Today's Core Dump is brought to you by ThreatPerspective

Biz & IT Ars Technica

Drug cartel hacked FBI official’s phone to track and kill informants, report says

Official was connected to FBI probe of cartel kingpin Joaqu n “El Chapo” Guzm n. The Sinaloa drug cartel in Mexico hacked the phone of an FBI official investigating kingpin Jo

Published: 2025-06-30T19:57:49



Biz & IT Ars Technica

Actively exploited vulnerability gives extraordinary control over server fleets

AMI MegaRAC used in servers from AMD, ARM, Fujitsu, Gigabyte, and Qualcomm. Hackers are exploiting a maximum-severity vulnerability that has the potential to give them complet

Published: 2025-06-26T22:52:42



Biz & IT Ars Technica

Ubuntu disables Intel GPU security mitigations, promises 20% performance boost

Overtime defenses for Spectre-based attacks have taken their toll. Ubuntu users could see up to a 20 percent boost in graphics performance on Intel-based systems under a chang

Published: 2025-06-25T19:39:19



Biz & IT Ars Technica

Canadian telecom hacked by suspected China state group

Maximum-security Cisco vulnerability was patched Oct. 2023 and exploited Feb. 2025. Hackers suspected of working on behalf of the Chinese government exploited a maximum-severi

Published: 2025-06-23T19:21:42



Security | The Verge

AT&T now lets you lock down your account to prevent SIM swapping attacks

AT&T is launching a new Account Lock feature that's designed to protect wireless users against SIM swapping attacks. The feature, which you can enable from the myAT&T app, prevents unauthorized changes to your account, like phone number transfers, SIM card changes, and updates to billing information. SIM swapping attacks have become increasingly common in recent […] AT&T is launching a new Account Lock feature that’s designed to protect wireless users against SIM swapping attacks. The feature, which you can enable from the myAT&T app, prevents unauthorized changes to your account, like phone number tra...

Published: 2025-07-01T12:36:28



Security | The Verge

Tinder's mandatory facial recognition check comes to the US

Tinder is trialing mandatory facial recognition security features in the US to verify profiles and crack down on impersonation and fake accounts. New users in California are now required to provide a biometric Face Check scan to confirm their face matches their profile photos for the dating service, Axios reported on Monday. The Face Check […] Tinder is trialing mandatory facial recognition security features in the US to verify profiles and crack down on impersonation and fake accounts. New users in California are now required to provide a biometric “Face Check” scan to confirm their fac...

Published: 2025-07-01T05:10:31



Security | The Verge

Microsoft Authenticator is ending support for passwords

Microsoft will soon no longer let you use its Authenticator app to store or autofill passwords. Starting in July, you won t be able to autofill saved passwords using Authenticator, and you ll have to use Microsoft Edge or another password management solution instead. Microsoft also plans on deleting your saved payment information in Authenticator this July […] Microsoft will soon no longer let you use its Authenticator app to store or autofill passwords. Starting in July, you won’t be able to autofill saved passwords using Authenticator, and you’ll have to use Microsoft Edge or another password managemen...

Published: 2025-06-30T14:33:25



Security | The Verge

Hundreds of Brother printer models have an unpatchable security flaw

Serious security flaws have been found in hundreds of Brother printer models that could allow attackers to remotely access devices that are still using default passwords. Eight new vulnerabilities, one of which cannot be fixed by patching the firmware, were discovered in 689 kinds of Brother home and enterprise printers by security company Rapid7.  The […] Serious security flaws have been found in hundreds of Brother printer models that could allow attackers to remotely access devices that are still using default passwords. Eight new vulnerabilities, one of which cannot be fixed by patching the firmw...

Published: 2025-06-30T06:20:23



Security | The Verge

How vulnerable is critical infrastructure to cyberattack in the US?

Our water, health, and energy systems are increasingly vulnerable to cyberattack. Now, when tensions escalate - like when the US bombed nuclear facilities in Iran this month - the safety of these systems becomes of paramount concern. If conflict erup

Published: 2025-06-27T18:31:35



Security | The Verge

Windows is getting rid of the Blue Screen of Death after 40 years

The Blue Screen of Death (BSOD) has held strong in Windows for nearly 40 years, but that's about to change. Microsoft revealed earlier this year that it was overhauling its BSOD error message in Windows 11, and the company has now confirmed that it will soon be known as the Black Screen of Death. The […] The Blue Screen of Death (BSOD) has held strong in Windows for nearly 40 years, but that’s about to change. Microsoft revealed earlier this year that it was overhauling its BSOD error message in Windows 11, and the company has now confirmed that it...

Published: 2025-06-26T11:46:42



Security | The Verge

Russia frees REvil hackers after sentencing

Four members of the REvil ransomware group have been released from custody despite pleading guilty to fraud and malware distribution charges. The Dzerzhinsky Court of St. Petersburg allowed Roman Muromsky, Andrei Bessonov, Mikhail Golovachuk, and Dmitry Korotaev to walk free after sentencing them to five years in prison on Monday, ruling that the gang members […] Four members of the REvil ransomware group have been released from custody despite pleading guilty to fraud and malware distribution charges. The Dzerzhinsky Court of St. Petersburg allowed Roman Muromsky, Andrei Bessonov, Mikhail Golovachuk, and D...

Published: 2025-06-25T09:10:23



Security | The Verge

Microsoft is blocking Google Chrome through its family safety feature

Earlier this month, Microsoft's Family Safety feature, primarily used by parents and schools as a set of parental controls and filters, started randomly blocking Google's Chrome browser from opening on Windows. The first reports surfaced on June 3rd, with some Chrome users noticing the browser kept closing or wouldn t open. Microsoft has introduced a bug […] Earlier this month, Microsoft’s Family Safety feature, primarily used by parents and schools as a set of parental controls and filters, started randomly blocking Google’s Chrome browser from opening on Windows. The first reports surfaced on June 3r...

Published: 2025-06-20T10:00:04



BleepingComputer

Ingram Micro outage caused by SafePay ransomware attack

An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. [...]

Published: 2025-07-05T11:58:49



BleepingComputer

Hacker leaks Telef nica data allegedly stolen in a new breach

A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telef nica in a breach that the company did not acknowledge. [...]

Published: 2025-07-04T11:11:26



BleepingComputer

Grafana releases critical security update for Image Renderer plugin

Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. [...]

Published: 2025-07-03T12:16:59



BleepingComputer

IdeaLab confirms data stolen in ransomware attack last year

IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information. [...]

Published: 2025-07-03T11:14:56



Krebs on Security

Senator Chides FBI for Weak Advice on Mobile Security

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was report...

Published: 2025-06-30T17:33:59



Gizmodo

Hell Yeah, ‘Cyberpunk: Edgerunners II’ is Happening

Studio Trigger returns to Night City with a standalone sequel to 'Cyberpunk: Edgerunners' that promises to hurt as much as the original.... Cyberpunk Edgerunners2

Published: 2025-07-05T14:30:33



The Register - Security

Massive spike in use of .es domains for phishing abuse

Cuidado! Time to double-check before entering your Microsoft creds Cybersecurity experts are reporting a 19x increase in malicious campaigns being launched from .es domains, making it the third most common, behind only .com and .ru.

Published: 2025-07-05T12:43:06



The Register - Security

Microsoft Windows Firewall complains about Microsoft code

Just ignore the warnings. Nothing to see here. Move along A mysterious piece of "under development" code is playing havoc with the Windows Firewall after the latest preview update for Windows 11 24H2.

Published: 2025-07-03T16:00:08



The Register - Security

Young Consulting finds even more folks affected in breach mess now over 1 million

The insurance SaaS slinger may trade under a different name, but past continues to haunt it Young Consulting's cybersecurity woes continue after the number of affected individuals from last year's suspected ransomware raid passed the 1 million mark.

Published: 2025-07-03T14:31:13



The Register - Security

Meta calls 200M EU fine over pay-or-consent ad model 'unlawful'

'Deserves fair compensation for the valuable and innovative services'? Which ones are those then? Meta has come out swinging following the European Commission's decision that its pay-or-consent model falls foul of the Digital Markets Act (DMA).

Published: 2025-07-03T12:42:36



The Register - Security

Ransomware crew Hunters International shuts down, hands out keys to victims

Don't let their kind words sway you leaders are still up to no good Ransomware gang Hunters International has shut up shop and offered decryption keys to all victims as a parting favor.

Published: 2025-07-03T11:23:14



The Register - Security

Let's Encrypt rolls out free security certs for IP addresses

You probably don't need one, but it's nice to have the option Let's Encrypt, a certificate authority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.

Published: 2025-07-03T07:34:06



The Register - Security

ChatGPT creates phisher's paradise by recommending the wrong URLs for major companies

Crims have cottoned on to a new way to lead you astray AI-powered chatbots often deliver incorrect information when asked to name the address for major companies websites, and threat intelligence business Netcraft thinks that creates an opportunity for criminals.

Published: 2025-07-03T06:30:09



The Register - Security

Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform

The second max score this week for Netzilla - not a good look If you're running the Engineering-Special (ES) builds of Cisco Unified Communications Manager or its Session Management Edition, you need to apply Cisco's urgent patch after someone at Switchzilla made a big mistake.

Published: 2025-07-02T22:33:41



The Register - Security

CISA warns the Signal clone used by natsec staffers is being attacked, so patch now

Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors' The US security watchdog CISA has warned that malicious actors are actively exploiting two flaws in the Signal clone TeleMessage TM SGNL, and has directed federal agencies to patch the flaws or discontinue use of the app by July 22.

Published: 2025-07-02T20:47:30



The Register - Security

23andMe's new owner says your DNA is safe this time

Nonprofit TTAM assures everything is BAU. Whether that makes customers feel better is another matter The medical research nonprofit vying to buy 23andMe is informing existing customers that it plans to complete the deal on July 8.

Published: 2025-07-02T17:32:06



The Register - Security

US imposes sanctions on second Russian bulletproof hosting vehicle this year

Aeza Group accused of assisting data bandits and BianLian ransomware crooks The US Treasury has sanctioned Aeza Group, a Russian bulletproof hosting (BPH) provider, and four of its cronies for enabling ransomware and other cybercriminal activity.

Published: 2025-07-02T12:35:12



The Register - Security

Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks

Experts say they don't expect the MOVEit menace to do much about it Security experts have uncovered a hole in Cl0p's data exfiltration tool that could potentially leave the cybercrime group vulnerable to attack.

Published: 2025-07-02T09:38:10



The Register - Security

UK eyes new laws as cable sabotage blurs line between war and peace

It might be time to update the Submarine Telegraph Act of 1885 Cyberattacks and undersea cable sabotage are blurring the line between war and peace and exposing holes in UK law, a government minister has warned lawmakers.

Published: 2025-07-02T08:30:07



The Register - Security

Australian airline Qantas reveals data theft impacting six million customers

Frequent flyers info takes flight Australian airline Qantas on Wednesday revealed it fell victim to a cyberattack that saw information describing six million customers stolen.

Published: 2025-07-02T01:34:50



The Register - Security

Microsoft admits to Intune forgetfulness

Customizations not saved with security baseline policy update Microsoft Intune administrators may face a few days of stress after Redmond acknowledged a problem with security baseline customizations.

Published: 2025-07-01T19:02:21



The Register - Security

International Criminal Court swats away 'sophisticated and targeted' cyberattack

Body stays coy on details but alludes to similarities with 2023 espionage campaign The International Criminal Court (ICC) says a "sophisticated" cyberattack targeted the institution, the second such incident in two years.

Published: 2025-07-01T16:34:05



The Register - Security

Terrible tales of opsec oversights: How cybercrooks get themselves caught

The silly mistakes to the flagrant failures They say that success breeds complacency, and complacency leads to failure. For cybercriminals, taking too many shortcuts when it comes to opsec delivers a little more than that.

Published: 2025-07-01T09:27:05



The Register - Security

Proton bashes Apple and joins antitrust suit that seeks to throw the App Store wide open

Makes the usual complaints about control and cost, adds argument Apple's practices harm privacy Secure comms biz Proton has joined a lawsuit that alleges Apple's anticompetitive ways are harming developers, consumers, and privacy.

Published: 2025-07-01T06:31:13



The Register - Security

US shuts down a string of North Korean IT worker scams

Resulting in two indictments, one arrest, and 137 laptops seized The US Department of Justice has announced a major disruption of multiple North Korean fake IT worker scams.

Published: 2025-06-30T22:17:39



The Register - Security

British IT worker sentenced to seven months after trashing company network

Don't leave the door open to disgruntled workers A judge has sentenced a disgruntled IT worker to more than seven months in prison after he wreaked havoc on his employer's network following his suspension, according to West Yorkshire Police.

Published: 2025-06-30T18:29:15



The Register - Security

Scattered Spider crime spree takes flight as focus turns to aviation sector

Time ticking for defenders as social engineering pros weave wider web Just a few weeks after warning about Scattered Spider's tactics shifting toward the insurance industry, the same experts now say the aviation industry is now on the ransomware crew's radar.

Published: 2025-06-30T17:31:15



The Register - Security

Sinaloa drug cartel hired a cybersnoop to identify and kill FBI informants

Device compromises and deep-seated access to critical infrastructure exposed surveillance vulnerabilities in agency's work A major Mexican drug cartel insider grassed on his fellow drug-peddlers back in 2018, telling the FBI that a cartel "hacker" was tracking a federal official and using their deep-rooted access to the country's critical infrastructure to kill informants.

Published: 2025-06-30T13:13:10



The Register - Security

Your browser has ad tech's fingerprints all over it, but there's a clean-up squad in town

Like being hard to spot? They d much rather you didn't Opinion There are few tech deceptions more successful than Chrome's Incognito Mode.

Published: 2025-06-30T08:33:12



The Register - Security

Canada orders Chinese CCTV biz Hikvision to quit the country ASAP

PLUS: Broadband blimps to fly in Japan; Starbucks China put ads before privacy; and more! Asia In Brief Canada's government has ordered Chinese CCTV systems vendor Hikvision to cease its local operations.

Published: 2025-06-30T03:26:11



The Register - Security

It's 2025 and almost half of you are still paying ransomware operators

PLUS: Crooks target hardware crypto wallets; Bad flaws in Brother printers; ,O365 allows takeover-free phishing; and more Infosec in Brief Despite warnings not to pay ransomware operators, almost half of those infected by the malware send cash to the crooks who planted it, according to infosec software slinger Sophos.

Published: 2025-06-30T00:34:56



The Register - Security

Ex-NATO hacker: 'In the cyber world, there's no such thing as a ceasefire'

Watch out for supply chain hacks especially interview The ceasefire between Iran and Israel may prevent the two countries from firing missiles at each other, but it won't carry any weight in cyberspace, according to former NATO hacker Candan Bolukbas.

Published: 2025-06-28T14:01:10



The Register - Security

Crims are posing as insurance companies to steal health records and payment info

Taking advantage of the ridiculously complex US healthcare billing system Criminals masquerading as insurers are tricking patients and healthcare providers into handing over medical records and bank account information via emails and text messages, according to the FBI.

Published: 2025-06-27T22:59:14



The Register - Security

Cisco punts network-security integration as key for agentic AI

Getting it in might mean re-racking the entire datacenter and rebuilding the network, though Cisco is talking up the integration of security into network infrastructure such as its latest Catalyst switches, claiming this is vital to AI applications, and in particular the current vogue for "agentic AI."

Published: 2025-06-27T17:29:13



The Register - Security

Aloha, you ve been pwned: Hawaiian Airlines discloses cybersecurity event

'No impact on safety,' FAA tells The Reg update Hawaiian Airlines said a "cybersecurity incident" affected some of its IT systems, but noted that flights are operating as scheduled. At least one researcher believes Scattered Spider, which previously targeted retailers and insurance companies, could be to blame.

Published: 2025-06-27T16:56:12



The Register - Security

So you CAN turn an entire car into a video game controller

Pen Test Partners hijack data from Renault Clio to steer, brake, and accelerate in SuperTuxKart Cybersecurity nerds figured out a way to make those at-home racing simulators even more realistic by turning an actual car into a game controller.

Published: 2025-06-27T15:27:12



The Register - Security

Data spill in aisle 5: Grocery giant Ahold Delhaize says 2.2M affected after cyberattack

Finance, health, and national identification details compromised Multinational grocery and retail megacorp Ahold Delhaize says upwards of 2.2 million people had their data compromised during its November cyberattack with personal, financial and health details among the trove.

Published: 2025-06-27T13:39:03



The Register - Security

FBI used bitcoin wallet records to peg notorious IntelBroker as UK national

Pro tip: Don't use your personal email account on BreachForums The notorious data thief known as IntelBroker allegedly broke into computer systems belonging to more than 40 victims worldwide and stole their data, costing them at least $25 million in damages, according to newly unsealed court documents that also name IntelBroker as 25-year-old British national Kai West.

Published: 2025-06-26T19:02:09



The Register - Security

What if Microsoft just turned you off? Security pro counts the cost of dependency

Czech researcher lays out a business case for reducing reliance on Redmond Comment A sharply argued blog post warns that heavy reliance on Microsoft poses serious strategic risks for organizations a viewpoint unlikely to win favor with Redmond or its millions of corporate customers.

Published: 2025-06-26T18:34:14



The Register - Security

Cisco fixes two critical make-me-root bugs on Identity Services Engine components

A 10.0 and a 9.8 these aren't patches to dwell on Cisco has dropped patches for a pair of critical vulnerabilities that could allow unauthenticated remote attackers to execute code on vulnerable systems.

Published: 2025-06-26T17:30:08



The Register - Security

Glasgow City Council online services crippled following cyberattack

Nothing confirmed but authority is operating under the assumption that data has been stolen A cyberattack on Glasgow City Council is causing massive disruption with a slew of its digital services unavailable.

Published: 2025-06-26T12:01:15



The Register - Security

Qilin ransomware attack on NHS supplier contributed to patient fatality

Pathology outage caused by Synnovis breach linked to harm across dozens of healthcare facilities The NHS says Qilin's ransomware attack on pathology services provider Synnovis last year led to the death of a patient.

Published: 2025-06-26T11:02:09



The Register - Security

UK to buy nuclear-capable F-35As that can't be refueled from RAF tankers

Aircraft meant to bolster NATO deterrent will rely on allied support to stay airborne The UK government is to buy 12 F-35A fighters capable of carrying nuclear weapons as part of the NATO deterrent, but there's a snag: the new jets are incompatible with the RAF's refueling tanker aircraft.

Published: 2025-06-26T09:14:09



The Register - Security

Frozen foods supermarket chain deploys facial recognition tech

Privacy campaigner brands Iceland's use of 'Orwellian' camera tech 'chilling,' CEO responds: 'It'll cut violent crime' Privacy campaigners are branding frozen food retailer Iceland's decision to trial facial recognition technology (FRT) at several stores "chilling" the UK supermarket chain says it's deploying the cameras to cut down on crime.

Published: 2025-06-26T08:30:06



The Register - Security

That WhatsApp from an Israeli infosec expert could be a Iranian phish

Charming Kitten unsheathes its claws and tries to catch credentials The cyber-ops arm of Iran's Islamic Revolutionary Guard Corps has started a spear-phishing campaign intent on stealing credentials from Israeli journalists, cybersecurity experts, and computer science professors from leading Israeli universities.

Published: 2025-06-26T06:28:14



The Register - Security

Citrix bleeds again: This time a zero-day exploited - patch now

Two emergency patches issued in two weeks Hot on the heels of patching a critical bug in Citrix-owned Netscaler ADC and NetScaler Gateway that one security researcher dubbed "CitrixBleed 2," the embattled networking device vendor today issued an emergency patch for yet another super-serious flaw in the same products but not before criminals found and exploited it as a zero-day.

Published: 2025-06-25T21:10:02



The Register - Security

Amazon's Ring can now use AI to 'learn the routines of your residence'

It's meant to cut down on false positives but could be a trove for mischief-makers Ring doorbells and cameras are using AI to "learn the routines of your residence," via a new feature called Video Descriptions.

Published: 2025-06-25T19:02:06



The Register - Security

Computer vision research feeds surveillance tech as patent links spike 5

A bottomless appetite for tracking people as 'objects' A new study shows academic computer vision papers feeding surveillance-enabling patents jumped more than fivefold from the 1990s to the 2010s.

Published: 2025-06-25T17:55:08



The Register - Security

Supply chain attacks surge with orgs 'flying blind' about dependencies

Who is the third party that does the thing in our thing? Yep. Attacks explode over past year The vast majority of global businesses are handling at least one material supply chain attack per year, but very few are doing enough to counter the growing threat.

Published: 2025-06-25T17:36:13



The Register - Security

French cybercrime police arrest five suspected BreachForums admins

Twentysomethings claimed to be linked to spate of high-profile cybercrimes The Paris police force's cybercrime brigade (BL2C) has arrested a further four men as part of a long-running investigation into the criminals behind BreachForums.

Published: 2025-06-25T15:34:56



The Register - Security

UK govt dept website that campaigns against encryption hijacked to advertise ... payday loans

Company at center of findings blamed SEO on outsourcer A website developed for the UK Home Office's 2022 "flop" anti-encryption campaign has seemingly been hijacked to push a payday loan scheme.

Published: 2025-06-25T09:26:17



The Register - Security

Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack

Why are you even reading this story? Patch now! Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cyber scum, although there haven't been any reports of active exploitation. Yet.

Published: 2025-06-24T21:01:12



The Register - Security

Beware of fake SonicWall VPN app that steals users' credentials

A good reminder not to download apps from non-vendor sites Unknown miscreants are distributing a fake SonicWall app to steal users' VPN credentials.

Published: 2025-06-24T17:22:32



The Register - Security

The vulnerability management gap no one talks about

If an endpoint goes ping but isn't on the network, does anyone hear it? Partner content Recently, I've been diving deep into security control data across dozens of organizations, and what I've found has been both fascinating and alarming. Most security teams I work with can rattle off their vulnerability management statistics with confidence. They know their scan schedules, their remediation timelines, and their critical vulnerability counts. They point to clean dashboards and comprehensive reports as proof that their programs are working.

Published: 2025-06-24T15:01:42



The Register - Security

Four REvil ransomware crooks walk free, escape gulag fate, after admitting guilt

Russian judge lets off accused with time served but others who refused to plead guilty face years in penal colony Four convicted members of the once-supreme ransomware operation REvil are leaving captivity after completing most of their five-year sentences.

Published: 2025-06-24T11:46:09



The Register - Security

Psylo browser tries to obscure digital fingerprints by giving every tab its own IP address

Gotta keep 'em separated so the marketers and snoops can't come out and play Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple's App Store, one day ahead of a report warning about the widespread use of browser fingerprinting for ad tracking and targeting.

Published: 2025-06-24T06:32:15



Security Latest

Android May Soon Warn You About Fake Cell Towers

Plus: Iran-linked hackers threaten to release Trump campaign emails, Chinese hackers still in US telecoms networks, and an abusive deepfake website plans an expansion.

Published: 2025-07-05T10:30:00



Security Latest

The Person in Charge of Testing Tech for US Spies Has Resigned

IARPA director Rick Muller is departing after just over a year at the R&D unit that invests in emerging technologies of potential interest to agencies like the NSA and the CIA, WIRED has learned.

Published: 2025-07-03T20:50:33



Security Latest

Trump Officials Want to Prosecute Over the ICEBlock App. Lawyers Say That’s Unconstitutional

The platform, which allows users to anonymously share the locations of ICE agents, is currently the third-most-downloaded iPhone app.

Published: 2025-07-03T18:06:17



Security Latest

CBP Wants New Tech to Search for Hidden Data on Seized Phones

Customs and Border Protection is asking companies to pitch tools for performing deep analysis on the contents of devices seized at the US border.

Published: 2025-07-03T17:19:59



Security Latest

The Promise and Peril of Digital Security in the Age of Dictatorship

LGBTIQ+ organizations in El Salvador are using technology to protect themselves and create a record of the country’s ongoing authoritarian escalations against their community. It’s not without risks.

Published: 2025-07-03T09:30:00



Security Latest

A Group of Young Cybercriminals Poses the ‘Most Imminent Threat’ of Cyberattacks Right Now

The Scattered Spider hacking group has caused chaos among retailers, insurers, and airlines in recent months. Researchers warn that its flexible structure poses challenges for defense.

Published: 2025-07-02T17:56:04



Security Latest

Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams

The US Justice Department revealed the identity theft number along with one arrest and a crackdown on “laptop farms” that allegedly facilitate North Korean tech worker impersonators across the US.

Published: 2025-06-30T20:00:39



Security Latest

ICE Rolls Facial Recognition Tools Out to Officers' Phones

Plus: US feds charge alleged masterminds behind infamous forum, Scattered Spider targets airlines, and hackers open a valve at a Norwegian dam.

Published: 2025-06-28T10:30:00



Security Latest

US Supreme Court Upholds Texas Porn ID Law

In a 6-3 decision, the Supreme Court held that age verification for explicit sites is constitutional. In a dissent, Justice Elena Kagan warned it burdens adults and ignores First Amendment precedent.

Published: 2025-06-27T15:36:57



Security Latest

‘They're Not Breathing’: Inside the Chaos of ICE Detention Center 911 Calls

Records of hundreds of emergency calls from ICE detention centers obtained by WIRED including audio recordings show a system inundated by life-threatening incidents, delayed treatment, and overcrowding.

Published: 2025-06-25T21:21:09



Security Latest

Telegram Purged Chinese Crypto Scam Markets Then Watched as They Rebuilt

Last month, Telegram banned black markets that sold tens of billions of dollars in crypto scam-related services. Now, as those markets rebrand and bounce back, it’s done nothing to stop them.

Published: 2025-06-23T16:48:39



Security Latest

Taiwan Is Rushing to Make Its Own Drones Before It's Too Late

Unmanned vehicles are increasingly becoming essential weapons of war. But with a potential conflict with China looming large, Taiwan is scrambling to build a domestic drone industry from scratch.

Published: 2025-06-23T10:00:00



Security Latest

What Satellite Images Reveal About the US Bombing of Iran's Nuclear Sites

The US concentrated its attack on Fordow, an enrichment plant built hundreds of feet underground. Aerial photos give important clues about what damage the “bunker-buster” bombs may have caused.

Published: 2025-06-22T21:41:46



Security Latest

Truth Social Crashes as Trump Live-Posts Iran Bombing

The social network started experiencing global outages within minutes of Donald Trump posting details of a US military strike on Iran.

Published: 2025-06-22T01:10:32



Security Latest

Israel Says Iran Is Hacking Security Cameras for Spying

Plus: Ukrainian hackers reportedly knock out a key Russian internet provider, China’s Salt Typhoon hackers claim another victim, and the UK hits 23andMe with a hefty fine over its 2023 data breach.

Published: 2025-06-21T10:00:00



The Hacker News

Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties

Taiwan's National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China. The alert comes following an inspection of these apps carried out in coordination with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal

Published: 2025-07-05T11:42:00



The Hacker News

Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS

Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on compromised hosts. "The attacker used a modified version of XMRig with a hard-"coded configuration, allowing them to avoid suspicious command-line arguments that are often flagged by defenders," Wiz researchers Yaara Shriki and Gili

Published: 2025-07-05T11:14:00



The Hacker News

NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors

Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China. According to QiAnXin's RedDrip Team, the threat actor has been active since 2023 and has switched network

Published: 2025-07-04T18:29:00



The Hacker News

Your AI Agents Might Be Leaking Data Watch this Webinar to Learn How to Stop It

Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI workflows are creating new, hidden ways for sensitive enterprise data to leak and most teams don’t even realize it. If you’re building, deploying, or managing AI systems, now is the time to ask: Are your AI agents exposing confidential data

Published: 2025-07-04T15:01:00



The Hacker News

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host

Published: 2025-07-04T15:00:00



The Hacker News

Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission

Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when they were idle to passively send information to the company. The verdict marks an end to a legal class-action complaint that was originally filed in August 2019. In their lawsuit, the plaintiffs argued that Google's Android operating system

Published: 2025-07-04T12:47:00



The Hacker News

Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the company's Satori Threat Intelligence and Research Team. The apps have

Published: 2025-07-03T21:32:00



The Hacker News

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox

Published: 2025-07-03T16:23:00



The Hacker News

The Hidden Weaknesses in AI SOC Tools that No One Talks About

If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday’s SOC, today's reality is different. Modern security operations teams face a

Published: 2025-07-03T16:00:00



The Hacker News

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of

Published: 2025-07-03T14:55:00



The Hacker News

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges. The vulnerability, tracked as CVE-2025-20309, carries a CVSS score

Published: 2025-07-03T09:54:00



The Hacker News

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics. "Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,"

Published: 2025-07-02T22:39:00



The Hacker News

That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat

With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most important threats to your organization? Breaches at edge devices and VPN gateways have risen from 3% to 22%, according to

Published: 2025-07-02T16:30:00



The Hacker News

Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. "A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD

Published: 2025-07-02T16:15:00



The Hacker News

U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world. The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of Aeza Group, as well

Published: 2025-07-02T14:26:00



The Hacker News

Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale

Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts. "This observation signals a new evolution in the weaponization of Generative AI by threat actors who have demonstrated an ability to generate a functional phishing site from simple text prompts," Okta

Published: 2025-07-02T11:18:00



The Hacker News

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts. The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4 out of a maximum of 10.0. "This is one

Published: 2025-07-01T23:33:00



The Hacker News

TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader. Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829. The latter is also known by the

Published: 2025-07-01T21:56:00



The Hacker News

New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status

A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. "We discovered that flawed verification checks in Visual Studio Code allow publishers to add functionality

Published: 2025-07-01T19:21:00



The Hacker News

A New Maturity Model for Browser Security: Closing the Last-Mile Risk

Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser. It’s where 85% of modern work now happens. It’s also where copy/paste actions, unsanctioned GenAI usage, rogue extensions, and personal devices create a risk surface that most security stacks weren’t designed to handle. For security leaders who know

Published: 2025-07-01T16:30:00



The Hacker News

Chrome Zero-Day CVE-2025-6554 Under Active Attack Google Issues Security Update

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary

Published: 2025-07-01T14:25:00



The Hacker News

U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms

The U.S. Department of Justice (DoJ) on Monday announced sweeping actions targeting the North Korean information technology (IT) worker scheme, leading to the arrest of one individual and the seizure of 29 financial accounts, 21 fraudulent websites, and nearly 200 computers. The coordinated action saw searches of 21 known or suspected "laptop farms" between June 10 and 17, 2025, across 14 states

Published: 2025-07-01T13:23:00



The Hacker News

Microsoft Removes Password Management from Authenticator App Starting August 2025

Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft’s move is part of a much larger shift away from traditional password-based logins. The company said the changes are also meant to streamline autofill within its two-factor authentication (2FA) app, making the experience simpler and more secure.Over the past few years, Microsoft

Published: 2025-07-01T09:51:00



The Hacker News

U.S. Agencies Warn of Rising Iranian Cyber Attacks on Defense, OT Networks, and Critical Infrastructure

U.S. cybersecurity and intelligence agencies have issued a joint advisory warning of potential cyber attacks from Iranian state-sponsored or affiliated threat actors.  "Over the past several months, there has been increasing activity from hacktivists and Iranian government-affiliated actors, which is expected to escalate due to recent events," the agencies said. "These cyber actors often

Published: 2025-06-30T21:59:00



The Hacker News

Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects

Europol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered 460 million ($540 million) from more than 5,000 victims across the world. The international effort, codenamed Operation Borrelli, was carried out by the Spanish Guardia Civil, along with support from law enforcement authorities from Estonia, France, and the United States. Europol said the

Published: 2025-06-30T20:47:00



The Hacker News

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a report published last week, said it was able to make this connection by pivoting from Proton66-linked digital assets, leading to the discovery of an active threat cluster that leverages Visual Basic Script (VBS) files as its

Published: 2025-06-30T19:00:00



The Hacker News

Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories

Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromised secrets. According to reports such as the Verizon DBIR, attackers are more commonly using stolen

Published: 2025-06-30T16:30:00



The Hacker News

Weekly Recap: Airline Hacks, Citrix 0-Day, Outlook Malware, Banking Trojans and more

Ever wonder what happens when attackers don’t break the rules they just follow them better than we do? When systems work exactly as they’re built to, but that “by design” behavior quietly opens the door to risk? This week brings stories that make you stop and rethink what’s truly under control. It’s not always about a broken firewall or missed patch it’s about the small choices, default settings

Published: 2025-06-30T15:46:00



The Hacker News

FBI Warns of Scattered Spider's Expanding Attacks on Airlines Using Social Engineering

The U.S. Federal Bureau of Investigation (FBI) has revealed that it has observed the notorious cybercrime group Scattered Spider broadening its targeting footprint to strike the airline sector. To that end, the agency said it's actively working with aviation and industry partners to combat the activity and help victims. "These actors rely on social engineering techniques, often impersonating

Published: 2025-06-28T15:18:00



The Hacker News

GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool

The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool. "Recent campaigns in June 2025 demonstrate GIFTEDCROOK's enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and

Published: 2025-06-28T13:28:00



The Hacker News

Facebook’s New AI Tool Asks to Upload Your Photos for Story Ideas, Sparking Privacy Concerns

Facebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas using artificial intelligence (AI), including those that have not been directly uploaded to the service. According to TechCrunch, which first reported the feature, users are being served a new pop-up message asking for permission to "allow

Published: 2025-06-28T12:49:00



The Hacker News

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard's STRIKE team. "The LapDogs network has a high concentration of victims

Published: 2025-06-27T21:28:00



The Hacker News

PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack

A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet (WPCT), China's education policy in the Tibet Autonomous Region (TAR), and a recently published book by the 14th Dalai Lama,

Published: 2025-06-27T18:55:00



The Hacker News

Business Case for Agentic AI SOC Analysts

Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all

Published: 2025-06-27T16:30:00



The Hacker News

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit

A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to the threat actor.

Published: 2025-06-27T15:55:00



The Hacker News

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025 suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive data

Published: 2025-06-27T13:13:00



The Hacker News

OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious," Trellix researchers Nico Paulo

Published: 2025-06-27T12:01:00



The Hacker News

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks

Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. "This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control

Published: 2025-06-26T22:16:00



The Hacker News

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects is

Published: 2025-06-26T18:54:00



The Hacker News

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even

Published: 2025-06-26T18:33:00



The Hacker News

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience

SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn’t. These platforms weren’t built with full-scale data

Published: 2025-06-26T16:30:00



The Hacker News

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks

An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. "In some of those campaigns, Israeli technology and cyber security professionals were approached by attackers who posed as fictitious assistants to

Published: 2025-06-26T14:15:00



The Hacker News

Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa

Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014, where "CL" refers to "cluster" and "CRI" stands for "criminal motivation." It's suspected

Published: 2025-06-26T12:49:00



The Hacker News

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing

Published: 2025-06-26T11:32:00



The Hacker News

WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews

Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread messages in chats. The feature, called Message Summaries, is currently rolling out in the English language to users in the United States, with plans to bring it to other regions and languages later this year. It "uses Meta AI to

Published: 2025-06-26T10:06:00



The Hacker News

nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications. Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse. First disclosed by

Published: 2025-06-25T22:26:00



The Hacker News

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could result in unintended control flow and denial-of-service. However, successful exploitation requires the

Published: 2025-06-25T20:21:00



The Hacker News

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January

Published: 2025-06-25T19:07:00



The Hacker News

Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games

Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database dumps, characterizing it as an information operation "carried out by Iran and its proxies." "The actors

Published: 2025-06-25T16:30:00



The Hacker News

Beware the Hidden Risk in Your Entra Environment

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in

Published: 2025-06-25T16:00:00



Security Affairs

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram. […]

Published: 2025-07-05T16:32:55



Security Affairs

Critical Sudo bugs expose major Linux distros to local Root exploits

Critical Sudo flaws let local users gain root access on Linux systems, the vulnerabilities affect major Linux distributions. Cybersecurity researchers disclosed two vulnerabilities in the Sudo command-line utility for Linux and Unix-like operating systems. Local attackers can exploit the vulnerabilities to escalate privileges to root on affected systems. Sudo (short for “superuser do”) is a […]

Published: 2025-07-04T20:04:17



Security Affairs

Google fined $314M for misusing idle Android users’ data

Google must pay $314M after a California court ruled it misused idle Android users’ data. The case ends a class-action suit filed in August 2019. A San Jose jury ruled that Google misused Android users’ cell phone data and must pay over $314.6 million in damages to affected users in California. Google is liable for […]

Published: 2025-07-04T12:22:25



Security Affairs

A flaw in Catwatchful spyware exposed logins of +62,000 users

A flaw in Catwatchful spyware exposed logins of 62,000 users, turning the spy tool into a data leak, security researcher Eric Daigle revealed. A flaw in the Catwatchful Android spyware exposed its full user database, leaking email addresses and plaintext passwords of both customers and its admin, TechCrunch first reported. Security researcher Eric Daigle first discovered […]

Published: 2025-07-04T07:28:44



Security Affairs

China-linked group Houken hit French organizations using zero-days

China-linked group Houken hit French govt, telecom, media, finance and transport sectors using Ivanti CSA zero-days, says France’s ANSSI. France’s cyber agency ANSSI revealed that a Chinese hacking group used Ivanti CSA zero-days to target government, telecom, media, finance, and transport sectors. The campaign, active since September 2024, is linked to the Houken intrusion set, […]

Published: 2025-07-03T18:16:35



Security Affairs

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

Resecurity found a breach in Brazil’s CIEE One platform, exposing PII and documents, later sold by data broker “888” on the dark web. Resecurity identified a data breach of one of the major platforms in Brazil connecting businesses and trainees called CIEE One – leading to the compromise of sensitive PII, including ID records, contact […]

Published: 2025-07-03T17:10:10



Security Affairs

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

Europol shuts down Archetyp Market, longest-running dark web drug site, the police arrested the admin in Spain, top vendors hit in Sweden. An international law enforcement operation led by German authorities has shut down Archetyp Market, the longest-running dark web drug marketplace, in a coordinated operation across six countries with support from Europol and Eurojust. […]

Published: 2025-07-03T09:53:28



Security Affairs

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

A data breach at Kelly Benefits has impacted 550,000 people, with the number of affected individuals growing as the investigation continues. Benefits and payroll solutions firm Kelly Benefits has confirmed that a recent data breach has affected 550,000 individuals. As the investigation continued, the scale of the impact expanded, revealing that more people were affected […]

Published: 2025-07-03T07:47:14



Security Affairs

Cisco removed the backdoor account from its Unified Communications Manager

Digital communications technology giant Cisco addressed a static SSH credentials vulnerability in its Unified Communications Manager (Unified CM). A flaw, tracked as CVE-2025-20309 (CVSS score of 10), in Cisco Unified Communications Manager and its Session Management Edition lets remote attackers log in using hardcoded root credentials set during development. Cisco Unified Communications Manager (CUCM) is a call […]

Published: 2025-07-02T19:13:05



Security Affairs

U.S. Sanctions Russia’s Aeza Group for aiding crooks with bulletproof hosting

U.S. Treasury sanctions Russia-based Aeza Group and affiliates for aiding cybercriminals via bulletproof hosting services. The U.S. Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Russia-based Aeza Group for aiding global cybercriminals via bulletproof hosting services. A bulletproof hosting service is a type of internet hosting provider that knowingly allows cybercriminals to host malicious content […]

Published: 2025-07-02T13:11:39








© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us