Cybersecurity News from Across the Internet
Threat researchers at AimLabs on Friday disclosed a data-poisoning attack affecting the AI-powered code editing software Cursor that would have given an attacker remote code execution privileges over user devices. According to AimLabs, the flaw was reported to Cursor on July 7 and a patch was included in an update one day later for version … Read More “Cursor’s AI coding agent morphed ‘into local shell’ with one-line prompt attack – CyberScoop” »
Social engineering — an expanding variety of methods that attackers use to trick professionals to gain access to their organizations’ core data and systems — is now the top intrusion point globally, attracting an array of financially motivated and nation-state backed threat groups. More than one-third (36%) of the incident response cases Palo Alto Networks’ … Read More “Social engineering attacks surged this past year, Palo Alto Networks report finds – CyberScoop” »
Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution. The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed EchoLeak. … Read More “Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection – The Hacker News” »
San Francisco, California, 1st August 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Cybersecurity researchers have detailed a new cluster of activity where threat actors are impersonating enterprises with fake Microsoft OAuth applications to facilitate credential harvesting as part of account takeover attacks. “The fake Microsoft 365 applications impersonate various companies, including RingCentral, SharePoint, Adobe, and Docusign,” Proofpoint said in a Thursday report. The – Read More – … Read More “Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts – The Hacker News” »
U.S. intelligence agencies launched cyberattacks on two Chinese military enterprises dating back to 2022, in one case exploiting a Microsoft zero-day, China alleged Friday. The Cyber Security Association of China said that in the first case, U.S. agencies from July of 2022 to July of 2023 “exploited a zero-day vulnerability in Microsoft Exchange Mail to … Read More “China accuses US of exploiting Microsoft zero-day in cyberattack – CyberScoop” »
Cybersecurity researchers have flagged a malicious npm package that was generated using artificial intelligence (AI) and concealed a cryptocurrency wallet drainer. The package, @kodane/patch-manager, claims to offer “advanced license validation and registry optimization utilities for high-performance Node.js applications.” It was uploaded to npm by a user named “Kodane” on July 28, 2025. The – Read … Read More “AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown – The Hacker News” »
Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them The junk food problem in cybersecurity Imagine a triathlete who spares no expense on equipment—carbon fiber bikes, hydrodynamic wetsuits, precision GPS … Read More “You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them – The Hacker News” »
Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems – Read More –
Spikes in attacker activity precede the disclosure of vulnerabilities 80% of the time, according to a new GreyNoise report – Read More –
The NIST National Cybersecurity Center of Excellence (NCCoE) has released a second public draft of NIST Internal Report 8536, Supply Chain Traceability: Manufacturing Meta-Framework for public comment. We thank everyone who submitted comments on the – Read More – News and Events Feed by Topic
The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations. The framework includes at least two different types of clients, HTTP-based and Domain Name System (DNS)-based, which have been dubbed AK47HTTP and … Read More “Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks – The Hacker News” »
Flashpoint data reveals an 800% increase in credentials stolen via infostealers in just six months – Read More –
The UK’s AI Security Institute has announced a new AI misalignment research program – Read More –
If you just want to read the rules, you can find them here. Last year, we moved our consumer-focused Pwn2Own event to our offices in Cork, Ireland, and the event could not have gone better. Despite some dreary Irish skies, much fun was had as researchers from around the world demonstrated their best exploits – … Read More “Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target – Zero Day Initiative – Blog” »
Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Beware of Epsilon Red ransomware as attackers impersonate Discord, Twitch and OnlyFans using fake verification pages with .HTA files and ActiveX to spread malware. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow. “ApolloShadow has the capability to install a trusted root certificate … Read More “Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies – The Hacker News” »
Security Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes are growing more complex, and security teams are chronically understaffed. Analysts face a daily battle with alert noise, fragmented tools, and incomplete data visibility. At the same time, more vendors are phasing out their on-premises SIEM solutions, encouraging migration to … Read More “Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs – The Hacker News” »
The financially motivated threat actor known as UNC2891 has been observed targeting Automatic Teller Machine (ATM) infrastructure using a 4G-equipped Raspberry Pi as part of a covert attack. The cyber-physical attack involved the adversary leveraging their physical access to install the Raspberry Pi device and have it connected directly to the same network switch as … Read More “UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud – The Hacker News” »
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Güralp Systems Equipment: Güralp FMUS Series Seismic Monitoring Devices Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device. 3. TECHNICAL DETAILS … Read More “Güralp Systems Güralp FMUS series – All CISA Advisories” »
Federal analysts are still sizing up what the Chinese hackers known as Volt Typhoon, who penetrated U.S. critical infrastructure to maintain access within those networks, might have intended by setting up shop there, a Cybersecurity and Infrastructure Security Agency official said Thursday. “We still don’t actually know what the result of that is going to … Read More “Feds still trying to crack Volt Typhoon hackers’ intentions, goals – CyberScoop” »
Threat actors are actively exploiting a critical security flaw in “Alone – Charity Multipurpose Non-profit WordPress Theme” to take over susceptible sites. The vulnerability, tracked as CVE-2025-5394, carries a CVSS score of 9.8. Security researcher Thái An has been credited with discovering and reporting the bug. According to Wordfence, the shortcoming relates to an arbitrary … Read More “Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install – The Hacker News” »
Cybersecurity researchers have disclosed details of a new phishing campaign that conceals malicious payloads by abusing link wrapping services from Proofpoint and Intermedia to bypass defenses. “Link wrapping is designed by vendors like Proofpoint to protect users by routing all clicked URLs through a scanning service, allowing them to block known malicious destinations at the … Read More “Experts Detect Multi-Layer Redirect Tactic Used to Steal Microsoft 365 Login Credentials – The Hacker News” »
Summary The Cybersecurity and Infrastructure Security Agency (CISA) and U.S. Coast Guard (USCG) are issuing this Cybersecurity Advisory to present findings from a recent CISA and USCG hunt engagement. The purpose of this advisory is to highlight identified cybersecurity issues, thereby informing security defenders in other organizations of potential similar issues and encouraging them to … Read More “CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization – All CISA Advisories” »
A Russian nation-state threat group has been spying on foreign diplomats, managing continuous access to their communications and data in Moscow since at least 2024, according to Microsoft Threat Intelligence. Secret Blizzard is gaining “adversary-in-the-middle” positions on Russian internet service providers and telecom networks by likely leveraging surveillance tools and deploying malware on targeted devices, … Read More “Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow – CyberScoop” »
The DoubleTrouble Android banking Trojan has evolved, using Discord for delivery and introducing several new features – Read More –
Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thorium, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams’ capabilities by automating analysis workflows through seamless integration of commercial, open-source, and custom tools. It supports various mission functions, including software analysis, digital forensics, and … Read More “Thorium Platform Public Availability – All CISA Advisories” »
CISA has launched a new tool to streamline cyber incident response and aid in adversary eviction – Read More –
Researchers identify a new SS7 encoding attack used by a surveillance vendor to bypass security and access mobile subscriber data without detection. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Post Content – Read More – IC3.gov News
Semperis found that executives were physically threatened in 40% of ransomware incidents, in a bid to pressure victims to pay demands – Read More –
The North Korea-linked threat actor known as UNC4899 has been attributed to attacks targeting two different organizations by approaching their employees via LinkedIn and Telegram. “Under the guise of freelance opportunities for software development work, UNC4899 leveraged social engineering techniques to successfully convince the targeted employees to execute malicious Docker containers in their – Read … Read More “N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto – The Hacker News” »
Cybersecurity trends in 2025 reveal rising AI threats, quantum risks, and supply chain attacks, pushing firms to adapt or face major data and financial losses. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
As the Trump administration has sought to muscle through changes to election laws and rules across the country, Democrats in Congress have steadily escalated their concerns about the potential for disenfranchisement. At a public forum Wednesday held by Democratic lawmakers focused on elections and voter suppression, Sen. Alex Padilla, D-Calif., ranking member on the Senate … Read More “Senate Democrats call Trump admin’s focus on state voter rolls a pretext for disenfranchisement – CyberScoop” »
The viral women-only dating safety app Tea, built to flag red flags, gets flagged itself – after leaking over 70,000 private images and chat logs. We are talking full-on selfies, ID docs, private DMs, and a dash of 4chan creepiness. Yikes. Plus, Carole takes us down memory lane as she hangs up her co-host mic … Read More “Smashing Security podcast #428: Red flags, leaked chats, and a final farewell – Graham Cluley” »
Google this week changed how it publicly discloses vulnerabilities in a bid to give defenders early details about new software defects it discovers, shortening the early window of time between a vendor releasing a patch and customers installing the security update. Project Zero, Google’s squad of security researchers who find and study zero-day vulnerabilities, will … Read More “Project Zero disclosure policy change puts vendors on early notice – CyberScoop” »
Man in the Prompt attack shows how browser extensions can exploit ChatGPT, Gemini and other AI tools to steal data or inject hidden prompts. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A bipartisan pair of senators are introducing legislation Thursday that would direct a White House office to develop a strategy for reckoning with the cybersecurity ramifications of quantum computers, and require agencies to begin pilot programs on quantum-safe encryption. Sens. Gary Peters, D-Mich., and Marsha Blackburn, R-Tenn., say the National Quantum Cybersecurity Migration Strategy Act … Read More “Senate legislation would direct federal agencies to fortify against quantum computing cyber threats – CyberScoop” »
As the Trump administration has sought to muscle through changes to election laws and rules across the country, Democrats in Congress have steadily escalated their concerns about the potential for disenfranchisement. At a public forum Wednesday held by Democratic lawmakers focused on elections and voter suppression, Sen. Alex Padilla, D-Calif., ranking member on the Senate … Read More “Senate Democrats call Trump admin’s focus on state voter rolls a pretext for disenfranchisement – CyberScoop” »
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install … Read More “Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
The arrest of members of the Scattered Spider cyber-attack group have temporarily halted new intrusions, however, similar threat actors continue to pose risks – Read More –
Avast researchers shared a step-by-step guide to decrypt files for victims of FunkSec ransomware – Read More –
Overview Join the NIST National Cybersecurity Center of Excellence (NCCoE) on August 27, 2025 for a virtual event dedicated to exploring Secure Software Development, Security, and Operations (DevSecOps) practices. This interactive event will showcase – Read More – News and Events Feed by Topic
Experts argue that password managers are still useful despite Microsoft Authenticator ditching its capabilities – Read More –
North Korea’s Lazarus Group has been blamed for a cyber-espionage campaign using open source packages – Read More –
watchTowr’s latest research details critical SonicWall SMA100 flaws (CVE-2025-40596, 40597, 40598). Discover how pre-auth stack/heap overflows and XSS put SSL-VPNs at risk. Patch now! – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The FISSEA Forums are quarterly meetings to provide opportunities for policy and programmatic updates, the exchange of best practices, and discussion and engagement among members of the Federal Information Security Educators (FISSEA) community – Read More – News and Events Feed by Topic
Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript (JSC) malware called JSCEAL that can capture data from credentials and wallets. The activity leverages thousands of malicious advertisements posted on Facebook in an attempt to redirect unsuspecting victims to counterfeit sites that instruct … Read More “Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps – The Hacker News” »
Today, CISA released the Eviction Strategies Tool to provide cyber defenders with critical support and assistance during the containment and eviction phases of incident response. This tool includes: Cyber Eviction Strategies Playbook Next Generation (Playbook-NG): A web-based application for next-generation operations. COUN7ER: A database of atomic post-compromise countermeasures users can execute based on adversary tactics, … Read More “Eviction Strategies Tool Released – All CISA Advisories” »
