State-owned Aeroflot cancels dozens of flights, stranding travelers throughout Russia. Russia’s biggest airline cancelled dozens of flights on Monday following a failure of th
Published: 2025-07-28T18:15:25
As BlackSuit's dark web site goes dark, Chaos is already around to pick up the slack. Hot on the heels of a major ransomware group being taken down through an international la
Published: 2025-07-26T00:21:30
Customers will get patches at unspecified "later date," Broadcom says. Some VMware perpetual license holders are currently unable to download security patches, The Register re
Published: 2025-07-24T17:51:43
Easy to exploit. Unauthenticated access. Massive reach. ToolShell has it all. Government agencies and private industry have been under siege over the past four days following
Published: 2025-07-23T20:14:40
Ongoing attacks are allowing hackers to steal credentials giving privileged access. Authorities and researchers are sounding the alarm over the active mass exploitation of a h
Published: 2025-07-21T19:30:09
Contrary to recent reports, phishing sleight-of-hand doesn't defeat FIDO. Researchers recently reported encountering a phishing attack in the wild that bypasses a multifactor
Published: 2025-07-18T19:07:21
The repository offered the MaaS a distribution channel not blocked in many networks. Researchers from Cisco’s Talos security team have uncovered a malware-as-a-service operato
Published: 2025-07-17T22:16:09
Knowledge workers will be most affected Microsoft researchers have found that people get the most use of AI for writing and knowledge work, but they offer some comfort to worried white-collar workers, saying that their jobs may only change rather tha
Published: 2025-07-29T21:32:08
Malicious actor reportedly sought to expose AWS 'security theater' The official Amazon Q extension for Visual Studio Code (VS Code) was compromised to include a prompt to wipe the user's home directory and delete all their AWS resources.
Published: 2025-07-24T14:26:10
The "is" package was infected with cross-platform malware after a scam targeting maintainers The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatt
Published: 2025-07-24T10:01:05
Lovense, the maker of internet-connected sex toys, left user emails exposed for months even after it became aware of the vulnerability. In a blog post spotted by TechCrunch and Bleeping Computer, security researcher BobDaHacker found that they could turn any username into their email address, which they could then use to take over someone's […] 
Lovense, the maker of internet-connected sex toys, left user emails exposed for months even after it became aware of the vulnerability. In a blog post spotted by TechCrunch and Bleeping Computer, security researcher BobDaHacker found that they co...
Published: 2025-07-29T18:07:51
Google Workspace is launching a new security measure to help prevent the same type of account takeover attack that impacted Linus Tech Tips. The feature, which is rolling out in beta for Chrome users on Windows, is designed to block bad actors from remotely stealing the cookies that keep you logged in to your Workspace […] 
Google Workspace is launching a new security measure to help prevent the same type of account takeover attack that impacted Linus Tech Tips. The feature, which is rolling out in beta for Chrome users on Windows, is designed to block bad actors from...
Published: 2025-07-29T10:00:00
An app designed to help women spot the "red flags" of men they date has incidentally put its users at risk. 404 Media reported that Tea was hacked by 4chan users last week, resulting in the selfies and driver's licenses of its mostly women users being posted to 4chan. An independent researcher for 404 Media […] 
An app designed to help women spot the "red flags" of men they date has incidentally put its users at risk. 404 Media reported that Tea was hacked by 4chan users last week, resulting in the selfies and driver's licenses of its mostly women users be...
Published: 2025-07-28T16:22:15
People across the United Kingdom have been faced with a censored and partially inaccessible online landscape since the country introduced its latest digital safety rules on Friday. The Online Safety Act mandates that web service operators must use "highly effective" age verification measures to stop kids from accessing a wide range of material, on penalty […] 
People across the United Kingdom have been faced with a censored and partially inaccessible online landscape since the country introduced its latest digital safety rules on Friday. The Online Safety Act mandates that web service operators must use ...
Published: 2025-07-28T13:05:25
Microsoft CEO Satya Nadella didn t send a company-wide memo when the software maker laid off as many as 9,000 employees earlier this month. Now, Nadella is finally addressing what's on many Microsoft employees minds: layoffs. I want to speak to what's been weighing heavily on me, and what I know many of you are thinking […] 
Microsoft CEO Satya Nadella didn’t send a company-wide memo when the software maker laid off as many as 9,000 employees earlier this month. Now, Nadella is finally addressing what’s on many Microsoft employees’ minds: layoffs. “I want to speak to w...
Published: 2025-07-24T12:56:44
Proton, the company behind the encrypted email service Proton Mail, has launched an AI assistant aimed at preserving user privacy. The new chatbot, called Lumo, can summarize documents, generate code, write emails, and more, while storing data locally on users devices. Proton says it will protect this information using zero-access encryption, which grants users an […] 
Proton, the company behind the encrypted email service Proton Mail, has launched an AI assistant aimed at preserving user privacy. The new chatbot, called Lumo, can summarize documents, generate code, write emails, and more, while storing data loca...
Published: 2025-07-23T06:00:00
Hours after Microsoft revealed that hacking groups affiliated with the Chinese government have been exploiting a flaw in its SharePoint software, Bloomberg reported that the National Nuclear Security Administration was also breached in the attacks. A single source told Bloomberg that the agency, which provides the US Navy with nuclear reactors for submarines, was caught […] 
Hours after Microsoft revealed that hacking groups affiliated with the Chinese government have been exploiting a flaw in its SharePoint software, Bloomberg reported that the National Nuclear Security Administration was also breached in the attacks....
Published: 2025-07-23T04:24:26
Some of the attacks that targeted organizations using an exploit in Microsoft's SharePoint server platform over the last few days have been linked to hacking groups affiliated with the Chinese government, according to a new Microsoft security blog. As of this writing, Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, […] 
Some of the attacks that targeted organizations using an exploit in Microsoft’s SharePoint server platform over the last few days have been linked to hacking groups affiliated with the Chinese government, according to a new Microsoft security blog....
Published: 2025-07-22T12:13:36
Mayor Eric Adams announced over the weekend that New York City will send users real-time public safety alerts based on their specific location through the crime-tracking app Citizen. The city also announced that public safety agencies, like the New York City Police Department, Fire Department, and Emergency Management, will have access to a portal to […] 
Mayor Eric Adams announced over the weekend that New York City will send users real-time public safety alerts based on their specific location through the crime-tracking app Citizen. The city also announced that public safety agencies, like the New...
Published: 2025-07-21T17:55:12
The ultimate source for The New York Times' story about Zohran Mamdani's college application is an open secret. It's an anime-loving neo-Nazi whose hobbies include furry drawings, posting fan art of a video game character, and hacking universities. On X, the alleged hacker is followed by New York Times freelancer Benjamin Ryan, who was the […] 
The ultimate source for The New York Times' story about Zohran Mamdani's college application is an open secret. It's an anime-loving neo-Nazi whose hobbies include furry drawings, posting fan art of a video game character, and hacking universities....
Published: 2025-07-21T10:25:45
Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state's capital, on Friday. [...]
Published: 2025-07-29T14:58:19
Aeroflot, Russia's flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights. [...]
Published: 2025-07-29T13:51:30
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. [...]
Published: 2025-07-29T12:10:42
Orange, a French telecommunications company and one of the world's largest telecom operators, revealed that it detected a breached system on its network on Friday. [...]
Published: 2025-07-29T10:28:08
FBI Dallas has seized almost 23 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies. [...]
Published: 2025-07-29T09:52:41
Think passkeys make you phishing-proof? Think again. Attackers are using downgrade attacks, device-code phishing, and OAuth tricks to sneak past modern MFA. See how Push Security shuts them down. [...]
Published: 2025-07-29T09:50:59
Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse hosted on the official website between June 26 and July 9, 2025. [...]
Published: 2025-07-28T14:48:07
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). [...]
Published: 2025-07-28T13:29:23
Written by: Josh Goddard, Zander Work, Dimiter Andonov Introduction Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-lif
Published: 2025-07-16T14:00:00
KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure p... 
Published: 2025-07-24T17:57:06
On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used th... 
Published: 2025-07-21T14:45:46
The security nerds' equivalent of the Epstein files saga The US Cybersecurity and Infrastructure Security Agency on Tuesday finally agreed to make public an unclassified report from 2022 about American telecommunications networks' poor security practices.
Published: 2025-07-29T22:46:22
New malware, even better social engineering chops The FBI and a host of international cyber and law enforcement agencies on Tuesday warned that Scattered Spider extortionists have changed their tactics and are now breaking into victims' networks using savvier social engineering techniques, searching for organizations' Snowflake database credentials, and deploying a handful of new ransomware variants, most recently DragonForce.
Published: 2025-07-29T20:20:10
5 V-tolerant GPIO opens the way to some intriguing retro-nerdery The Raspberry Pi team has released an update to the RP2350 microcontroller with bug fixes, hardening, and a GPIO tweak that will delight retro hardware enthusiasts.
Published: 2025-07-29T13:44:14
Troopers to swap radios for Turtle Beaches in preparation for 21st century challenges The UK's Ministry of Defence (MoD) is doubling down on its endorsement of esports by tasking the British Esports Federation to establish a new tournament to upskill existing servicepeople in the digital skirmishes.
Published: 2025-07-29T11:31:06
Look over there! Amidst its own failure to fix a couple of bugs now under mass exploitation and being abused for espionage, data theft, and ransomware infections, Microsoft said Monday that it spotted a macOS vulnerability some months ago that could allow attackers to steal private data. Redmond reported the bug to Cupertino, which issued a fix back in March.
Published: 2025-07-28T22:41:24
Plus, 60% don't have enough analysts to make sense of it Too many threats, too much data, and too few skilled security analysts are making companies more vulnerable to cyberattacks, according to the IT and security leaders tasked with protecting these organizations from digital threats.
Published: 2025-07-28T21:21:10
No word on who's behind it, but attack has hallmarks of the usual suspects Financial services biz Allianz says the majority of customers of one of its North American subsidiaries had their data stolen in a cyberattack.
Published: 2025-07-28T14:31:12
Russia's top airline cancels 49 flights, delays affect many more Russia's largest airline, Aeroflot, canceled numerous flights on Monday morning following what it says was a failure in its IT systems - something hacktivists are claiming responsiblity for.
Published: 2025-07-28T12:14:08
Plus, leak site for BlackSuit seized, Tea spilt, and avoid crime if you've got a famous dad Infosec in brief A computer intrusion hit the US spy satellite agency, but officials insist no classified secrets were lost - just some unclassified ones, apparently.
Published: 2025-07-28T00:29:06
Surveillance-based pricing? Two lawmakers say enough Two Democratic members of Congress, Greg Casar (D-TX) and Rashida Tlaib (D-MI,) have introduced legislation in the US House of Representatives to ban the use of AI surveillance to set prices and wages.
Published: 2025-07-26T13:15:06
Follow the MAPP A week after Microsoft told the world that its July software updates didn't fully fix a couple of bugs, which allowed miscreants to take over on-premises SharePoint servers and remotely execute code, researchers have assembled much of the puzzle with one big missing piece.
Published: 2025-07-26T11:28:10
AT&T and Verizon refused to hand over the security assessments, says Cantwell US Senator Maria Cantwell (D-WA) has demanded that Google-owned incident response firm Mandiant hand over the Salt Typhoon-related security assessments of AT&T and Verizon that, according to the lawmaker, both operators have thus far refused to give Congress.
Published: 2025-07-25T19:55:32
Malicious code lurking in over 5,000 downloads, says Socket researcher Developer freelancing platform Toptal has been inadvertently spreading malicious code after attackers broke into its systems and began distributing malware through developer accounts.
Published: 2025-07-25T14:28:07
Under oath in French Senate, exec says it would be compelled however unlikely to pass local customer info to US admin Microsoft says it "cannot guarantee" data sovereignty to customers in France and by implication the wider European Union should the Trump administration demand access to customer information held on its servers.
Published: 2025-07-25T13:00:08
Policy management not affected, but some personal data may have been snaffled Updated Business insurance and employment status specialist Qdos has confirmed that an intruder has stolen some customers personal data, according to a communication to tech contractors that was seen by The Register.
Published: 2025-07-25T10:09:28
Nobody thinks of running a website without HTTPs. Safer DNS still seems optional Systems Approach Last week I turned on DNSSEC (Domain Name System Security Extensions) for the systemsapproach.org domain. No need to applaud; I was just trying to get an understanding of what the barriers to adoption might be while teaching myself about the technology.
Published: 2025-07-25T06:26:14
Plus she has to cough up a slice of Pyongyang's payday An Arizona woman who ran a laptop farm from her home - helping North Korean IT operatives pose as US-based remote workers - has been sentenced to eight and a half years behind bars for her role in a $17 million fraud that hit more than 300 American companies.
Published: 2025-07-24T22:29:31
Good luck getting an appointment with your doctor The AMEOS Group, which runs over 100 hospitals across Europe, has shut down its entire network after crims busted in.
Published: 2025-07-24T21:08:06
Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it Threat actors have actively exploited a newly patched vulnerability in Cisco's Identity Services Engine (ISE) software since early July, weeks before the networking giant got around to issuing a fix.
Published: 2025-07-24T18:28:08
Boffins insist your deepfake tracking tech won't work Computer scientists with the University of Waterloo in Ontario, Canada, say they've developed a way to remove watermarks embedded in AI-generated images.
Published: 2025-07-24T17:45:10
Let the games begin Ransomware has officially entered the Microsoft SharePoint exploitation ring.
Published: 2025-07-24T16:54:48
Some coyotes hunt squirrels, this one hunts users' financial apps A new variant of the Coyote banking trojan abuses Microsoft's UI Automation (UIA), making it the first reported malware to use UIA for credential theft.
Published: 2025-07-24T15:45:15
Palantir, data brokers, and judicial overreach are all on the horizon, executive director Cindy Cohn warns Interview In July 1990, before the World Wide Web even existed, an unusual alliance was formed to fight for the rights of the emerging online community.
Published: 2025-07-24T15:15:11
Malicious actor reportedly sought to expose AWS 'security theater' The official Amazon Q extension for Visual Studio Code (VS Code) was compromised to include a prompt to wipe the user's home directory and delete all their AWS resources.
Published: 2025-07-24T14:26:10
French fashion house dishes out notices after hackers raided a client database ShinyHunters suspected Updated Fashion house Dior has begun dropping data breach notices after cybercrooks with a taste for high-end targets made off with customer data.
Published: 2025-07-24T11:01:05
The "is" package was infected with cross-platform malware after a scam targeting maintainers The popular npm package "is" was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.
Published: 2025-07-24T10:01:05
From scams to violence, the crimes extend beyond the digital realm A subset of an online group that recruits children and teens for contract shootings, kidnappings, and other real-life violent crimes poses a growing threat to youth, according to the FBI.
Published: 2025-07-23T20:46:10
No screenshots for you! In an effort to protect user privacy, Brave browser 1.81 will prevent Microsoft Recall from screenshotting it by default.
Published: 2025-07-23T20:15:06
US DOE among breached government agencies More than 400 organizations have been compromised in the Microsoft SharePoint attack, according to Eye Security, which initially sounded the alarm on the mass exploitation last Friday, even before Redmond confirmed the critical vulnerabilities.
Published: 2025-07-23T18:05:38
Despite pledging help for those who don't sign for subs, Broadcom says validating their entitlements will delay support Exclusive Some customers of Broadcom's VMware business currently cannot access security patches, putting them at greater risk of attack.
Published: 2025-07-23T16:01:06
All security questions are hard to answer, but these three are non-negotiable Partner content We've all seen those seemingly straightforward security questions that snowball into multi-day research projects across dozens of consoles, spreadsheets, and manual queries. The reality is that even the most fundamental security questions are notoriously difficult to answer with certainty.
Published: 2025-07-23T15:00:13
Hand us the mind bleach, we want to flush our memories of attack Clorox is suing its service desk provider, Cognizant, for $380 million in a California state court, alleging the IT support crew "enabled a cybercriminal to gain a foothold in Clorox's network" by handing over staffers' passwords to attackers after they simply requested them.
Published: 2025-07-23T13:45:09
Total Recall: Capturing everything you do on your PC screen to become a 'true companion' Microsoft is again throwing AI at Windows 11 to see what sticks, releasing features including the even more eyebrow-raising successor to its controversial Recall, a screen-streaming remotely processed backseat driver dubbed Copilot Vision.
Published: 2025-07-23T13:01:14
Suggests buying local tech to avoid infosec worries China's Ministry of State Security has spent the week warning of backdoored devices on land and at sea.
Published: 2025-07-23T03:08:06
CyberSentry work grinds to a halt Government funding for a program that hunts for threats on America's critical infrastructure networks expired on Sunday, preventing Lawrence Livermore National Laboratory from analyzing activity that could indicate a cyberattack, the program director told Congress on Tuesday.
Published: 2025-07-22T21:06:33
The distro's greatest asset is arguably also its greatest weakness If you installed the Firefox, LibreWolf, or Zen web browsers from the Arch User Repository (AUR) in the last few days, delete them immediately and install fresh copies.
Published: 2025-07-22T17:43:14
With more to come, no doubt At least three Chinese groups are attacking on-premises SharePoint servers via a couple of recently disclosed Microsoft bugs, according to Redmond.
Published: 2025-07-22T16:40:11
Used stolen info to pitch for Chinese tech talent program A Silicon Valley engineer has pleaded guilty to stealing thousands of trade secrets worth hundreds of millions of dollars, including crucial military technology.
Published: 2025-07-22T16:13:07
Wi-Fi spy with my little eye that same guy I saw at another hotspot Researchers in Italy have developed a way to create a biometric identifier for people based on the way the human body interferes with Wi-Fi signal propagation.
Published: 2025-07-22T15:29:13
Admins urged to rotate machine keys, restart IIS after emergency fix Microsoft has good news for administrators running SharePoint Server 2016. The cloud and software megacorp has published updates to close a gaping hole in the document management service.
Published: 2025-07-22T14:32:13
'We're going to smash the business model' NHS, councils, and schools told The UK government is proposing to "ban" public sector organizations and critical national infrastructure from paying criminal operators behind ransomware attacks, under new measures outlined today.
Published: 2025-07-22T12:28:30
The modern art form that redeemed a Windows utility has lessons for all Opinion The speedrun is one of the internet's genuinely new artforms. At its best, it's akin to a virtuoso piano recital. Less emotional depth, more adrenalin. Watching an expert fly through a game creates an endorphin rush without the expense or time of doing it for yourself.
Published: 2025-07-22T10:40:38
No customer, partner info stolen, spokesperson tells The Reg Dell has confirmed that criminals broke into its IT environment and stole some of its data but told The Register that it's "primarily synthetic (fake) data."
Published: 2025-07-21T22:46:31
Move along, nothing to see here comment Here we go again. Another major Microsoft attack, with this one seeing someone most likely government-backed hackers exploiting a zero-day bug in SharePoint Server that Redmond failed to fix.
Published: 2025-07-21T19:58:04
Persians added snooping capabilities to DCHSpy after Israeli bombs fell Four new samples of Android spyware linked to the Iranian Ministry of Intelligence and Security (MOIS) that collects WhatsApp data, records audio and video, and hunts for files by name, surfaced shortly after the Iran-Israel conflict began.
Published: 2025-07-21T12:00:08
Now flying again, but not saying what went wrong UPDATED US carrier Alaska Airlines has grounded its fleet due to an unspecified IT issue.
Published: 2025-07-21T06:29:12
PLUS: Perplexity AI scores 360-million-customer win in India; Australian billionaire's political party suffers data breach, won't contact victims; and more Asia In Brief Japan's National Astronomical Observatory last week announced the discovery of a small body with an orbit beyond Pluto s, and scientists think its presence means the Planet 9 theory should be revisited.
Published: 2025-07-21T05:58:11
PLUS: China upgrades smartphone surveillance tools; Ring eases anti-snooping stance; and more Infosec In Brief Microsoft has warned users of SharePoint Server that three on-prem versions of the product include a zero-day flaw that is under attack and that its own failure to completely fix past problems is the cause.
Published: 2025-07-21T00:13:28
Fancy Bear can't keep its claws out of Outlook inboxes The UK government is warning that Russia's APT28 (also known as Fancy Bear or Forest Blizzard) has been deploying previously unknown malware to harvest Microsoft email credentials and steal access to compromised accounts.
Published: 2025-07-20T11:01:11
Keep It Simple, Stupid Interview Scattered Spider and Iranian government-backed cyber units have more in common than a recent uptick in hacking activity, according to Ariel Parnes, a former colonel in the Israeli Defense Forces' cyber unit 8200.
Published: 2025-07-19T08:02:12
A law requiring UK internet users to verify their age to access adult content has led to a huge surge in VPN downloads and has experts worried about the future of free expression online.
Published: 2025-07-29T10:30:00
Starting today, UK adults will have to prove their age to access porn online. Experts warn that a global wave of age-check laws threatens to chill speech and ultimately harm children and adults alike.
Published: 2025-07-25T06:00:00
Security flaws in Airportr, a door-to-door luggage checking service used by 10 airlines, let hackers access user data and even gain privileges that would have let them redirect or steal luggage.
Published: 2025-07-24T16:00:00
Multiple hacking groups including state actors from China have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.
Published: 2025-07-23T21:59:20
On this episode of Uncanny Valley, we dive into the differences between what the US government said about a Jeffrey Epstein video it released and the story told by its metadata.
Published: 2025-07-21T16:54:08
Of those, more than 200 appear to have had outages of services related to patient care following CrowdStrike’s disastrous crash, researchers have revealed.
Published: 2025-07-19T15:54:06
Plus: Secret IRS data-sharing with ICE, a 20-year-old hackable vulnerability in train brakes, and more.
Published: 2025-07-19T10:30:00
A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus.
Published: 2025-07-18T15:28:07
Newly published research shows that the domain name system a fundamental part of the web can be exploited to hide malicious code and prompt injection attacks against chatbots.
Published: 2025-07-17T11:30:00
The US government has added the DNA of approximately 133,000 migrant children and teens to a criminal database, which critics say could mean police treat them like suspects “indefinitely.”
Published: 2025-07-16T17:30:00
A trove of 1.1 million records left accessible on the open web shows how much sensitive information can be created and made vulnerable during the adoption process.
Published: 2025-07-16T16:21:23
Metadata from the “raw” Epstein prison video shows approximately 2 minutes and 53 seconds were removed from one of two stitched-together clips. The cut starts right at the “missing minute.”
Published: 2025-07-15T19:40:27
Google has announced that it's making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a device so as to prevent threat actors from using stolen cookies to sign-in to victims' accounts and gain
Published: 2025-07-30T14:51:00
Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025. "Over the course of three days, a threat actor gained access to the customer's network, attempted to download several suspicious files and communicated with malicious infrastructure linked to Auto-Color
Published: 2025-07-30T13:20:00
Google Cloud's Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group, but emphasized the need for organizations to take advantage of the lull to shore up their defenses. "Since the recent arrests tied to the alleged Scattered Spider (UNC3944) members in the U.K., Mandiant Consulting hasn't observed any new intrusions directly
Published: 2025-07-30T11:45:00
Cybersecurity researchers have disclosed a now-patched critical security flaw in a popular vibe coding platform called Base44 that could allow unauthorized access to private applications built by its users. "The vulnerability we discovered was remarkably simple to exploit -- by providing only a non-secret 'app_id' value to undocumented registration and email verification endpoints, an attacker
Published: 2025-07-29T21:08:00
The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "[PyPI] Email verification" that are sent from the email address noreply@pypj[.]org (note that the domain is not "pypi[.]org"). "This is
Published: 2025-07-29T19:57:00
A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter's dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware landscape to conduct big-game hunting and double extortion attacks. "Chaos RaaS actors initiated
Published: 2025-07-29T18:55:00
Until recently, the cyber attacker methodology behind the biggest breaches of the last decade or so has been pretty consistent: Compromise an endpoint via software exploit, or social engineering a user to run malware on their device; Find ways to move laterally inside the network and compromise privileged identities; Repeat as needed until you can execute your desired attack usually
Published: 2025-07-29T16:55:00
Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that's targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data. The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus. "This extensive campaign involved
Published: 2025-07-29T16:40:00
React conquered XSS? Think again. That's the reality facing JavaScript developers in 2025, where attackers have quietly evolved their injection techniques to exploit everything from prototype pollution to AI-generated code, bypassing the very frameworks designed to keep applications secure. Full 47-page guide with framework-specific defenses (PDF, free). JavaScript conquered the web, but with
Published: 2025-07-29T15:30:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security vulnerability impacting PaperCutNG/MF print management software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-2533 (CVSS score: 8.4), is a cross-site request forgery (CSRF) bug that could
Published: 2025-07-29T10:21:00
In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry. The packages contained code to exfiltrate GitHub authentication tokens and destroy victim systems, Socket said in a report published last week. In addition, 73 repositories
Published: 2025-07-28T23:01:00
Some risks don’t breach the perimeter they arrive through signed software, clean resumes, or sanctioned vendors still hiding in plain sight. This week, the clearest threats weren’t the loudest they were the most legitimate-looking. In an environment where identity, trust, and tooling are all interlinked, the strongest attack path is often the one that looks like it belongs. Security teams are
Published: 2025-07-28T17:43:00
Picture this: you’ve hardened every laptop in your fleet with real time telemetry, rapid isolation, and automated rollback. But the corporate mailbox the front door for most attackers is still guarded by what is effectively a 1990s-era filter. This isn't a balanced approach. Email remains a primary vector for breaches, yet we often treat it as a static stream of messages instead of a dynamic,
Published: 2025-07-28T16:55:00
The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. "The group's core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk," Google's Mandiant team said in an extensive
Published: 2025-07-28T11:49:00
Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium's Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. "These vulnerabilities are fully exploitable if a Niagara system is misconfigured, thereby disabling encryption on a specific network device," Nozomi Networks Labs said in a
Published: 2025-07-28T09:42:00
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned a North Korean front company and three associated individuals for their involvement in the fraudulent remote information technology (IT) worker scheme designed to generate illicit revenues for Pyongyang. The sanctions target Korea Sobaeksu Trading Company (aka Sobaeksu United Corporation), and Kim Se Un, Jo
Published: 2025-07-25T20:35:00
The threat actor known as Patchwork has been attributed to a new spear-phishing campaign targeting Turkish defense contractors with the goal of gathering strategic intelligence. "The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems," Arctic Wolf Labs said
Published: 2025-07-25T19:45:00
Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration. The activity, dubbed Operation CargoTalon, has been assigned to a threat cluster tracked as UNG0901 (short for Unknown Group 901). "The campaign is aimed at targeting employees of Voronezh Aircraft Production Association (VASO), one
Published: 2025-07-25T18:44:00
Threat hunters have disclosed two different malware campaigns that have targeted vulnerabilities and misconfigurations across cloud environments to deliver cryptocurrency miners. The threat activity clusters have been codenamed Soco404 and Koske by cloud security firms Wiz and Aqua, respectively. Soco404 "targets both Linux and Windows systems, deploying platform-specific malware," Wiz
Published: 2025-07-25T16:03:00
A recent analysis of enterprise data suggests that generative AI tools developed in China are being used extensively by employees in the US and UK, often without oversight or approval from security teams. The study, conducted by Harmonic Security, also identifies hundreds of instances in which sensitive data was uploaded to platforms hosted in China, raising concerns over compliance, data
Published: 2025-07-25T15:55:00
Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. "An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which, if successfully exploited, could allow an unauthenticated attacker to conduct an authentication bypass attack
Published: 2025-07-24T22:44:00
Virtualization and networking infrastructure have been targeted by a threat actor codenamed Fire Ant as part of a prolonged cyber espionage campaign. The activity, observed this year, is primarily designed Now to infiltrate organizations' VMware ESXi and vCenter environments as well as network appliances, Sygnia said in a new report published today. "The threat actor leveraged combinations of
Published: 2025-07-24T22:35:00
Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans (RATs). The activity employs Cloudflare-themed ClickFix phishing attacks and fake GitHub repositories opened under the names of legitimate applications, Swiss cybersecurity company PRODAFT said in
Published: 2025-07-24T20:43:00
Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution. The two vulnerabilities impacting Sophos Firewall are listed below - CVE-2025-6704 (CVSS score: 9.8) - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature can lead
Published: 2025-07-24T19:44:00
Is Managing Customer Logins and Data Giving You Headaches? You're Not Alone! Today, we all expect super-fast, secure, and personalized online experiences. But let's be honest, we're also more careful about how our data is used. If something feels off, trust can vanish in an instant. Add to that the lightning-fast changes AI is bringing to everything from how we log in to spotting online fraud,
Published: 2025-07-24T17:06:00
You wouldn’t run your blue team once a year, so why accept this substandard schedule for your offensive side? Your cybersecurity teams are under intense pressure to be proactive and to find your network’s weaknesses before adversaries do. But in many organizations, offensive security is still treated as a one-time event: an annual pentest, a quarterly red team engagement, maybe an audit sprint
Published: 2025-07-24T16:30:00
The Tibetan community has been targeted by a China-nexus cyber espionage group as part of two campaigns conducted last month ahead of the Dalai Lama's 90th birthday on July 6, 2025. The multi-stage attacks have been codenamed Operation GhostChat and Operation PhantomPrayers by Zscaler ThreatLabz. "The attackers compromised a legitimate website, redirecting users via a malicious link and
Published: 2025-07-24T16:29:00
Microsoft has revealed that one of the threat actors behind the active exploitation of SharePoint flaws is deploying Warlock ransomware on targeted systems. The tech giant, in an update shared Wednesday, said the findings are based on an "expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603." The threat actor attributed to the financially
Published: 2025-07-24T16:07:00
Europol on Monday announced the arrest of the suspected administrator of XSS.is (formerly DaMaGeLaB), a notorious Russian-speaking cybercrime platform. The arrest, which took place in Kyiv, Ukraine, on July 222, 2025, was led by the French Police and Paris Prosecutor, in collaboration with Ukrainian authorities and Europol. The action is the result of an investigation that was launched by the
Published: 2025-07-24T12:18:00
Cybersecurity researchers have uncovered a new stealthy backdoor concealed within the "mu-plugins" directory in WordPress sites to grant threat actors persistent access and allow them to perform arbitrary actions. Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. They are located in the "wp-content/mu-plugins"
Published: 2025-07-24T10:41:00
The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances. The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long history of leveraging N-day security flaws in various web applications to deploy cryptocurrency miners. "Although
Published: 2025-07-23T22:45:00
The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information. "The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes' web addresses and cryptocurrency exchanges," Akamai security researcher Tomer
Published: 2025-07-23T18:28:00
Security experts have been talking about Kerberoasting for over a decade, yet this attack continues to evade typical defense methods. Why? It’s because existing detections rely on brittle heuristics and static rules, which don’t hold up for detecting potential attack patterns in highly variable Kerberos traffic. They frequently generate false positives or miss “low-and-slow” attacks altogether.&
Published: 2025-07-23T16:30:00
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers," Matthew Suozzo, Google Open Source Security
Published: 2025-07-23T14:58:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. To that end, Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by July 23, 2025. "CISA is
Published: 2025-07-23T11:54:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-2775 (CVSS score: 9.3) - An improper restriction of XML external entity (XXE) reference vulnerability in the
Published: 2025-07-23T11:53:00
Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking groups called Linen Typhoon and Violet Typhoon as early as July 7, 2025, corroborating earlier reports. The tech giant said it also observed a third China-based threat actor, which it tracks as Storm-2603, weaponizing the flaws as well to obtain initial access to
Published: 2025-07-22T21:15:00
Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation. "In July 2025, the Cisco PSIRT [Product Security Incident Response Team], became aware of attempted exploitation of some of these vulnerabilities in the wild," the company said in an alert. The
Published: 2025-07-22T18:38:00
Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign. The activity has been attributed by Arctic Wolf Labs to a financially motivated hacking group called Greedy Sponge. It's believed to be active since early 2021, indiscriminately targeting a wide range of sectors, such as retail,
Published: 2025-07-22T18:30:00
Making the move from managing a security operations center (SOC) to being a chief information security officer (CISO) is a significant career leap. Not only do you need a solid foundation of tech knowledge but also leadership skills and business smarts. This article will guide you through the practical steps and skills you’ll need to nab an executive cybersecurity job and make the
Published: 2025-07-22T16:30:00
The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said it observed first exploitation attempts targeting an unnamed major Western government, with the activity intensifying on July 18 and 19, spanning government, telecommunications, and software
Published: 2025-07-22T13:29:00
Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX. Mobile security vendor Lookout said it discovered four samples of a surveillanceware tool it tracks
Published: 2025-07-21T22:48:00
The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region. "The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware," Kaspersky researchers Denis Kulik and Daniil Pogorelov said. "One of the C2s [command-and-control servers] was a captive
Published: 2025-07-21T21:57:00
Even in well-secured environments, attackers are getting in not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on zero-days. They work by staying unnoticed slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious now blends in, thanks to
Published: 2025-07-21T17:08:00
By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it’s now a requirement that organizations must adopt. A robust, defensible architecture built on Zero Trust principles does more than satisfy baseline regulatory mandates. It underpins cyber resilience, secures third-party partnerships, and ensures uninterrupted
Published: 2025-07-21T16:55:00
Cybersecurity firm Expel, in an update shared on July 25, 2025, said it's retracting its findings about a phishing attack that it said leveraged cross-device sign-in to get around FIDO account protections despite being not in physical proximity to the authenticating client device. "The evidence does show the targeted user's credentials (username and password) being phished and that the attacker
Published: 2025-07-21T11:43:00
Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also disclosed details of another vulnerability that it said has been addressed with "more robust protections." The tech giant acknowledged it's "aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security
Published: 2025-07-21T09:00:00
Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems. The vulnerability, tracked as CVE-2025-37103, carries a CVSS score of 9.8 out of a maximum of 10.0. "Hard-coded login credentials were found in HPE
Published: 2025-07-21T08:55:00
A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive. Although the service has since shuttered after browser makers took steps to ban miner-related apps and add-ons, researchers from the c/side said they found evidence of a stealthy
Published: 2025-07-21T08:30:00
The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that's targeting Web3 developers to infect them with information stealer malware. "LARVA-208 has evolved its tactics, using fake AI platforms (e.g., Norlax AI, mimicking Teampilot) to lure victims with job offers or portfolio review requests," Swiss cybersecurity
Published: 2025-07-20T21:43:00
FBI Dallas seized 20 BTC from Chaos ransomware affiliate “Hors,” tied to cyberattacks on Texas firms, on April 15, 2025. The FBI division in Dallas seized about 20 Bitcoins on April 15, 2025, from a wallet belonging to a Chaos ransomware affiliate named as “Hors.” The Hors affiliate is responsible for multiple cyberattacks on Texas […]
Published: 2025-07-30T09:40:41
Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. “In April 2025, Darktrace identified an Auto-Color backdoor malware attack […]
Published: 2025-07-30T07:46:00
Orange, France’s largest telecom provider, reported a cyberattack on one of its internal systems, impacting its operations in Europe and Africa. Orange is a leading French multinational telecommunications operator providing services to individuals, businesses, and governments across Europe, Africa, and the Middle East. Formerly known as France T l com until rebranding in 2013, the company now […]
Published: 2025-07-29T20:10:15
The dating safety app Tea was hacked, leaking images, posts, and comments of thousands of users who shared anonymous “red flag” reports on men. Tea is a women-only dating safety app launched in 2023 that lets users assess and review potential partners using real-time safety tools, not matchmaking. The app has over 1.6 million members […]
Published: 2025-07-29T17:00:33
A cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled Aeroflot ’s systems, canceling over 100 flights. On July 28, 2025, a cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled the systems of Russian state-owned carrier Aeroflot. Over 100 flights were cancelled following the attack, which also caused delays. The […]
Published: 2025-07-29T09:59:30
Seychelles Commercial Bank on Friday said it had recently identified and contained a cybersecurity incident. A hacker claims to have stolen and sold the personal data of clients of Seychelles Commercial Bank. The bank, which provides personal and corporate services on Seychelles, one of the world’s smallest countries, notified customers of a hack, but said […]
Published: 2025-07-29T07:44:55
Microsoft found a macOS flaw letting attackers access private data from protected areas like Downloads and Apple Intelligence caches. Microsoft Threat Intelligence researchers discovered a macOS vulnerability that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC). Apple’s Transparency, Consent, and Control framework in macOS is designed […]
Published: 2025-07-29T00:01:17
U.S. U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Cisco confirmed attempted exploitation […]
Published: 2025-07-28T19:40:37
Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in the Post SMTP WordPress plugin, used by 400k sites, allows full site takeover. The plugin Post SMTP is an email delivery plugin that allows site owners […]
Published: 2025-07-28T13:14:29
Scattered Spider targets VMware ESXi in North America using social engineering, mainly fake IT help desk calls instead of software exploits. The cybercrime group Scattered Spider (aka 0ktapus, Muddled Libra, Octo Tempest, and UNC3944) is targeting VMware ESXi hypervisors in retail, airline, and transportation sectors across North America. According to Google’s Mandiant team, the group […]
Published: 2025-07-28T10:40:56