Cybersecurity News from Across the Internet
Every chief information security officer understands that unresolved vulnerabilities can eventually become entry points for threats. In the private sector, we don’t ignore gaps in leadership when they pose security risks. However, that’s precisely the risk our nation faces with the ongoing vacancy at the head of the Cybersecurity and Infrastructure Security Agency. As the … Read More “Patch the vulnerability: Confirm Sean Plankey as CISA director – CyberScoop” »
The personal data of almost 145,000 people who were registered in Manpower’s systems was compromised – Read More –
Fake Minecraft clone Eaglercraft 1.12 Offline spreads NjRat spyware stealing passwords, spying via webcam and microphone, warns Point… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Security operations have never been a 9-to-5 job. For SOC analysts, the day often starts and ends deep in a queue of alerts, chasing down what turns out to be false positives, or switching between half a dozen tools to piece together context. The work is repetitive, time-consuming, and high-stakes, leaving SOCs under constant pressure … Read More “AI SOC 101: Key Capabilities Security Leaders Need to Know – The Hacker News” »
Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0. “An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] … Read More “Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code – The Hacker News” »
When it comes to transcribing videos, technical jargon can pose several challenges. However, with the right approach, you… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Mayor of St. Paul, Minnesota, Melvin Carter, confirmed that employee data was published online by the Interlock ransomware gang – Read More –
The AI revolution isn’t coming. It’s already here. From copilots that write our emails to autonomous agents that can take action without us lifting a finger, AI is transforming how we work. But here’s the uncomfortable truth: Attackers are evolving just as fast. Every leap forward in AI gives bad actors new tools — deepfake … Read More “Webinar: What the Next Wave of AI Cyberattacks Will Look Like — And How to Survive – The Hacker News” »
The US Department of Justice has announced the seizure of domains, servers and $1m in proceeds from the BlackSuit ransomware group – Read More –
Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release. Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are rated Moderate, and one is rated Low … Read More “Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws – The Hacker News” »
Microsoft announced updates for 107 vulnerabilities on Patch Tuesday, including one zero-day – Read More –
In 2025, the semiconductor supply chain in the world is at its most volatile. Having been previously run on… The post Securing the Semiconductor Supply Chain: 2025 Landscape appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of advanced persistent threat (APT) groups, such as DLL side-loading, process injection, and the ability … Read More “Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics – The Hacker News” »
Microsoft today released updates to fix more than 100 security flaws in its Windows operating systems and other software. At least 13 of the bugs received Microsoft’s most-dire “critical” rating, meaning they could be abused by malware or malcontents to gain remote access to a Windows system with little or no help from users. August’s … Read More “Microsoft Patch Tuesday, August 2025 Edition – Krebs on Security” »
Microsoft’s August Patch Tuesday fixes 107 vulnerabilities, including 13 critical RCE flaws, impacting Windows, Office, Azure, and more,… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Connex Credit Union breach exposes data of 172000 members, legal probe launched, experts urge victims to monitor accounts… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Microsoft’s monthly batch of patches includes a vulnerability affecting on-premises Microsoft Exchange servers that the company and federal authorities warned about in a series of alerts last week. In its latest security update Tuesday, Microsoft maintained the flaw hasn’t been exploited in the wild and designated the exploitability of the defect — CVE-2025-53786 — as … Read More “Microsoft Patch Tuesday follows SharePoint attacks, Exchange server warnings – CyberScoop” »
New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident. More troubling is the fact that other images have been built on top of these infected base images, effectively propagating the infection further in a transitive manner, Binarly REsearch … Read More “Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks – The Hacker News” »
We’ve made it through hacker summer camp and made our way to the second Tuesday of the month. Adobe and Microsoft seemed to have survived as well, as they released their latest security patches. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If … Read More “The August 2025 Security Update Review – Zero Day Initiative – Blog” »
Cybersecurity researchers are warning of a “significant spike” in brute-force traffic aimed at Fortinet SSL VPN devices. The coordinated activity, per threat intelligence firm GreyNoise, was observed on August 3, 2025, with over 780 unique IP addresses participating in the effort. As many as 56 unique IP addresses have been detected over the past 24 … Read More “Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager – The Hacker News” »
On Aug. 7, OpenAI released GPT-5, its newest frontier large language model, to the public. Shortly after, all hell broke loose. Billed as faster, smarter and more capable tools for enterprise organizations than previous models, GPT-5 has instead met an angry user base that has found its performance and reasoning skills wanting. And in the … Read More “Guess what else GPT-5 is bad at? Security – CyberScoop” »
An ongoing data extortion campaign targeting Salesforce customers may soon turn its attention to financial services and technology service providers, as ShinyHunters and Scattered Spider appear to be working hand in hand, new findings show. “This latest wave of ShinyHunters-attributed attacks reveals a dramatic shift in tactics, moving beyond the group’s previous credential theft and … Read More “Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses – The Hacker News” »
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Ashlar-Vellum Equipment: Cobalt, Xenon, Argon, Lithium, Cobalt Share Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The … Read More “Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share – All CISA Advisories” »
In a new investigation launched at DEFCON 33, Analyst1’s Jon DiMaggio revealed probable Russian government involvement in the Kaseya attack – Read More –
A new report from Bitdefender reveals the Russian-linked hacking group Curly COMrades is targeting Eastern Europe with a… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A new technique has bypassed GPT-5’s safety systems via narrative-driven steering to elicit harmful output – Read More –
The United States Department of Justice has revealed that the recent takedown of the BlackSuit ransomware gang’s servers, domains, and dark web extortion site, also saw the seizure of US $1,091,453 worth of cryptocurrency. Read more in my article on the Hot for Security blog. – Read More – Graham Cluley
In episode 63 of The AI Fix, Unitree Robotics looks to Black Mirror episode “Metalhead” for tips on marketing its new robot dog, ChatGPT is secretly running Sweden, OpenAI introduces its first open weight model since GPT-2, and your private and personal ChatGPT conversations could be all over Google. Plus, Mark cuts through the GPT-5 … Read More “The AI Fix #63: GPT-5 is the best AI ever, and Jim Acosta interviews a murdered teenager’s avatar – Graham Cluley” »
Over 29,000 Microsoft Exchange servers remain unpatched against a vulnerability that could allow attackers to seize control of entire domains in hybrid cloud environments – Read More –
The sophisticated campaign aims to steal credentials of sponsor license holders to facilitate immigration fraud, extortion and other monetization schemes – Read More –
A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks. “They repeatedly tried to extract the NTDS database from domain controllers — the primary repository for user password hashes and authentication data in … Read More “New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks – The Hacker News” »
Rapid7 found that threat actors are able to purchase low-cost initial access broker services, with many packages offering a variety of options – Read More –
While “fairly primitive”, APT28’s LameHug was a testbed for future AI-powered attacks, said two MITRE experts during Black Hat USA 2025 – Read More –
NIST will host a public webinar to discuss the recently released final version of Special Publication 800-63, Digital Identity Guidelines, Revision 4, which intends to respond to the changing digital landscape that has emerged since the last major – Read More – News and Events Feed by Topic
St. Paul hit by Interlock ransomware attack, 43GB of sensitive data leaked, city refuses ransom, launches Operation Secure… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Most security tools can’t see what happens inside the browser, but that’s where the majority of work, and risk, now lives. Security leaders deciding how to close that gap often face a choice: deploy a dedicated Enterprise Browser or add an enterprise-grade control layer to the browsers employees already use and trust. The Ultimate Battle: … Read More “The Ultimate Battle: Enterprise Browsers vs. Secure Browser Extensions – The Hacker News” »
New threat intelligence points to targeting of financial services and technology sectors by ShinyHunters group – Read More –
A vulnerability in Microsoft Exchange leaves over 29,000 servers vulnerable. Learn how this unpatched security hole could compromise… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix NetScaler ADC products to breach organizations in the country. The NCSC-NL said it discovered the exploitation of CVE-2025-6543 targeting several critical organizations within the Netherlands, and that investigations are ongoing to determine the – … Read More “Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors – The Hacker News” »
Threat actors have stolen data on at least half a million cancer screening patients – Read More –
Posted by Security Explorations on Aug 12 Dear All, PlayReady Communication Protocols [1] include services for PlayReady clients (such as Secure Clock), device owner’s services (Activation / Provisioning) and content service (License Server). Back in 2022, we reported to Microsoft an issue pertaining to no auth at PlayReady license server end, which was evaluated … Read More “PlayReady Activation protocol issues (weak auth / fake client identities) – Full Disclosure” »
Posted by Security Explorations on Aug 12 Dear All, On Jul 28, 2025 we provided Kigen with a report describing new security issue potentially affecting company’s eUICC cards. We did it regardless of Kigen refusal to provide us with patches / patching instructions, so that we could verify the content / quality of the … Read More “Kigen eUICC issue (custom backdoor vs. FW update bug) – Full Disclosure” »
SonicWall insists a spree of ransomware attacks hitting its Gen 7 firewalls is not linked to a zero-day vulnerability, but rather a critical defect the company previously disclosed and patched last summer in its network security operating system. The vendor disputed initial assessments from outside researchers suggesting the speed and scale of the attacks pointed … Read More “SonicWall pins firewall attack spree on year-old vulnerability – CyberScoop” »
A security vulnerability in a major carmaker’s online portal exposed customer data and could have let hackers remotely… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Using a seven-year-old vulnerability, researchers said they were able to realistically leak private data from public clouds, suggesting that a “lack of concern” about such supposedly impractical attacks is misguided, according to a presentation delivered Monday. The anonymous researchers presented their findings at a hacker conference, WHY2025, in the Netherlands, and they leaned on the … Read More “Researchers determine old vulnerabilities pose real-world threat to sensitive data in public clouds – CyberScoop” »
The digital landscape for federal agencies is a constantly evolving battlefield. Adversaries are leveraging rapidly advancing technologies, including artificial intelligence, to devise more sophisticated attacks, while government leaders strive to keep up by modernizing systems and fortifying security measures. This creates an urgent, almost daily re-evaluation of strategies. One of the most significant pain points … Read More “Why cyber modernization requires partners with technical plus acquisition expertise – CyberScoop” »
Using a seven-year-old vulnerability, researchers said they were able to realistically leak private data from public clouds, suggesting that a “lack of concern” about such supposedly impractical attacks is misguided, according to a presentation delivered Monday. The anonymous researchers presented their findings at a hacker conference, WHY2025, in the Netherlands, and they leaned on the … Read More “Researchers determine old vulnerabilities pose real-world threat to sensitive data in public clouds – CyberScoop” »
The Federal Communications Commission has adopted new rules to make it more difficult for foreign firms to apply for licensing to build out submarine cables, citing the need to protect the continued construction of critical undersea cables that underpin the internet and transcontinental communications. The rules would require the FCC to presumptively deny “certain foreign … Read More “FCC tightens rules on foreign firms building undersea cables, citing security – CyberScoop” »
Three Ghanaian men have been extradited to the US over $100 million fraud involving romance scams and business… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A national security-focused Commerce Department component would get fresh IT investments to help keep dual-use U.S. technologies from ending up in the wrong hands under a bill reintroduced late last week by a bipartisan pair of House lawmakers. The Bureau of Industry and Security IT Modernization Act from Reps. Jason Crow, D-Colo., and Tom Kean, … Read More “House lawmakers seek better tech for Commerce in fight against foreign powers – CyberScoop” »
