Privacy/Governance Feed
Microsoft revealed it has seized 338 websites associated with RaccoonO365, a phishing kit which has stolen at least 5000 Microsoft credentials worldwide – Read More –
Privacy/Governance Feed
New IO research reveals a surge in AI attacks attempting to corrupt underlying training data – Read More –
Attack Feeds
Cybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going “dark.” Threat intelligence firm ReliaQuest said it has observed indications that the threat actor has shifted their focus to the financial sector. This is supported by … Read More “Scattered Spider Resurfaces With Financial Sector Attacks Despite Retirement Claims – The Hacker News” »
Privacy/Governance Feed
A secret-stealing worm is spreading fast across the npm ecosystem, experts have warned – Read More –
Attack Feeds
The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and possessing child sexual abuse material (CSAM). Conor Brian Fitzpatrick (aka Pompompurin), 22, of Peekskill, New York, pleaded guilty to one count of access device conspiracy, … Read More “DOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAM – The Hacker News” »
Attack Feeds
Microsoft’s Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024. “Using a court order granted by the Southern … Read More “RaccoonO365 Phishing Network Shut Down After Microsoft and Cloudflare Disrupt 338 Domains – The Hacker News” »
Gov/ISAC Feeds
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Mozilla Focus for iOS is a private mobile browser … Read More “Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Attack Feeds
Microsoft’s Digital Crimes Unit coordinated the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that developed and sold phishing kits that have been used to steal more than 5,000 Microsoft credentials since July 2024, the company said Tuesday. The threat group, which Microsoft tracks as Storm-2246, enabled cybercriminals to steal credentials … Read More “Microsoft seizes hundreds of phishing sites tied to massive credential theft operation – CyberScoop” »
Attack Feeds
Secure document editing protects sensitive data with encryption and compliance tools, while reducing costly breaches and building trust,… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Attack Feeds
A man who pleaded guilty in 2023 for charges related to his work as founder and operator of the notorious BreachForums website was resentenced Tuesday to three years in prison after having his initial sentence overturned in January. Conor Brian Fitzpatrick, 22, operated BreachForums — once regarded as the largest English-language cybercrime marketplace — under … Read More “BreachForums founder resentenced to three years in prison – CyberScoop” »
Attack Feeds
Newark, New Jersey, United States, 16th September 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Attack Feeds
Researchers spot FileFix phishing sites that deliver StealC Infostealer through fake Facebook warnings and hidden payloads in images. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Attack Feeds
Apple’s latest operating systems for its most popular devices — iPhones, iPads and Macs — include patches for multiple vulnerabilities, but the company didn’t issue any warnings about active exploitation. Apple patched 27 defects with the release of iOS 26 and iPadOS 26 and 77 vulnerabilities with the release of macOS 26, including some bugs … Read More “Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs – CyberScoop” »
Attack Feeds
FBI cyber division cuts under President Donald Trump will reduce personnel there by half, a top Democratic senator warned Tuesday, while FBI Director Kash Patel countered that arrests and convictions have risen under the Trump administration. A contentious Senate Judiciary Committee hearing dominated by clashes over political violence, Patel’s leadership and accusations about the politicization … Read More “Senators, FBI Director Patel clash over cyber division personnel, arrests – CyberScoop” »
Attack Feeds
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. “Attackers need only minimal in-cluster network access to exploit these vulnerabilities, execute the platform’s fault injections (such as shutting down pods or disrupting network communications), and perform – Read More – The … Read More “Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover – The Hacker News” »
Attack Feeds
Check Point Software Technologies announced Monday it will acquire Lakera, a specialized artificial intelligence security platform, as entrenched cybersecurity companies continue to expand their offerings to match the generative AI boom. The deal, expected to close in the fourth quarter of 2025, positions Check Point to offer what the company describes as an “end-to-end AI … Read More “Check Point acquires AI security firm Lakera in push for enterprise AI protection – CyberScoop” »
Privacy/Governance Feed
Fifteen ransomware groups have claimed shutdown on BreachForums; experts warn of rebrands and copycats – Read More –
Privacy/Governance Feed
The attack, which is linked to ShinyHunters, has reportedly compromised data relating to 7.4 million unique email addresses – Read More –
Privacy/Governance Feed
AI-native Villager, which automates Kali and DeepSeek penetration tests, has reached 11,000 PyPI downloads fueling dual-use threat – Read More –
Attack Feeds
A massive ad fraud and click fraud operation dubbed SlopAds ran a cluster of 224 apps, collectively attracting 38 million downloads across 228 countries and territories. “These apps deliver their fraud payload using steganography and create hidden WebViews to navigate to threat actor-owned cashout sites, generating fraudulent ad impressions and clicks,” HUMAN’s Satori Threat Intelligence … Read More “SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids – The Hacker News” »
Attack Feeds
Luxury fashion group Kering – owner of the prestigious Gucci, Balenciaga, and Alexander McQueen brands, amongst others – has confirmed that hackers stole customer data from its systems in June 2025. Read more in my article on the Hot for Security blog. – Read More – Graham Cluley
Attack Feeds
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package … Read More “Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security” »
Attack Feeds
In episode 68 of The AI Fix, our hosts open the show by launching the thing nobody asked for but everybody wanted: our shiny new merch store – yes, including the “Would YOU trust a pigeon???” t-shirt for when you need fashion alongside health and safety. Meanwhile, AI hoaxers send Manila firefighters racing to an … Read More “The AI Fix #68: AI telepathy, and rights for robots – Graham Cluley” »
Attack Feeds
Ukrainian fugitive Volodymyr Tymoshchuk, linked to LockerGoga ransomware, has been added to the EU Most Wanted list as global authorities pursue him. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Attack Feeds
Las Vegas, United States, 16th September 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Attack Feeds
Cybersecurity researchers have warned of a new campaign that’s leveraging a variant of the FileFix social engineering tactic to deliver the StealC information stealer malware. “The observed campaign uses a highly convincing, multilingual phishing site (e.g., fake Facebook Security page), with anti-analysis techniques and advanced obfuscation to evade detection,” Acronis security researcher Eliad – Read … Read More “New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site – The Hacker News” »
Attack Feeds
AI agents are rapidly becoming a core part of the enterprise, being embedded across enterprise workflows, operating with autonomy, and making decisions about which systems to access and how to use them. But as agents grow in power and autonomy, so do the risks and threats. Recent studies show 80% of companies have already experienced … Read More “Securing the Agentic Era: Introducing Astrix’s AI Agent Control Plane – The Hacker News” »
Attack Feeds
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. “Apple is aware of a report that … Read More “Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack – The Hacker News” »
Privacy/Governance Feed
Reports of email phishing attempts impersonating the UK’s HM Revenue & Customs plummeted in the first half of 2025 – Read More –
Attack Feeds
ShinyHunters reportedly hacked Kering, exposing Gucci, Balenciaga and Alexander McQueen customer data, raising risks of scams and spear… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Privacy/Governance Feed
Jaguar Land Rover (JLR) has confirmed that its pause in production will last until at least Wednesday, September 24 – Read More –
Privacy/Governance Feed
Thales claims there were over 40,000 API incidents in the first half of 2025 – Read More –
Privacy/Governance Feed
An insider data breach at FinWise may have impacted 689,000 customers – Read More –
Privacy/Governance Feed
The new digital personal data protection (DPDP) act, 2023, of India is a major shift in the management of… The post Breaking Down the DPDP Act appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
Attack Feeds
A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix (CVE-2025-6202, CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist … Read More “Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds – The Hacker News” »
Attack Feeds
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. “The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling – Read More … Read More “40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials – The Hacker News” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-10 visionOS 26 visionOS 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125115. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple Vision Pro Impact: An app … Read More “APPLE-SA-09-15-2025-10 visionOS 26 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-11 Safari 26 Safari 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125113. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Sonoma and macOS Sequoia Impact: … Read More “APPLE-SA-09-15-2025-11 Safari 26 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-12 Xcode 26 Xcode 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125117. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Dev Tools Available for: macOS Sequoia 15.6 and later … Read More “APPLE-SA-09-15-2025-12 Xcode 26 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-7 macOS Sonoma 14.8 macOS Sonoma 14.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/125112. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AMD Available for: macOS Sonoma Impact: An … Read More “APPLE-SA-09-15-2025-7 macOS Sonoma 14.8 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-8 tvOS 26 tvOS 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125114. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Neural Engine Available for: Apple TV 4K (2nd … Read More “APPLE-SA-09-15-2025-8 tvOS 26 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-9 watchOS 26 watchOS 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125116. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Neural Engine Available for: Apple Watch Series 9 … Read More “APPLE-SA-09-15-2025-9 watchOS 26 – Full Disclosure” »
Alert Feeds
Posted by Ron E on Sep 15 Multiple functions in libvips invoke callbacks through incorrectly cast function pointers, resulting in Undefined Behavior (UB). During runtime, callbacks such as search_package, vips_class_map_all, vips_foreign_find_load_sub, vips_object_real_postbuild, and vips_area_free_cb are called through function pointer types that do not match their actual signatures. This is benign on x86-64, where calling … Read More “libvips v8.18.0 Function Pointer Type Confusion in libvips Callback Dispatch – Full Disclosure” »
Alert Feeds
Posted by Ron E on Sep 15 An integer overflow vulnerability exists in the LZX decompression routines of CHMLib (tested in version 0.40, latest release as of 2025). The issue occurs within lzx.c during bitstream parsing (lzx_read_lens and LZXdecompress), where crafted CHM files can supply values that cause left-shift operations to exceed the representable … Read More “CHMLIB 0.40a Integer Overflow in LZX Decompression of CHMLib – Full Disclosure” »
Alert Feeds
Posted by Ron E on Sep 15 A vulnerability exists in CHMLib (latest release 0.40) when parsing malformed CHM (Compiled HTML Help) files. The functions _unmarshal_int32 and _unmarshal_uint32 reconstruct 32-bit values using left shifts on signed integers without proper type casting: *dest = (*pData)[0] | (*pData)[1]<<8 | (*pData)[2]<<16 | (*pData)[3]<<24; If an attacker supplies … Read More “CHMLib 0.40a Integer Overflow in _unmarshal_int32 / _unmarshal_uint32 During CHM Header Parsing – Full Disclosure” »
Alert Feeds
Posted by Ron E on Sep 15 libwmf is vulnerable to an integer overflow / undefined behavior condition in multiple code paths. The affected source files (wmf.c, fig.c, svg.c) use left-shift operations on signed integers that shift into the sign bit (e.g., 1 << 31). According to the C standard, shifting a signed integer … Read More “libwmf v0.2.13 Integer Overflow in libwmf Left-Shift Operations (wmf.c, fig.c, svg.c) – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-1 iOS 26 and iPadOS 26 iOS 26 and iPadOS 26 addresses the following issues. Information about the security content is also available at https://support.apple.com/125108. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Neural Engine … Read More “APPLE-SA-09-15-2025-1 iOS 26 and iPadOS 26 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-2 iOS 18.7 and iPadOS 18.7 iOS 18.7 and iPadOS 18.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/125109. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Audio Available for: … Read More “APPLE-SA-09-15-2025-2 iOS 18.7 and iPadOS 18.7 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-3 iOS 16.7.12 and iPadOS 16.7.12 iOS 16.7.12 and iPadOS 16.7.12 addresses the following issues. Information about the security content is also available at https://support.apple.com/125141. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: … Read More “APPLE-SA-09-15-2025-3 iOS 16.7.12 and iPadOS 16.7.12 – Full Disclosure” »
Alert Feeds
Posted by Apple Product Security via Fulldisclosure on Sep 15 APPLE-SA-09-15-2025-4 iOS 15.8.5 and iPadOS 15.8.5 iOS 15.8.5 and iPadOS 15.8.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/125142. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: … Read More “APPLE-SA-09-15-2025-4 iOS 15.8.5 and iPadOS 15.8.5 – Full Disclosure” »