud trust to hack downstream customersA Chinese state-sponsored hacking group known as Murky Panda (Silk Typhoon) exploits trusted relationships in cloud environments to gain initial access to the networks and data of downstream customers. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 1[−]
22 AugMicrosoft: August Windows updates cause severe streaming issuesMicrosoft has confirmed that the August 2025 security updates are causing severe lag and stuttering issues with NDI streaming software on some Windows 10 and Windows 11 systems. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 3[−]
22 AugNIST Releases New Control Overlays to Manage Cybersecurity Risks in AI SystemsThe National Institute of Standards and Technology (NIST) has unveiled a comprehensive initiative to address the growing cybersecurity challenges associated with artificial intelligence systems through the release of a new concept paper and proposed action plan for developing NIS…GBHACKERS.COM
🔥 INCIDENT REPORTING 9[−]
22 AugDaVita says ransomware gang stole data of nearly 2.7 million peopleKidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals. [...]BLEEPINGCOMPUTER.COM
22 AugDeveloper Who Hacked Former Employer’s Systems Sentenced to PrisonDavis Lu was sentenced to four years in prison for installing malicious code on employer’s systems and for deleting encrypted data. The post Developer Who Hacked Former Employer’s Systems Sentenced to Prison appeared first on SecurityWeek .SECURITYWEEK.COM
22 AugColt Confirms Customer Data Stolen in Ransomware Attacksubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/colt-ransomware-attack/amp/SH.ITJUST.WORKS
22 AugCyberangriff auf Versicherungsmakler BüchnerBarellaDie Versicherungsbranche ist ein attraktives Ziel für Cyberkriminelle. Jetzt hat es den deutschen Versicherungsmakler BüchnerBarella getroffen. krissikunterbunt – shutterstock.com Der Gewerbe- und Industrieversicherungsmakler BüchnerBarella wurde nach eigenen Angaben kürzlich von…CSOONLINE.COM
22 AugIn Other News: McDonald’s Hack, 1,200 Arrested in Africa, DaVita Breach Grows to 2.7MNoteworthy stories that might have slipped under the radar: cryptojacker sentenced to prison, ECC.fail Rowhammer attack, and Microsoft limits China’s access to MAPP. The post In Other News: McDonald’s Hack, 1,200 Arrested in Africa, DaVita Breach Grows to 2.7M appeared firs…SECURITYWEEK.COM
22 AugBQTLOCK Ransomware-as-a-Service Emerges, Boasting Sophisticated Evasion TacticsRansomware-as-a-Service (RaaS) models continue to democratize sophisticated attacks in the ever-changing world of cybercrime by allowing affiliates with little technical know-how to distribute ransomware through profit-sharing or subscription models. A newly identified strain, BQ…GBHACKERS.COM
22 AugLumma Operators Deploy Cutting-Edge Evasion Tools to Maintain Stealth and PersistenceLumma infostealer affiliates’ complex operating framework was revealed by Insikt Group in a ground-breaking report published on August 22, 2025, underscoring their reliance on cutting-edge evasion technologies to support cybercrime operations. The Lumma malware, a prominent…GBHACKERS.COM
22 AugEuropol says Telegram post about 50,000 Qilin ransomware award is fakeSome cybersecurity news outlets were duped a few days ago by a claim that Europol was offering a $50,000 bounty for information about two members of the Qilin ransomware group. Turns out it was all a hoax. Read more details about what happened in my article on the Hot for Securit…BITDEFENDER.COM
22 AugBlue Locker ransomware hits critical infrastructure – is your organisation ready?Critical infrastructure organisations are once again being warned of the threat posed by malicious cybercriminals, following a ransomware attack against a state-owned energy company in Pakistan. Read more in my article on the Exponential-e blog.EXPONENTIAL-E.COM
🕵️ THREAT INTELLIGENCE 25[−]
22 AugISC Stormcast For Friday, August 22nd, 2025 https://isc.sans.edu/podcastdetail/9582, (Fri, Aug 22nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
22 AugMITRE Updates List of Most Common Hardware WeaknessesMITRE has updated the list of Most Important Hardware Weaknesses to align it with evolving hardware security challenges. The post MITRE Updates List of Most Common Hardware Weaknesses appeared first on SecurityWeek .SECURITYWEEK.COM
22 AugHundreds Targeted in New Atomic macOS Stealer CampaignBetween June and August, over 300 entities were targeted with the Atomic macOS Stealer via malvertising. The post Hundreds Targeted in New Atomic macOS Stealer Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
22 AugStealth Threat Unpacked: Weaponized RAR Files Deliver VShell Backdoor on Linux SystemsTrellix Advanced Research Center has exposed an infection chain that weaponises nothing more than a filename to compromise Linux hosts. A spam message masquerading as a beauty-product survey offers a small reward and carries a RAR archive, yy.rar. When unpacked, the archive drops…GBHACKERS.COM
22 AugMalicious PDFs in Play: UAC-0057 Leveraging Invitations to Trigger Shell Script AttacksThe Belarusian-affiliated threat actor UAC-0057, also known as UNC1151, FrostyNeighbor, or Ghostwriter, has been using weaponized archives that contain phony PDFs that are posing as official invitations and documents to target organizations in Poland and Ukraine in a sophisticate…GBHACKERS.COM
22 AugHackers Target Phones of Military-Linked Individuals in South Asia Using New Spy ToolsCyber threat actors have launched sophisticated phishing operations aimed at military and government personnel in South Asia, leveraging defense-related lures to distribute malicious archives and applications. Recent detections include ZIP files like “Coordination of the Ch…GBHACKERS.COM
22 AugAI Agents Need Data IntegrityThink of the Web as a digital territory with its own social contract. In 2014, Tim Berners-Lee called for a “Magna Carta for the Web” to restore the balance of power between individuals and institutions. This mirrors the original charter’s purpose: ensuring that…SCHNEIER.COM
22 AugHackers access data of 850,000 Orange Belgium customerssubmitted by Davriellelouna to cybersecurity 1 points | 0 comments https://www.euractiv.com/section/tech/news/hackers-access-data-of-850000-orange-belgium-customers/INFOSEC.PUB
22 AugHackers access data of 850,000 Orange Belgium customerssubmitted by Davriellelouna to cybersecurity 1 points | 0 comments https://www.euractiv.com/section/tech/news/hackers-access-data-of-850000-orange-belgium-customers/SH.ITJUST.WORKS
22 AugMicrosoft to Restrict Use of OnMicrosoft Domains for Email SendingMicrosoft has announced significant restrictions on the use of default onmicrosoft.com domains for email communication, implementing new throttling measures to combat spam and improve email deliverability across its Microsoft 365 platform. Policy Changes Target Spam Prevention Th…GBHACKERS.COM
22 AugAnatsa Malware Escalates: Android Under Siege as Hackers Harvest Credentials and Track KeystrokesThe Zscaler ThreatLabz team has uncovered significant advancements in the Anatsa malware, also known as TeaBot, an Android banking trojan that has been active since 2020. Originally designed for credential theft, keylogging, and facilitating fraudulent transactions, Anatsa has ev…GBHACKERS.COM
22 AugUsability: The Most Ignored Side of Security 🤯In this short clip, cybersecurity expert Matthew Rogers explains why usability is the most overlooked side of AppSec. While many focus on authentication and engineering, he highlights how human-centered design can make or break security. If users can’t actually use secure systems…YOUTUBE.COM
22 AugThe Hidden Trap in Every Banking App…Behind every “simple” banking feature hides a potential security nightmare. In this short, Farshad Abasi explains how functional trap modeling reveals the hidden abuse cases developers often overlook. From transaction views to privacy leaks, this is where cybersecurity meets real…YOUTUBE.COM
22 AugLarge Interpol Cybercrime Crackdown in Africa Leads to the Arrest of Over 1,200 SuspectsDubbed Operation Serengeti 2.0, the operation took place between June and August. The post Large Interpol Cybercrime Crackdown in Africa Leads to the Arrest of Over 1,200 Suspects appeared first on SecurityWeek .SECURITYWEEK.COM
22 AugThis Simple Trick Shows If Your Fuzzing Time Was Wasted ⏳ #InfoSecEver wondered if fuzzing is just wasting your time? In this short, cybersecurity expert Artur Cygan explains the simple trick to know if your fuzzing efforts are paying off—or if it’s time to stop. By tracking coverage progress and spotting when no new coverage appears for hours …YOUTUBE.COM
22 AugCan AI Really Do Code Review for You? 🤔 #TechIn this short, a cybersecurity expert explores how AI tools like DeepWiki are transforming code review. Instead of struggling with massive codebases, professionals can now use AI to map architecture instantly and get a clear starting point. The video highlights how this shift cou…YOUTUBE.COM
22 AugAPT36 hackers abuse Linux .desktop files to install malwareThe Pakistani APT36 cyberspies are using Linux .desktop files to load malware in new attacks against government and defense entities in India. [...]BLEEPINGCOMPUTER.COM
22 AugI’m Spending the Year at the Munk SchoolThis academic year, I am taking a sabbatical from the Kennedy School and Harvard University. (It’s not a real sabbatical—I’m just an adjunct—but it’s the same idea.) I will be spending the Fall 2025 and Spring 2026 semesters at the Munk School at the…SCHNEIER.COM
22 AugAgentic AI vs SOAR: What’s the Real Difference?By now, you’ve heard the hype. Agentic AI; self-directed and goal-oriented. Supposedly, the next big thing in security automation. If you’re working in a Security Operations Center (SOC), it might sound like déjà vu. Agentic AI brings autonomous, decision-making security agents t…GBHACKERS.COM
22 Aug KEVPeople, Process, Tech: The REAL SOC FormulaA lot of people think SOC as a Service is just about tools, but in this short Kevin Nikkhoo reveals the truth: it’s built on people, process, and technology. From certified experts to layered SOC levels, this clip shows why real cybersecurity goes far beyond tech stacks. →Subscri…YOUTUBE.COM
22 AugThreat Actors Are Increasingly Abusing Generative AI Tools for PhishingCybercriminals are increasingly abusing AI-assisted website generators to quickly craft convincing phishing sites, according to researchers at Palo Alto Networks’ Unit 42.KNOWBE4.COM
22 AugThe Technical Sophistication Behind the "Free" Gift Scam: Evading DetectionBelow is an example of a sophisticated survey scam phishing email that KnowBe4’s Threat Lab team has been monitoring as discussed in “ The Hidden Cost of "Free" Gifts: How Survey Scams Are Evolving to Steal Financial Data” .KNOWBE4.COM
22 AugThe Hidden Cost of "Free" Gifts: How Survey Scams Are Evolving to Steal Financial DataYou've probably seen them: enticing online offers for free products from brands you trust, like a Yeti beach chair from Costco or an emergency car kit from AAA.KNOWBE4.COM
22 AugFriday Squid Blogging: Bobtail SquidNice short article on the bobtail squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
22 AugHumans extinct: 2040, Okta, Elastic, Bad Bots, Berserk Bear, Siemens, Aaran Leyland.. - SWN #505Humans wiped out by 2040, Okta, Elastic, Bad Bots, Berserk Bear, Siemens, Philip K. Dick, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-505YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
22 AugEx-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch MalwareA 55-year-old Chinese national has been sentenced to four years in prison and three years of supervised release for sabotaging his former employer's network with custom malware and deploying a kill switch that locked out employees when his account was disabled. Davis Lu, 55, of H…THEHACKERNEWS.COM
22 AugAutomation Is Redefining Pentest DeliveryPentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methods—static …THEHACKERNEWS.COM
22 AugFake Mac fixes trick users into installing new Shamos infostealerA new infostealer malware targeting Mac devices, called 'Shamos,' is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. [...]BLEEPINGCOMPUTER.COM
📰 CYBERSECURITY BRIEFINGS 1[−]
22 AugLeadership, Innovation, and the Future of AI: Lessons from Trend Micro CEO & Co-Founder Eva ChenDiscover how AI is reshaping cybersecurity through our CEO, Eva Chen’s industry briefing series. Gain practical strategies, real-world insights, and a clear roadmap to secure your AI initiatives with confidence.TRENDMICRO.COM
📡 INFOSEC NEWS 4[−]
22 AugINTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global CrackdownINTERPOL on Friday announced that authorities from 18 countries across Africa have arrested 1,209 cybercriminals who targeted 88,000 victims. "The crackdown recovered $97.4 million and dismantled 11,432 malicious infrastructures, underscoring the global reach of cybercrime and th…THEHACKERNEWS.COM
22 AugDeveloper gets prison time for sabotaging former employer’s network with a ‘kill switch’The ex-developer was convicted of planting malicious code designed to crash its servers in the event that he was fired.TECHCRUNCH.COM
22 AugMessaging apps that work without an internet connection or cell service | Kaspersky official blogThere might be times when your mobile internet stops working but you still need to stay connected. We look at how mesh messaging apps can help in these situations.KASPERSKY.COM