Author: djohnson

At the outset of a Senate hearing Wednesday on cybersecurity in the health care sector, Sen. Bill Cassidy, R-La., took a moment to implore lawmakers and witnesses to stay focused on the topic at hand — and not veer off into discussions about the impact of cuts to the sector from Republicans’ One Big Beautiful … Read More “Trump bill will have major impact on health care cybersecurity, experts warn Congress  – CyberScoop” »

At the outset of a Senate hearing Wednesday on cybersecurity in the health care sector, Sen. Bill Cassidy, R-La., took a moment to implore lawmakers and witnesses to stay focused on the topic at hand — and not veer off into discussions about the impact of cuts to the sector from Republicans’ One Big Beautiful … Read More “Trump bill will have major impact on health care cybersecurity, experts warn Congress  – CyberScoop” »

The Initial Access Broker (IAB) known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the moniker TGR-CRI-0045, where “TGR” stands for “temporary … Read More “Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets  – The Hacker News” »

The AiLock ransomware gang gives its victims just 72 hours to respond and five days to pay up… or else. If you don’t comply? They will grass you up to regulators, email your competitors, and leak your data for good measure. What a lovely bunch of cybercriminals… Read more in my article on the Fortra … Read More “AiLock ransomware: What you need to know  – Graham Cluley” »

A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts. The activity has been attributed by Trellix Advanced Research Center to an advanced persistent threat (APT) group called DoNot Team, which is also known as APT-C-35, Mint Tempest, … Read More “DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware  – The Hacker News” »

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. … Read More “How To Automate Ticket Creation, Device Identification and Threat Triage With Tines  – The Hacker News” »

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday sanctioned a member of a North Korean hacking group called Andariel for their role in the infamous remote information technology (IT) worker scheme. The Treasury said Song Kum Hyok, a 38-year-old North Korean national with an address in the Chinese province … Read More “U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme  – The Hacker News” »

Cybersecurity researcher Jeremiah Fowler uncovered a massive 286GB data exposure at Texas-based Rockerbox, a tax credit consultancy. Exposed data includes SSNs, DD214s, and financial details, raising serious identity theft and fraud concerns.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations and government agencies. The 33-year-old, Xu Zewei, has been charged with nine counts of wire fraud and conspiracy to cause damage to and obtain … Read More “Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks  – The Hacker News” »

For the first time in 2025, Microsoft’s Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser. Of these 10 … Read More “Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server  – The Hacker News” »

A Chinese state-sponsored hacker, Xu Zewei, 33, has been arrested for his alleged role in the widespread HAFNIUM cyber attacks and theft of COVID-19 research. Learn about the charges and China’s Ministry of State Security involvement.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Microsoft addressed 130 vulnerabilities across its products and underlying Windows systems, but none have been actively exploited in the wild, the company said in its latest security update Tuesday. A proof-of-concept exploit for a high-severity defect in SQL Server — CVE-2025-49719 — has been shared publicly, researchers said. The information disclosure vulnerability, which has a … Read More “Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited  – CyberScoop” »

A U.S. appeals court on Tuesday revived a lawsuit that El Salvadoran journalists had brought against leading spyware maker NSO Group. The U.S. Court of Appeals for the Ninth Circuit concluded that a district court that dismissed the suit — on the grounds that the California court wasn’t the right forum — abused its discretion. … Read More “Appeals court clears path for El Salvadoran journos to sue spyware maker  – CyberScoop” »

The Justice Department said Tuesday that Italian authorities arrested a Chinese national whom DOJ said was involved in the massive Microsoft Exchange Server hack from 2020 to 2021, an arrest made at the United States’ request. The arrest stems from a nine-count indictment dating back to 2023, which named the arrested man, Xu Zewei, 33, … Read More “Italian authorities arrest Chinese man over Microsoft Exchange Server hack, targeting of COVID-19 researchers  – CyberScoop” »

The Treasury Department on Tuesday announced it has sanctioned a North Korean man participating in the widespread IT worker scheme, as well as others in a Russia-based IT worker operation that allegedly benefits the government of North Korea. It’s the second time in as many weeks that feds have taken action against people it says … Read More “Treasury slaps sanctions on people, companies tied to North Korean IT worker schemes  – CyberScoop” »

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy, prompting malicious actors to weaponize … Read More “Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware  – The Hacker News” »

It’s the second Tuesday of the month, and as expected, Adobe and Microsoft have released their latest security patches. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check out … Read More “The July 2025 Security Update Review  – Zero Day Initiative – Blog” »

Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google’s official app marketplace. The malware, disguised as a “PDF Update” to a document viewer app, has been caught serving a deceptive overlay when users attempt to access … Read More “Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play  – The Hacker News” »

In episode 58 of “The AI Fix” podcast, our hosts discover a pair of AI headphones that don’t electrocute you, Microsoft invents “medical superintelligence”, Chucky opens a hotel, some robot footballers fall over, Jony Ive invents a $6 billion pen, and Malcolm Gladwell fears a dystopian future full of children playing joyfully in the street. … Read More “The AI Fix #58: An AI runs a shop into the ground, and AI’s obsession with the number 27  – Graham Cluley” »

Applications are a common intrusion point, but the way attackers gain access, maneuver and create mayhem within and across applications doesn’t always neatly fit into MITRE’s ATT&CK framework.  The team at Oligo Security is releasing a new framework it calls Application Attack Matrix to complement areas of MITRE’s framework that it describes as too broad, … Read More “Oligo Security strives to fill application-layer gaps in MITRE ATT&CK framework  – CyberScoop” »

Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025. First released by 7finney in … Read More “Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension  – The Hacker News” »

Identity-based cyberattacks soar 156%, driven by cheap Phishing-as-a-Service & infostealer malware. Learn how criminals bypass MFA to steal credentials, access bank accounts, and compromise business emails.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public … Read More “BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally  – The Hacker News” »

Cybersecurity researchers are calling attention to a malware campaign that’s targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command injection vulnerability affecting TBK DVR-4104 and DVR-4216 DVRs, and CVE-2024-12856, an operating  – Read … Read More “RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks  – The Hacker News” »

From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal about… In recent months, major retailers like Adidas, The North Face, Dior, Victoria’s Secret, Cartier, Marks & Spencer, and Co‑op have all been breached. These attacks weren’t sophisticated  … Read More “5 Ways Identity-based Attacks Are Breaching Retail  – The Hacker News” »

Pakistan’s APT36 Transparent Tribe uses phishing and Linux malware to target Indian defence systems running BOSS Linux says Cyfirma.  – Read More  – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto 

Russian organizations have been targeted as part of an ongoing campaign that delivers a previously undocumented Windows spyware called Batavia. The activity, per cybersecurity vendor Kaspersky, has been active since July 2024. “The targeted attack begins with bait emails containing malicious links, sent under the pretext of signing a contract,” the Russian company said. “The … Read More “Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms  – The Hacker News” »

Everything feels secure—until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms—they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection—that’s all it takes. Staying safe isn’t just … Read More “⚡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More  – The Hacker News” »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is as follows – CVE-2014-3931 (CVSS score: 9.8) – A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote … Read More “CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation  – The Hacker News” »