Author: Joe-W

Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution.  The two vulnerabilities impacting Sophos Firewall are listed below – CVE-2025-6704 (CVSS score: 9.8) – An arbitrary file writing vulnerability in the Secure PDF eXchange … Read More “Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices  – The Hacker News” »

Cybercrime forum XSS is back online on its mirror and dark web domains just one day after seizure and admin arrest, but questions about its full return remain unanswered.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Brave browser now blocks Microsoft Recall by default, preventing screenshots and protecting users’ browsing history on Windows 11.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama’s 90th birthday on July 6, 2025. The multi-stage attacks have been codenamed Operation GhostChat and Operation PhantomPrayers by Zscaler ThreatLabz. “The attackers compromised a legitimate website, redirecting users via a … Read More “China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community  – The Hacker News” »

You wouldn’t run your blue team once a year, so why accept this substandard schedule for your offensive side? Your cybersecurity teams are under intense pressure to be proactive and to find your network’s weaknesses before adversaries do. But in many organizations, offensive security is still treated as a one-time event: an annual pentest, a … Read More “Pentests once a year? Nope. It’s time to build an offensive SOC  – The Hacker News” »

Is Managing Customer Logins and Data Giving You Headaches? You’re Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let’s be honest, we’re also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing … Read More “Watch This Webinar to Uncover Hidden Flaws in Login, AI, and Digital Trust — and Fix Them  – The Hacker News” »

Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The tech giant, in an update shared Wednesday, said the findings are based on an “expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603.” The threat actor … Read More “Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems  – The Hacker News” »

National Nuclear Security Administration and National Institutes of Health targeted in global Microsoft SharePoint vulnerability exploitation. Chinese hacking groups suspected in widespread data breaches.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Europol on Monday announced the arrest of the suspected administrator of XSS.is (formerly DaMaGeLaB), a notorious Russian-speaking cybercrime platform. The arrest, which took place in Kyiv, Ukraine, on July 222, 2025, was led by the French Police and Paris Prosecutor, in collaboration with Ukrainian authorities and Europol. The action is the result of an investigation … Read More “Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace  – The Hacker News” »

Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the “mu-plugins” directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the “wp-content/mu-plugins”  – Read … Read More “Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access  – The Hacker News” »

Graham warns why it is high time we said goodbye to 2G – the outdated mobile network being exploited by cybercriminals with suitcase-sized SMS blasters. From New Zealand to London, scammers are driving around cities like dodgy Uber drivers, spewing phishing texts to thousands at once. Meanwhile, Carole unpacks a painfully awkward tale of amour … Read More “Smashing Security podcast #427: When 2G attacks, and a romantic road trip goes wrong  – Graham Cluley” »

FBI warns of Interlock ransomware using unique tactics to hit businesses and critical infrastructure with double extortion.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances. The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long history of leveraging N-day security flaws in various web applications to … Read More “Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware  – The Hacker News” »

The Trump administration’s new AI Action Plan calls for companies and governments to lean into the technology when protecting critical infrastructure from cyberattacks. But it also recognizes that these systems are themselves vulnerable to hacking and manipulation, and calls for industry adoption of “secure by design” technology design standards to limit their attack surfaces. The … Read More “Trump AI plan pushes critical infrastructure to use AI for cyber defense  – CyberScoop” »

XSS.IS has been seized after its admin was arrested in Ukraine, however its dark web and mirror domains only show a 504 Gateway Timeout error.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Ransomware, considered by British authorities to be the UK’s greatest cybercrime threat, costing the nation billions of pounds and with the capbility to bring essential services to a standstill, is in the gunsights of government. Read more in my article on the Hot for Security blog.  – Read More  – Graham Cluley 

A pair of maximum-severity vulnerabilities affecting Cisco’s network access security platform are under active exploitation, the enterprise networking and IT vendor warned in a security advisory Monday. The software defects in Cisco Identity Services Engine and Cisco ISE Passive Identity Connector — CVE-2025-20281 and CVE-2025-20337 — were disclosed and addressed by Cisco on June 25, … Read More “Cisco network access security platform vulnerabilities under active exploitation  – CyberScoop” »

Ukrainian authorities Tuesday arrested the alleged administrator of XSS.is, a Russian-language cybercrime forum, following a four-year investigation by the Paris public prosecutor’s office.  Law enforcement officials from France and Europol seized the domain of the influential forum following the arrest. Authorities have not named the suspected administrator of XSS.is. The forum, which was active since … Read More “Authorities in Ukraine nab alleged admin of Russian-language cybercrime forum  – CyberScoop” »

Suspected admin of XSS.IS, a major Russian-language cybercrime forum, arrested in Ukraine after years of running malware and data trade operations.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information. “The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes’ web addresses and cryptocurrency exchanges,” Akamai security researcher … Read More “New Coyote Malware Variant Exploits Windows UI Automation to Steal Banking Credentials  – The Hacker News” »

Microsoft was the most impersonated brand in phishing attacks during Q2 2025, accounting for 25% of all attempts, according to Check Point Research.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections rely on brittle heuristics and static rules, which don’t hold up for detecting potential attack patterns in highly variable Kerberos traffic. They frequently generate false positives or miss “low-and-slow” attacks … Read More “Kerberoasting Detections: A New Approach to a Decade-Old Challenge  – The Hacker News” »

Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. “As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers,” Matthew Suozzo, Google Open … Read More “Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below – CVE-2025-2775 (CVSS score: 9.3) – An improper restriction of XML external entity (XXE) reference vulnerability in the  … Read More “CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. To that end, Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by July 23, 2025. “CISA is  – … Read More “CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks  – The Hacker News” »

Coyote Trojan becomes first malware to abuse Microsoft’s UI Automation in real attacks, targeting banks and crypto platforms with stealthy tactics.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Data from sensors that detect threats in critical infrastructure networks is sitting unanalyzed after a government contract expired this weekend, raising risks for operational technology, a program leader at Lawrence Livermore National Laboratory told lawmakers Tuesday. That news arrived at a hearing of a House Homeland Security subcommittee on Stuxnet, the malware that was discovered … Read More “Contract lapse leaves critical infrastructure cybersecurity sensor data unanalyzed at national lab   – CyberScoop” »

In a congressional hearing on state voter registration practices Tuesday, Republicans on the House Administration Committee were united around common sentiments: It is too easy for citizens to register to vote and too easy for them to stay on voter rolls, states aren’t doing enough to remove ineligible voters, and it’s all led to the … Read More “House Republicans endorse stricter state and federal-led voter roll purges despite dearth of evidence on fraud  – CyberScoop” »