🚨 CISA KEV 1[−]
29 Aug KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-57819 Sangoma FreePBX Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicious cybe…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 3[−]
29 AugCritical Hikvision Vulnerabilities Allow Remote Command InjectionOn August 28, 2025, the Hikvision Security Response Center (HSRC) issued Security Advisory SN No. HSRC-202508-01, detailing three critical vulnerabilities affecting various HikCentral products. Collectively assigned CVE identifiers CVE-2025-39245, CVE-2025-39246, and CVE-2025-392…GBHACKERS.COM
29 AugResearchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code ExecutionThree new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution. The flaws, per watchTowr Labs, are listed below - CVE-2025-53693 - HTML cache poisoning through un…THEHACKERNEWS.COM
29 AugWhatsApp Zero-Day Vulnerability Exploited with 0-Click Attacks to Hack Apple DevicesWhatsApp has issued a critical security advisory addressing a newly discovered zero-day vulnerability, tracked as CVE-2025-55177, which has been exploited in highly sophisticated zero-click attacks targeting Mac and iOS users. The vulnerability, combined with an OS-level flaw (CV…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
29 AugSilver Fox Hackers Use Driver Vulnerability to Evade Security on Windows SystemsA sophisticated campaign by the Silver Fox APT group that exploits a previously unknown vulnerable driver to bypass endpoint detection and response (EDR) and antivirus solutions on fully updated Windows 10 and 11 systems. Check Point Research (CPR) revealed on August 28, 2025, th…GBHACKERS.COM
29 AugNew Mac Malware Dubbed “JSCoreRunner” Weaponizing PDF Conversion Site to Deliver MalwareA sophisticated new Mac malware campaign has emerged that exploits users’ trust in free online PDF conversion tools, demonstrating how cybercriminals continue to evolve their tactics to bypass modern security measures. Cybersecurity firm Mosyle has exclusively disclosed the…GBHACKERS.COM
29 AugCybercrime increasingly moving beyond financial gainsWhen it comes to cybercrime, the stories are often told in numbers. By 2025, it is expected to cost $10.5 trillion globally. If it were a country, its economy would rank it third globally, behind only the US and Chinese economies. Money raised through online fraud — from phishing…CSOONLINE.COM
29 AugThreat Actors Use Facebook Ads to Deliver Android MalwareCybercriminals are increasingly turning their sights from desktop to mobile, exploiting Meta’s advertising platform to distribute a sophisticated Android banking trojan disguised as a free TradingView Premium app. Bitdefender Labs warns that these threat actors have shifted tacti…GBHACKERS.COM
29 AugGoogle Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All IntegrationsGoogle has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it impacts all integrations. "We now advise all Salesloft Drift customers to treat any and all authentication tokens st…THEHACKERNEWS.COM
29 AugOperation Serengeti 2.0: Trend Micro Helps Law Enforcement Fight Cybercrime in AfricaOperation Serengeti 2.0: With Trend Micro’s support, INTERPOL led a major crackdown across Africa, arresting cybercriminals, dismantling infrastructures, recovering illicit funds, and protecting tens of thousands of victims.TRENDMICRO.COM
29 AugTransUnion Data Breach Compromises Over 4 Million CustomersIn a significant data breach disclosed by TransUnion LLC, more than 4.4 million consumers had sensitive personal information compromised in late July 2025. The credit reporting agency, headquartered at 555 W. Adams Street in Chicago, Illinois, revealed the incident on August 26, …GBHACKERS.COM
29 AugMicrosoft Teams Abused in Cyberattack Delivering PowerShell-Based Remote Access MalwareIn a concerning development for enterprise security, cybercriminals have begun exploiting Microsoft Teams—long trusted as an internal messaging and collaboration tool—to deliver PowerShell-based malware and gain unauthorized remote access to Windows systems. By impersonating IT s…GBHACKERS.COM
29 AugClick Studios Patches Passwordstate Authentication Bypass Vulnerability in Emergency Access PageClick Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication bypass vulnerability in its software. The issue, which is yet to be assigned a CVE identifier, has been addressed in P…THEHACKERNEWS.COM
29 Aug KEVFreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now AvailableThe Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel (ACP) exposed to the public internet. FreePBX is an open-source private branch exchange (PBX) platf…THEHACKERNEWS.COM
29 AugRansomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise AttacksStorm-0501 has been leveraging cloud-native capabilities for data exfiltration and deletion, without deploying file-encrypting malware. The post Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
29 AugNevada Confirms Ransomware Attack Behind Statewide Service DisruptionsState officials confirm ransomware forced office closures, disrupted services, and led to data theft, as Nevada works with CISA and law enforcement to restore critical systems. The post Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions appeared first on Secur…SECURITYWEEK.COM
29 AugUS Sanctions Russian National, Chinese Firm Aiding North Korean IT WorkersUS Treasury sanctions Russian and Chinese entities tied to North Korea’s use of fake IT workers, who exploited stolen identities, AI, and malware to funnel millions back to Pyongyang. The post US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers appeared fir…SECURITYWEEK.COM
29 AugGoogle Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft CampaignGoogle says the same OAuth token compromise that enabled Salesforce data theft also let hackers access a small number of Workspace accounts via the Salesloft Drift integration. The post Google Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft Campaign …SECURITYWEEK.COM
29 AugKI greift erstmals autonom ansrcset="https://b2b-contenthub.com/wp-content/uploads/2025/08/shutterstock_782150845.jpg?quality=50&strip=all 3333w, https://b2b-contenthub.com/wp-content/uploads/2025/08/shutterstock_782150845.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com…CSOONLINE.COM
29 AugAppSuite PDF Editor Exploit Lets Hackers Run Arbitrary CommandsA sophisticated backdoor in AppSuite PDF Editor that enables threat actors to execute arbitrary commands on compromised Windows systems. Initially flagged as a potentially unwanted program due to its aggressive installation behavior, AppSuite’s true nature was revealed when its m…GBHACKERS.COM
29 AugVS Code Marketplace Abused by Threat Actors to Deliver Malware via Trusted ExtensionsA recently uncovered vulnerability in the Visual Studio Code (VS Code) Marketplace has allowed malicious actors to hijack discontinued extension names and slip malware past unsuspecting developers. In June, ReversingLabs (RL) researchers discovered a new malicious extension, ahba…GBHACKERS.COM
29 AugTwo New feeds from CERT-FR integrated in Vulnerability-Lookupsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://discourse.ossbase.org/t/two-new-feeds-from-cert-fr-integrated-in-vulnerability-lookup/707INFOSEC.PUB
29 AugVerifTools Fake ID Operation Dismantled by Law EnforcementAuthorities say VerifTools sold fake driver’s licenses and passports worldwide, enabling fraudsters to bypass KYC checks and access online accounts. The post VerifTools Fake ID Operation Dismantled by Law Enforcement appeared first on SecurityWeek .SECURITYWEEK.COM
29 AugNew BruteForceAI Tool Automatically Detects Login Pages and Executes Smart Brute-Force Attackssubmitted by cm0002 to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/bruteforceai-penetration-testing-tool/INFOSEC.PUB
29 AugMicrosoft to enforce MFA for Azure resource management in OctoberStarting in October, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect Azure clients from unauthorized access attempts. [...]BLEEPINGCOMPUTER.COM
29 AugWhatsApp patches vulnerability exploited in zero-day attacksWhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. [...]BLEEPINGCOMPUTER.COM
29 AugWhatsApp fixes ‘zero-click’ bug used to hack Apple users with spywareA spyware vendor was behind a recent campaign that abused a vulnerability in WhatsApp to deliver an exploit capable of hacking into iPhones and Macs.TECHCRUNCH.COM
29 AugChinese hacking group Salt Typhoon expansion prompts multinational advisoryPervasive Chinese hacking group Salt Typhoon continues to strike, this time setting its sights on the Netherlands. Dutch intelligence authorities have confirmed that the cyber actors accessed routers belonging to smaller internet service and hosting providers. This follows a star…CSOONLINE.COM
📋 SECURITY BULLETINS 2[−]
29 AugAbandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage CampaignAn abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia. "…THEHACKERNEWS.COM
29 AugMicrosoft says recent Windows update didn't kill your SSDMicrosoft has found no link between the August 2025 KB5063878 security update and customer reports of failure and data corruption issues affecting solid-state drives (SSDs) and hard disk drives (HDDs). [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 6[−]
29 AugZipline Phishing, Google Urges Password Resets, and AI-Driven Threats: Cybersecurity TodayIn this episode of Cybersecurity Today, host Jim Love delves into the latest cyber threats and risks. Key topics include the new phishing campaign Zipline that flips traditional tactics, Google's call for 2.5 billion Gmail users to reset passwords due to a phishing attack by Shin…CYBERSECURITYTODAY.LIBSYN.COM
29 AugNetherlands Confirms China’s Salt Typhoon Hacking Group Targeted Small Dutch Telcossubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/china-salt-typhoon-dutch-telcos/ cross-posted from: lemmy.sdf.org/post/41271046 Archived Dutch intelligence agencies have revealed that the Chinese hacking group Salt Typhoo…INFOSEC.PUB
29 AugNetherlands Confirms China’s Salt Typhoon Hacking Group Targeted Small Dutch Telcossubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/china-salt-typhoon-dutch-telcos/ cross-posted from: lemmy.sdf.org/post/41271046 Archived Dutch intelligence agencies have revealed that the Chinese hacking group Salt Typhoo…SH.ITJUST.WORKS
29 AugAmazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code AuthenticationAmazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts. The campaign used "compromised websites to redirect visitors to malicious in…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 8[−]
29 AugCatch-22: Uncovering Compromised Hosts using SSH Public Keys | USENIXsubmitted by jstangroome to cybersecurity 1 points | 0 comments https://www.usenix.org/conference/usenixsecurity25/presentation/munteanu In this paper, we present a method to identify compromised SSH servers at scale. For this, we use SSH’s behavior to only send a challenge durin…INFOSEC.PUB
29 AugPopular Nx Packages Compromised by Credential-Stealing MalwareA widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive credentials and demonstrating a frighteningly comprehensive approach to future threats. Security researchers have confirmed that malicious versions …GBHACKERS.COM
29 AugTransUnion Data Breach Impacts 4.4 MillionThe credit reporting firm did not name the third-party application involved in the incident, only noting that it was used for its US consumer support operations. The post TransUnion Data Breach Impacts 4.4 Million appeared first on SecurityWeek .SECURITYWEEK.COM
29 AugI Hacked BellaBot and Every Robot from China's Biggest Robotics Company (Pudu Only Fixed It When I Told Their Clients)submitted by Pro to cybersecurity 1 points | 0 comments https://bobdahacker.com/blog/hacked-biggest-chinese-robot-company cross-posted from: programming.dev/post/36521221SH.ITJUST.WORKS
29 AugIn Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in AttacksNoteworthy stories that might have slipped under the radar: communications of dozens of Iranian ships disrupted, only apps from verified developers will run on Android devices, and AI used across multiple phases of malicious attacks. The post In Other News: Iranian Ships Hacked, …SECURITYWEEK.COM
29 AugSweden scrambles after ransomware attack puts sensitive worker data at riskMunicipal government organisations across Sweden have found themselves impacted after a ransomware attack at a third-party software service supplier. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
29 AugFBI says China’s Salt Typhoon hacked at least 200 US companiessubmitted by Davriellelouna to cybersecurity 1 points | 0 comments https://techcrunch.com/2025/08/27/fbi-says-chinas-salt-typhoon-hacked-at-least-200-us-companies/INFOSEC.PUB
29 AugFBI says China’s Salt Typhoon hacked at least 200 US companiessubmitted by Davriellelouna to cybersecurity 1 points | 0 comments https://techcrunch.com/2025/08/27/fbi-says-chinas-salt-typhoon-hacked-at-least-200-us-companies/SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 15[−]
29 AugISC Stormcast For Friday, August 29th, 2025 https://isc.sans.edu/podcastdetail/9592, (Fri, Aug 29th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
29 AugDPRK Remote Work Tactics: Leveraging Code-Sharing PlatformsDPRK IT workers have leveraged popular code-sharing platforms such as GitHub, CodeSandbox, and Medium to cultivate convincing developer portfolios and land remote positions under fabricated identities. Investigations reveal approximately 50 active GitHub profiles operated by Nort…GBHACKERS.COM
29 AugBaggage Tag ScamI just heard about this : There’s a travel scam warning going around the internet right now: You should keep your baggage tags on your bags until you get home, then shred them, because scammers are using luggage tags to file fraudulent claims for missing baggage with the ai…SCHNEIER.COM
29 AugVirusTotal Launches Endpoint That Explains Code Functionality for Malware AnalystsVirustotal today unveiled a powerful addition to its Code Insight suite: a dedicated API endpoint that accepts code snippets—either disassembled or decompiled—and returns succinct summaries and detailed descriptions tailored for malware analysts. Launched over two years after the…GBHACKERS.COM
29 AugYour KnowBe4 Fresh Content Updates from August 2025Check out the 19 new pieces of training content added in August, alongside the always fresh content update highlights, new features and events.KNOWBE4.COM
29 AugTamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookiessubmitted by Amoxtli to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/08/tamperedchef-malware-disguised-as-fake.html?m=1SH.ITJUST.WORKS
29 AugGoogle is getting ready to 'hack back' as US considers shifting from cyber defense to offense — new 'Scam Farms' bill opens up new retaliatory hacking actionssubmitted by Amoxtli to cybersecurity 2 points | 0 comments https://www.tomshardware.com/tech-industry/cyber-security/google-is-getting-ready-to-hack-back-as-us-considers-shifting-from-cyber-defense-to-offense-new-scam-farms-bill-opens-up-new-retaliatory-hacking-actionsSH.ITJUST.WORKS
29 AugOne of the Biggest Mysteries in Cybersecurity: Why Don’t We Teach or Demand Secure“The problem is much, much worse than most people acknowledge.” One of the biggest enduring mysteries for me in cybersecurity is why most cybersecurity curricula don’t teach secure coding to programmers.KNOWBE4.COM
29 AugWeaponized PDFs and LNK Files Used in Windows AttacksA clandestine campaign in which threat actors are weaponizing a legitimate-looking PDF document, titled “국가정보연구회 소식지 (52호)” (National Intelligence Research Society Newsletter – Issue 52), alongside a malicious Windows shortcut (LNK) file named 국가정보연구회 소식지(52호).pdf.LNK. The attack…GBHACKERS.COM
29 AugCybersecurity News Review - Week 35 (2025)submitted by cm0002 to cybersecurity 1 points | 0 comments https://cybernewsweekly.substack.com/p/cybersecurity-news-review-week-35-663INFOSEC.PUB
29 AugWhatsApp fixes ‘zero-click’ bug used to hack Apple users with spywaresubmitted by Davriellelouna to cybersecurity 1 points | 0 comments https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/INFOSEC.PUB
29 AugWhatsApp fixes ‘zero-click’ bug used to hack Apple users with spywaresubmitted by Davriellelouna to cybersecurity 1 points | 0 comments https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/SH.ITJUST.WORKS
29 AugMalicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentialssubmitted by Amoxtli to cybersecurity 2 points | 0 comments https://thehackernews.com/2025/08/malicious-nx-packages-in-s1ngularity.html?m=1SH.ITJUST.WORKS
29 AugFriday Squid Blogging: Catching Humboldt SquidFirst-person account of someone accidentally catching several Humboldt squid on a fishing line. No photos, though. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
29 AugAstro Oblivion, FreePBX, GitHub, OWASP, Promptlock, Claude Aaran Leyland - SWN #507Porn bombing the celestial zoom room and Astro Oblivion, FreePBX, GitHub, OWASP, Promptlock, Claude Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/s…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
29 AugTamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and CookiesCybersecurity researchers have discovered a cybercrime campaign that's using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef. "The objective is to lure victims into downloading and installing a trojanized PDF edit…THEHACKERNEWS.COM
29 AugCyber security best practices for managing emailWhether you lead a small or medium business or are an employee, email configuration is a key component to ensuring that your organization is protected against various cyber threatsCYBER.GC.CA
29 AugCyber security best practices for managing email (ITSAP.60.002)Whether you lead a small or medium business or are an employee, email configuration is a key component to ensuring that your organization is protected against various cyber threatsCYBER.GC.CA
29 AugWindows 11 KB5064081 update clears up CPU usage metrics in Task ManagerMicrosoft has released the KB5064081 preview cumulative update for Windows 11 24H2, which includes thirty-six new features or changes, with many gradually rolling out. These updates include new Recall features and a new way of displaying CPU usage in Task Manager. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 5[−]
29 AugFeds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New DomainAuthorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudulent identity documents to cybercriminals across the world. To that end, two marketplace domains (verif[.]tools and veriftools[.]ne…THEHACKERNEWS.COM
29 AugCan Your Security Stack See ChatGPT? Why Network Visibility MattersGenerative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve efficiency across tasks, they also present new data leak prevention for generative AI challenges. Sensitive information may be shared through …THEHACKERNEWS.COM
29 AugEmpowering Rural Education: Sophos India’s Volunteering InitiativeTransforming Futures: How Sophos India’s volunteers are driving education and hope in rural communities.SOPHOS.COM
29 AugWordPress: vulnerabilities in plugins and themes | Kaspersky official blogFresh vulnerabilities in WordPress plugins and themes, plus tips to reduce compromise risk.KASPERSKY.COM
29 AugMicrosoft fixes bug behind Windows certificate enrollment errorsMicrosoft has resolved a known issue causing false CertificateServicesClient (CertEnroll) error messages after installing the July 2025 preview and subsequent Windows 11 24H2 updates. [...]BLEEPINGCOMPUTER.COM