9/16/2025

A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users

Krebs: Self-Replicating Worm Hits 180+ Software Packages

Microsoft Seizes 340 Websites Linked to Growing Phishing Subscription Service

We Set Out to Craft the Perfect Phishing Scam. Major AI Chatbots Were Happy to Help.

OpenAI to Predict Ages in Bid to Stop ChatGPT From Discussing Self Harm With Kids

Want to Foil an AI Deepfake? Tell It to Draw a Smiley Face

How to Set Up and Use a Burner Phone

CrowdStrike to Buy AI Security Company Pangea

Israeli Cybersecurity Startup Vega Raises $65 Million, Valued at $400 Million

Cybersecurity Provider Netskope Boosts IPO Range as It Tests Tech Hot Streak
Jaguar Land Rover (JLR) Stuck in Neutral as Losses Skyrocket Amid Cyberattack Cleanup

Fifteen Ransomware Gangs, including Scattered Spider, ShinyHunters and Lapsus$, “Retire,” Future Unclear

New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site

UK: Tax Refund-Themed Phishing Slows in 2025

SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids

Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

BreachForums Hacking Forum Admin Resentenced to Three Years in Prison

TikTok’s Journey From Global Sensation to Trump Target

9/15/2025

Ukraine Claims Cyberattacks on Russian Election Systems; Moscow Confirms Disruptions

New Zealand Sanctions Russian Military Hackers Over Cyberattacks on Ukraine

Russia Tests Hypersonic Missile at NATO’s Doorstep—And Shares the Video

Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs

AI-Forged Military IDs Used in North Korean Phishing Attack

Google Confirms Hackers Gained Access to Law Enforcement Portal

France Threatens to Block Crypto Licence ‘Passporting’ in EU Regulatory Fight

U.S. National Charged in Finnish Psychotherapy Center Extortion

Europol Adds Spanish Academic Suspected of Aiding Pro-Russian Hackers to Most Wanted List
Gucci, Balenciaga and Alexander McQueen Private Data Ransomed by Hackers

Union County (NC) Town Government Hacked in Recent Cyber Attack

FinWise Insider Breach Impacts 689K American First Finance Customers

SEO Poisoning Targets Chinese Users with Fake Software Sites

Phishing Campaigns Drop RMM Tools for Remote Access

New Phoenix Attack Bypasses Rowhammer Defenses in DDR5 Memory

AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns

Microsoft: Exchange 2016 and 2019 Reach End of Support in 30 Days

Building Highly Resilient IT Infrastructure Throughout the Enterprise From the Start

9/12-14/2025

France Warns Apple Users of New Spyware Campaign

Philippine Military Company Spied Upon With New China-Linked Malware

Charlie Kirk Shooting Suspect Tyler Robinson Had ‘Leftist Ideology’ but Motive Unclear, Utah Gov. Says

‘Not Co-Operating’

Alleged Transgender Partner Is Cooperating and Not Believed to be Involved

Inside Our Investigation of Jeffrey Epstein’s Personal Yahoo Account

Data Destruction Done Wrong Could Cost Your Company Millions

Companies Are Competing for Employees With AI Skills. So Are Hackers.

Man Gets Over 4 Years in Prison for Selling Unreleased Movies

Hacker Convicted of Extorting 20,000 Psychotherapy Victims Walks Free During Appeal

DHS IG: CISA Mismanaged Multimillion-Dollar Employee Incentives Program
Vietnam Investigates Cyberattack on Creditors Data

Ransomware Attack Cancels School for Several Days at  Uvalde Consolidated Independent School District (TX)

Attackers Adopting Novel LOTL Techniques to Evade Detection

New VoidProxy Phishing Service Targets Microsoft 365, Google Accounts

‘WhiteCobra’ Floods VSCode Market with Crypto-Stealing Extensions

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks

CISA Official Calls on Lawmakers to Immediately Extend Cyber Info-Sharing Law

9/11/2025

Chinese APT Actor Compromises Military Firm with Novel Fileless Malware Toolset

How China’s Propaganda and Surveillance Systems Really Operate

Didi Global’s $740 Million IPO Settlement Likely Ready Next Month, Plaintiffs’ Lawyer Says

Krebs: Bulletproof Host Stark Industries Evades EU Sanctions

Four Years After Kaseya’s Nightmare Hack, a Cyber Turnaround Is Underway

Swiss Government Looks to Undercut Privacy Tech, Stoking Fears of Mass Surveillance

FTC Opens Inquiry Into How AI Chatbots Impact Child Safety, Privacy

Cyberattacks Against Schools Driven by a Rise in Student Hackers, ICO Warns

California Legislature Passes Bill Forcing Web Browsers to Let Consumers Automatically Opt Out of Data Sharing
France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks

Panama Ministry of Economy Discloses Breach Claimed by INC Ransomware

DDoS Defender Targeted in 1.5 Bpps Denial-of-Service Attack

Fileless Malware Deploys Advanced RAT AsyncRAT via Legitimate Tools

Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts

New VMScape Attack Breaks Guest-Host Isolation on AMD, Intel CPUs

SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers

CISA Launches Roadmap for the CVE Program

Apple Warns Customers Targeted in Recent Spyware Attacks

Microsoft Adds Malicious Link Warnings to Teams Private Chats

9/10/2025

China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations

Poland Downs Drones in Its Airspace, Becoming First NATO Member to Fire During War in Ukraine

U.S. Warns Hidden Radios May Be Embedded in Solar-Powered Highway Infrastructure

U.S. Investment in Spyware Is Skyrocketing

Apple Says the iPhone 17 Comes With a Massive Security Upgrade

U.S. Senator Wyden Pushes FTC to Investigate Microsoft for ‘Gross Cybersecurity Negligence’

Ransomware Payments Plummet in Education Amid Enhanced Resiliency

Chinese Companies and Bosses to Face Major Fines Over Cybersecurity Incidents

Nepal Lifts Social Media Ban After Deadly Youth Protests

Ukraine’s Ousted Cyber Chief Posts Bail in Corruption Case

Oracle, OpenAI Sign Massive $300 Billion Cloud Computing Deal
KillSec Ransomware Hits Brazilian Healthcare IT Vendor

Jaguar Land Rover Admits Hackers May Have Taken Data

Flu Jab Email Mishap Exposes Hundreds of Students’ Personal Data

Researchers Find Spyware on Phones Belonging to Kenyan Filmmakers

European Crypto Platform Swissborg to Reimburse Users After $41 Million Theft

Hackers Left Empty-Handed After Massive NPM Supply-Chain Attack

CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems

Cursor Autorun Flaw Lets Repositories Execute Code Without Consent

Krebs: Microsoft Patch Tuesday, September 2025 Edition

EoP Flaws Again Lead Microsoft Patch Tuesday

Microsoft Waives Fees for Windows Devs Publishing to Microsoft Store

Pixel 10 Fights AI Fakes With New Android Photo Verification Tech

9/9/2025

House Lawmakers to Make Official Visit to China for the First Time Since 2019

Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the World

New Cybersecurity Rules Land for Defense Department Contractors

Defense Dept Didn’t Protect Social Media Accounts, Left Stream Keys Out in Public

Cyber Command, NSA to Remain Under Single Leader as Officials Shelve Plan to End ‘Dual Hat’

New Cyber Director Cairncross Calls on Industry to Help Put ‘America First’ in Cyberspace

Krebs: 18 Popular Code Packages Hacked, Rigged to Steal Crypto

Claude’s New AI File Creation Feature Ships With Deep Security Risks Built In

A New Platform Offers Privacy Tools to Millions of Public Servants

Former WhatsApp Security Boss in Lawsuit Likens Meta’s Culture to a “Cult”

Mitsubishi Electric to Buy Nozomi Networks in $1 Billion Deal

U.S. Charges Admin of LockerGoga, MegaCortex, Nefilim Ransomware

Kosovo Hacker Pleads Guilty to Running BlackDB Cybercrime Marketplace
Plex Tells Users to Reset Passwords After New Data Breach

New York Blood Center Says Thousands Had Data Leaked in January Ransomware Attack

No Gains, Just Pains as 1.6m HelloGym Fitness Phone Call Recordings Exposed Online

Brazil Lesbian Dating App Sapphos Shuts Down After Security Flaw Exposes Sensitive User Data

Salty2FA Phishing Kit Unveils New Level of Sophistication

Threat Actor Accidentally Exposes AI-Powered Operations

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities

Adobe Patches Critical SessionReaper Flaw in Magento eCommerce Platform

SAP Fixes Maximum Severity NetWeaver Command Execution Flaw

Microsoft September 2025 Patch Tuesday Fixes 81 Flaws, Two Zero-Days

Windows 10 KB5065429 Update Includes 14 Changes and Fixes

Microsoft: Anti-Spam Bug Blocks Links in Exchange Online, Teams

9/8/2025

Salt Typhoon Used Dozens of Domains, Going Back Five Years. Did You Visit One?

Update: Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing Test

Remote Access Abuse Biggest Pre-Ransomware Indicator

Silicon Valley’s Graying Workforce: Gen Z Staff Cut in Half at Tech Companies as the Average Age Goes up by 5 Years

SoFi Launches New AI-Themed ETF as Skepticism Grows

Cyberattack on Jaguar Land Rover Threatens to Hit British Economic Growth

The U.S. Government Has No Idea How Many Cybersecurity Pros It Employs

Sports Streaming Piracy Service With 123M Yearly Visits Shut Down

U.S. Sanctions Companies Behind Cyber Scam Centers in Cambodia, Myanmar

Nepal Social Media Ban Sparks Protests, Dozens Injured
Qualys, Tenable Latest Victims of Salesloft Drift Hack

GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies

GhostAction Supply Chain Attack Compromises 3000+ Secrets

Wealthsimple Confirms Data Breach After Supply Chain Attack

Lovesac Confirms Data Breach After Ransomware Attack Claims

VC Giant Insight Partners Notifies Staff and Limited Partners After Data Breach

MostereRAT Targets Windows Users With Stealth Tactics

Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack

Surge in Networks Scans Targeting Cisco ASA Devices Raise Concerns

The Critical Failure in Vulnerability Management

Signal Adds Secure Cloud Backups to Save and Restore Chats

9/5-7/2025

Chinese Hackers Pretended to Be a Top U.S. Lawmaker During Trade Talks

U.S. Says It Is Restricting Visas of Some Central American Nationals Over China Ties

U.S. Is Increasingly Exposed to Chinese Election Threats, Lawmakers Say

Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign

Ukraine’s Cyber Chief on Russian Hackers’ Shifting Tactics, U.S. Cyber Aid

Krebs: GOP Cries Censorship Over Spam Filters That Work

Qantas Penalizes Executives for July Cyberattack

Roblox to Verify Ages of All Gamers Who Use Chat and Text Features

Embracing the Next Generation of Cybersecurity Talent

Why Threat Hunting Should Be Part of Every Security Program

CISA Orders Federal Agencies to Patch Sitecore Zero-Day Following Hacking Reports
School District Five of Lexington & Richland Counties (SC) Data Breach Affects 31,000 People

Navy Federal Credit Union Data Breach Exposes Backup Files on Credit Union Serving Military Members

Data Breach at American Credit Union Exposes Financial Data

‘SEO Fraud-As-A-Service’ Scheme Hijacks Windows Servers to Promote Gambling Websites

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

iCloud Calendar Abused to Send Phishing Emails from Apple’s Servers

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

9/4/2025

How North Korean Hackers Are Using Fake Job Offers to Steal Cryptocurrency

‘Unrestrained’ Chinese Cyberattackers May Have Stolen Data From Almost Every American

Czech Cyber Agency Warns Against Using Services and Products That Send Data to China

GhostRedirector Emerges as New China-Aligned Threat Actor

U.S. Says It Is Restricting Visas of Some Central American Nationals Over China Ties

U.S. and 14 Allies Release Joint Guidance on Software Bill of Materials

Britain Rules Out Backing for Global Defence Bank

Google Fined $379 Million by French Regulator for Cookie Consent Violations

Texas Sues PowerSchool Over Breach Exposing 62M Students, 880K Texans
Ukraine’s Cyber Chief on Russian Hackers’ Shifting Tactics, U.S. Cyber Aid

Blast Radius of Salesloft Drift Attacks Remains Uncertain

Chess.com Discloses Recent Data Breach via File Transfer App

Tire Giant Bridgestone Confirms Cyberattack Impacts Manufacturing

Delivery Giant OnTrac Data Breach Exposes 40,000 Personal Records

Attackers Snooping Around Sitecore, Dropping Malware via Public Sample Keys

CMS Provider Sitecore Patches Exploited Critical Zero Day

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited

Microsoft Says Recent Windows Updates Cause App Install Issues

European Court Rejects Challenge to EU-U.S. Data Transfer Agreement

9/3/2025

Russian APT28 Expands Arsenal with ‘NotDoor’ Outlook Backdoor

U.S. Offers $10 Million Bounty for Info on Russian FSB Hackers

Venezuela’s President Thinks American Spies Can’t Hack Huawei Phones

Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats

Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn

It Looks Like You’re Ransoming Data. Would You Like Some Help?

How Passkeys Work—And How to Use Them

Finland’s IQM Quantum Computers Raises $320 Million in New Funding Round

Israel’s Cato Networks Buys Aim Security, Raises Another $50 Million

More Personal Injury Lawyers Are Chasing Data-Breach Settlements

Police Disrupts Streameast, Largest Pirated Sports Streaming Network

U.S. Sues Robot Toy Maker Apitor Technology for Exposing Children’s Data to Chinese Devs
Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations

SaaS Giant Workiva Discloses Data Breach After Salesforce Attack

M&S Hackers ‘Scattered Lapsus$ Hunters’ Claim to Be Behind Jaguar Land Rover Cyber Attack

Matrix.org Homeserver Grinds to a Halt After Raid Meltdown

Hackers Breach Fintech Firm Sinqia S.A. in Attempted $130M Bank Heist

Threat Actors Abuse X’s Grok AI to Spread Malicious Links

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Major IPTV Piracy Network Uncovered Spanning 1100 Domains

Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure

Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack

With Less Than a Month to Go, House Panel Votes to Extend Popular Cyber Programs

Corruption Case Against Ousted Cyber Chief Is ‘Revenge,’ Ukraine’s Security Service Says

9/2/2025

Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE

Moscow Reportedly Hires Hackers Who Breached City’s School System

Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices

ICE Reinstates Contract with Spyware Vendor Paragon

Who Watches the Watchmen? Surveillanceware Firms Make Bank, Avoid Oversight

Disney Agrees to $10 Million Settlement for Collecting Data From Children

That Supposed ‘Gmail Hack’: Google Says It’s False, but Watch Out for Phishing Anyway

FBI, Cybersecurity Experts Warn of 3-Phase Scam That Is Draining Bank Accounts

AI Chatbot Users Beware – Hackers Are Now Hiding Malware in the Images Served up by LLMs
Krebs: The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft

Stolen OAuth Tokens Expose Palo Alto Customer Data

Cloudflare Hit by Data Breach in Salesloft Drift Supply Chain Attack

Cloudflare Blocks Largest Recorded DDoS Attack Peaking at 11.5 Tbps

Britain’s Jaguar Land Rover Hit by Cyber Incident That Disrupts Production, Sales

Pennsylvania AG Says Recovery Continues After Office Refused to Pay Ransomware Gang

Azure AD Credentials Exposed in Public App Settings File

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control

Hackers Are Sophisticated & Impatient — That Can Be Good

9/1/2025

Silver Fox APT Exploits Signed Drivers to Deploy ValleyRAT Backdoor

China Is About to Show Off Its New High-Tech Weapons to the World

North Korea’s Kim Inspects New Missile Production Line, KCNA Says

Google: Gmail’s Protections Are Strong and Effective, and Claims of a Major Gmail Security Warning Are False

Spanish Government Cancels €10M Contract Using Huawei Equipment

LegalPwn: Tricking LLMs by Burying Badness in Lawyerly Fine Print
Zscaler Data Breach Exposes Customer Info After Salesloft Drift Compromise

Ransomware Attack on Pennsylvania’s AG Office Disrupts Court Cases

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

High-Risk SQLi Flaw Exposes WordPress Memberships Plugin Users

DDoS Is the Neglected Cybercrime That’s Getting Bigger. Let’s Kill It Off

Proof-of-Concept in 15 Minutes? AI Turbocharges Exploitation

8/29-31/2025

Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage Campaign

North Korean APT37 Hackers Weaponize Seoul Intelligence Files to Target South Koreans

Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

State-Sponsored Hackers Behind Majority of Vulnerability Exploits

Akira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service Groups

Ransomware Gang Takedowns Causing Explosion of New, Smaller Groups

SSA Whistleblower’s Resignation Email Mysteriously Disappeared From Inboxes

A Troubled Man, His Chatbot and a Murder-Suicide in Old Greenwich

OpenAI is Testing “Thinking Effort” for ChatGPT

There’s Something Bizarre About When GPT-5 Writes in a Literary Style
Scammer Steals $1.5 Million From Baltimore by Spoofing City Vendor

TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies

Brokewell Android Malware Delivered Through Fake TradingView Ads

Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling

Npm Package Hijacked to Steal Data and Crypto via AI-Powered Malware

FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available

WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices

Researcher Who Found McDonald’s Free-Food Hack Turns Her Attention to Chinese Restaurant Robots

Microsoft to Enforce MFA for Azure Resource Management in October

Noem Fires Two Dozen FEMA Employees Over Alleged Cybersecurity Gaps

8/28/2025

Netherlands Confirms China’s Salt Typhoon Targeted Small Dutch Telcos

Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide

FBI Cyber Cop: Salt Typhoon Pwned ‘Nearly Every American’

Germany Charges Man Over Cyberattack on Rosneft Subsidiary

Lawmakers Press UnitedHealth on Hack Loan Repayments

Police Seize VerifTools Fake ID Marketplace Servers, Domains

Crypto Companies Freeze $47m in Romance Baiting Funds

Krebs: Affiliates Flock to ‘Soulless’ Scam Gambling Machine

Malware Devs Abuse Anthropic’s Claude AI to Build Ransomware

SentinelOne Raises Annual Revenue Forecast on Strong Cybersecurity Demand
TransUnion Suffers Data Breach Impacting Over 4.4 Million People

MATLAB Dev Says Ransomware Gang Stole Data of 10,000 People

Cyber-Attack on UK Contractor Affects Islanders

CISA Steps in to Help Nevada State Government Recover From Cyberattack

Google Warns Salesloft Breach Impacted Some Workspace Accounts

Fake IT Support Attacks Hit Microsoft Teams

Microsoft Warns of Ransomware Gang Shifting to Steal Cloud Data, Lock Companies Out of Systems

Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials

Malicious VS Code Extensions Exploit Name Reuse Loophole

Passwordstate Dev Urges Users to Patch Auth Bypass Vulnerability

8/27/2025

Global Salt Typhoon Hacking Campaigns Linked to Chinese Tech Firms

U.S. Sanctions Russian National and Chinese Company Over North Korean IT Worker Schemes

ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots

Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Finnish Police Wiretap Reveals Russian ‘Shadow Fleet’ Captain Instructed to Destroy Evidence

All NATO Members Hit Old Spending Target, Only Three Meet New Goal

This Is the Group That’s Been Swatting U.S. Universities

ChatGPT Hates LA Chargers Fans

‘Vibe-Hacking’ Is Now a Top AI Threat

We’re Upgrading Crowdstrike Despite a Post-earnings Stock Drop
IT System Supplier Miljödata Cyberattack Impacts 200 Municipalities in Sweden

Healthcare Services Group (HSGI) Data Breach Impacts 624,000 People

Greenville (TX) Restoring Services After Cyber Attack

Storm-0501 Exploits Entra ID to Exfiltrate and Delete Azure Data in Hybrid Cloud Attacks

New Phishing Campaign Abuses ConnectWise ScreenConnect to Take Over Devices

FreePBX Servers Hacked via Zero-Day, Emergency Fix Released

Over 28,000 Citrix Devices Vulnerable to New Exploited RCE Flaw

License-Plate Reader Company Flock Safety Pauses Work With Federal Agencies After Backlash

Spanish Police Arrest Student Suspected of Hacking School System to Change Grades

8/26/2025

Silk Typhoon Hackers Hijack Network Captive Portals in Diplomat Attacks

Governments, Tech Companies Meet in Tokyo to Share Tips on Fighting North Korea IT Worker Scheme

Surge in Coordinated Scans Targets Microsoft RDP Auth Servers

New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station

First AI-Powered Ransomware Spotted, but It’s Not Active – Yet

Krebs: DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

DOGE Accused of Duplicating Critical Social Security Database on Unsecured Cloud

Google to Verify All Android Devs to Block Malware on Google Play

Okta Raises Forecast as CEO Says Economic Conditions Were ‘Better Than We Thought’
Nevada State Offices Close After Wide-Ranging ‘Network Security Incident’

Nissan Confirms Design Studio Data Breach Claimed by Qilin Ransomware

Salesloft Breached to Steal OAuth Tokens for Salesforce Data-Theft Attacks

New Android Trojan Variant Hook Expands with Ransomware Tactics

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

8/25/2025

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

Transparent Tribe Targets Indian Gov’t With Weaponized Desktop Shortcuts via Phishing

The Mysterious Shortwave Radio Station Stoking U.S.-Russia Nuclear Fears

U.S. Senator Calls for Independent Review of Federal Judiciary Cybersecurity

Email Security for Attorneys and Law Firms (And Anyone Else)

Australian University Used Wi-Fi Location Data to Identify Student Protestors

AWS, Cloudflare, Digital Ocean, and Google Helped Feds Investigate Alleged Rapper Bot DDoS Perp

South Korea Arrests Suspected Chinese Hacker Accused of Targeting BTS Singer and Other Celebrities

Russia Weighs Google Meet Ban as Part of Foreign Tech Crackdown
Farmers Insurance Data Breach Impacts 1.1m People After Salesforce Attack

Maryland Transit Administration Investigating Cyberattack Impacting Transit Service for Disabled People

Auchan Retailer Data Breach Impacts Hundreds of Thousands of Customers

New AI Attack Hides Data-Theft Prompts in Downscaled Images

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Malicious Android Apps With 19M Installs Removed From Google Play

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Securing the Cloud in an Age of Escalating Cyber Threats

CISA Seeks Biden Era’s SBOM Minimum Requirements Guideline Change

8/22-24/2025

Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage

APT36 Hackers Abuse Linux .Desktop Files to Install Malware in New Attacks

My Ex Stalked Me, so I Joined a ‘Dating Safety’ App. Then My Address Was Leaked

Waymo Granted First Permit to Begin Testing Autonomous Vehicles in New York City

Coinbase CEO Says He’s Mandating In-Person Orientation to Combat North Korean Hackers Seeking Remote Jobs

Cybersecurity Firm Netskope Files to Go Public on the Nasdaq

Five Point-Backed WaterBridge Files for U.S. IPO as Listings Market Heats Up

FTC Warns Tech Giants Not to Bow to Foreign Pressure on Encryption

Interpol-Led African Cybercrime Crackdown Leads to 1209 Arrests

Chinese National Who Sabotaged Ohio Company’s Systems Handed Four-Year Jail Stint
Electronics Manufacturer Data I/O Reports Ransomware Attack to SEC

New Android Malware Poses as Antivirus From Russian Intelligence Agency

Fake Mac Fixes Trick Users Into Installing New Shamos Infostealer

Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

CISA Warns of Apple Zero-Day Used in Targeted Cyberattacks

Bug Bounties: The Good, the Bad, and the Frankly Ridiculous Ways to Do It

Apple Intelligence Is Picking Up More User Data Than Expected, Researcher Finds

Microsoft to Make All Products Quantum Safe by 2033

8/21/2025

Europe’s Ransomware Surge Is a Warning Shot for US Defenders

Europol Confirms $50,000 Qilin Ransomware Reward Is Fake

Krebs: SIM-Swapper, Scattered Spider Hacker, Florida Man Gets 10 Years

Developer Jailed for Taking Down Employer’s Network With Kill Switch Malware

Does Cybersecurity Awareness Training Deliver Any Value?
Ransomware Attack at Davita Impacted 2.7 Million People, U.S. Health Dept Website Shows

Colt Confirms Customer Data Stolen as Warlock Ransomware Auctions Files

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

8/20/2025

FBI Warns FSB-Linked Hackers Static Tundra Exploiting Unpatched Cisco Devices for Cyber Espionage

Russian Investment Platform Confirms Cyberattack by Pro-Ukraine Hackers

Australian Banking Regulator Warns Geopolitical Tensions Could Lead to More Cyber Attacks

Britain Targets Kyrgyz Crypto Networks Aiding Kremlin With Sanctions

Microsoft Scales Back Chinese Access to Cyber Early Warning System

Phone Searches at the U.S. Border Hit a Record High

New Zero-Day Startup Advanced Security Solutions Offers $20 Million for Tools That Can Hack Any Smartphone

Erasing Personal Data From the Devices You Discard Is a Booming Business

TRM Launches Industry-Wide Platform to Fight Crypto Crimes

AI Website Builder Lovable Increasingly Abused for Malicious Activity

Perplexity’s Comet AI Browser Tricked Into Buying Fake Items Online
Major Belgian Telecom Firm Orange Belgium Says Cyberattack Compromised Data on 850,000 Accounts

At Least Three UK Organizations Hit by SharePoint Zero-Day Hacking Campaign

Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell Exploit

Hackers Weaponize QR Codes in New ‘Quishing’ Attacks

Mule Operators in META Adopt Advanced Fraud Schemes

Hackers Steal Microsoft Logins Using Legitimate ADFS Redirects

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts

Commvault Releases Patches for Two Nasty Bug Chains After Exploits Proven

Apple Fixes New Zero-Day Flaw Exploited in Targeted Attacks

Amazon Quietly Fixed Q Developer Flaws That Made AI Agent Vulnerable to Prompt Injection, RCE

8/19/2025

Canadian Financial Regulator Hacked, Exposing Personal Data from Member Organizations

Attacker “Patches” Vulnerability Post Exploitation to Lock Out Competition

Elastic Rejects Claims of a Zero-Day RCE Flaw in Defend EDR

UK Drops Demand for Backdoor Into Apple Encryption

U.S. Spy Chief Gabbard Says UK Agreed to Drop ‘Backdoor’ Mandate for Apple

South Yorkshire Police Deletes 96,000 Pieces of Digital Evidence

493 Cases of Sextortion Against Children Linked to Notorious Scam Compounds

Krebs: Oregon Man Charged in ‘Rapper Bot’ DDoS Service

Okta Open-Sources Catalog of Autho Rules for Threat Detection

10 Major GitHub Risk Vectors Hidden in Plain Sight
Australian ISP iiNet Suffers Breach of 280,000+ Records

Pharma Firm Inotiv Says Ransomware Attack Impacted Operations

Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database

NY Business Council Discloses Data Breach Affecting 47,000 People

Massive Allianz Life Data Breach Impacts 1.1 Million People

New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code

Legitimate Chrome VPN Extension Turns to Browser Spyware

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Public Exploit Released for Critical SAP NetWeaver Flaw

8/18/2025

Pot Calls Kettle Black as China Dubs U.S. ‘Surveillance Empire’ Over Chip Tracking

XenoRAT Malware Campaign Hits Multiple Embassies in South Korea

How Evolving RATs Are Redefining Enterprise Security Threats

Cryptomining Group Kinsing Expands Operations to Russia, Researchers Warn

Boffins Say Tool Can Sniff 5G Traffic, Launch ‘Attacks’ Without Using Rogue Base Stations

AI Drives Rise in CEO Impersonator Scams

Thai Police Arrest SMS Blasting Scammers Allegedly Hired by Chinese Boss

Man Jailed for 20 Months After Compromising Millions of Accounts

Nebraska Man Gets 1 Year in Prison for $3.5m Cryptojacking Scheme

Microsoft’s Nuance Coughs up $8.5m to Rid Itself of MOVEit Breach Suit

Palo Alto’s Forecasts Signals AI Boost for Cybersecurity Tools

Mozilla Warns Germany Could Soon Declare Ad Blockers Illegal
HR Giant Workday Reveals CRM Breach

Likely Linked to ShinyHunters Salesforce Attacks

Casino Gaming Company Bragg Says Hackers Accessed ‘Internal Computer Environment’

Personal Info Leaked in Lexington-Richland 5 School District (SC) Data Breach

Blue Locker Ransomware Launches Targeted Attacks on the Oil and Gas Sector in Pakistan

Ransomware Gang Masking PipeMagic Backdoor as ChatGPT Desktop App: Microsoft

Popular npm Package Compromised in Phishing Attack

Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures

USB Malware Campaign Spreads Cryptominer Worldwide

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

Over 800 N-Able Servers Left Unpatched Against Critical Flaws

8/15-17/2025

Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools

Criminals, Good Guys and Foreign Spies: Hackers Everywhere Are Using AI Now

OpenAI Releases Warmer GPT-5 Personality, but Only for Non Thinking Model

Anthropic: Claude Can Now End Conversations to Prevent Harmful Uses

U.S. and Five Global Partners Release First Unified OT Security Taxonomy

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

Accenture to Buy Australian Cybersecurity Firm CyberCX for Reported $650 Mln

U.S. Seizes $2.8 Million in Crypto From Zeppelin Ransomware Operator
Colt Telecom Attack Claimed by WarLock Ransomware, Data up for Sale

Cyberattack on Dutch Prosecution Service Is Keeping Speed Cameras Offline

Krebs: Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme

Scammers Turn to ‘Ghost-Tapping’ Retail Fraud to Launder Funds

Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware

Researcher to Release Exploit for Full Auth Bypass on FortiWeb

Plex Warns Users to Patch Security Vulnerability Immediately

Cisco Discloses Critical RCE Flaw in Firewall Management Software

Microsoft Teams to Protect Against Malicious URLs, Dangerous File Types

8/14/2025

Pro-Russian Hackers Blamed for Water Dam Sabotage in Norway

Poland Foiled Cyberattack on Big City’s Water Supply, Deputy PM Says

Canada’s House of Commons Investigating Data Breach After Cyberattack

FBI Shares Tips to Spot Fake Lawyer Schemes Targeting Crypto Scam Victims

Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses

Hacked Law Enforcement and Government Email Accounts Sold on Dark Web for $40

Perplexity Makes Longshot $34.5 Billion Offer for Chrome

FCC’s Data Breach Reporting Rules for Telecoms Are Upheld in Appeals Court

Over $300 Million in Cybercrime Crypto Seized in Anti-Fraud Effort

U.S. Updates Sanctions on Russian Cryptocurrency Exchange Garantex

Russia Curbs WhatsApp, Telegram Calls to Counter Cybercrime

Cybersecurity Spending Slows & Security Teams Shrink
Tens of Thousands of Italian Hotel Guests May Be Hit by Cyber Heist

Michigan Medicine Sends Postcards Without Envelopes, Exposing Personal Data of 1,015

Hack at UnitedHealth’s Tech Unit Impacted 192.7 Million People, U.S. Health Dept Website Shows

BtcTurk Suspends Operations Amid Alleged $49M Hot Wallet Heist

Booking.com Phishing Campaign Uses Sneaky ‘ん’ Character to Trick You

PhantomCard: New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits

Crypto24 Ransomware Hits Large Orgs With Custom Edr Evasion Tool

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS

New HTTP/2 ‘MadeYouReset’ Vulnerability Enables Large-Scale DoS Attacks

CISA Warns of N-Able N-Central Flaws Exploited in Zero-Day Attacks

KernelSU v0.5.7 Flaw Lets Android Apps Gain Root Access

Google Gemini’s Deep Research Is Finally Coming to API

8/13/2025

Trump Shrugs off Suspected Russian Hack of U.S. Federal Courts: ‘Are You Surprised?’

UK Secretly Spent $3.2 Million to Stop Journalists From Reporting on Data Breach

UK Expands Police Facial Recognition Rollout With 10 New Vans Heading to a Town Near You

Deepfake AI Trading Scams Target Global Investors

Battered by Constant Hacks, Security Chiefs Turn to AI

Crooks Can’t Let Go: Active Attacks Target Office Vuln Patched 8 Years Ago

Estonians Behind $577 Million Cryptomining Fraud Sentenced to 16 Months

New York Lawsuit Against Zelle Creator Alleges Features Allowed $1 Billion in Thefts
How We Found TeaOnHer Spilling Users’ Driver’s Licenses in Less Than 10 Minutes

New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks

New Downgrade Attack Can Bypass FIDO Auth in Microsoft Entra ID

Alarm Raised Over ‘High-Severity’ Vulnerabilities in Matrix Messaging Protocol

Spike in Fortinet VPN Brute-Force Attacks Raises Zero-Day Concerns

Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws

Microsoft Removes PowerShell 2.0 from Windows 11, Windows Server

8/12/2025

New Charon Ransomware Targets Middle East Public Sector, Aviation Firms

Russia Is Suspected to Be Behind Breach of Federal Court Filing System

Russia Might Be Responsible for the PACER Hack

Curly COMrades Cyberspies Hit Gov’t Orgs With Custom Malware

MITRE: Russian APT28’s LameHug, a Pilot for Future AI Cyber-Attacks

GPT-5 Safeguards Bypassed Using Storytelling-Driven Jailbreak

Black Hat NOC Expands AI Implementation Across Security Operations

Will Secure AI Be the Hottest Career Path in Cybersecurity?

Cybercriminals Exploit Low-Cost Initial Access Broker Market

Blackwater’s Founder Would Like to Sell You a Privacy Phone Made in the USA

Data Brokers Are Hiding Their Opt-Out Pages From Google Search

U.S. Gov’t Seizes $1 Million in Crypto From BlackSuit Ransomware Gang

How to Stay a Step Ahead of a Non-Obvious Threat
Major Outage at Pennsylvania Attorney General’s Office Blamed on ‘Cyber Incident’

Hackers Raid Dutch Lab, Stealing Data on 500,000 Patients

Manpower Franchise Discloses Data Theft After RansomHub Posts Alleged Stolen Data

Second Ransomware Attack in Two Months Disrupts South Korean Ticketing Giant Yes24

Home Office Phishing Scam Targets UK Immigration Sponsors

Hackers Leak Allianz Life Data Stolen in Salesforce Attacks

Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses

Financial Services Could Be Next in Line for ShinyHunters

Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks

Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager

Over 3,000 NetScaler Devices Left Unpatched Against Citrixbleed 2 Bug

Krebs: Microsoft Patch Tuesday, August 2025 Edition

8/11/2025

Russia’s RomCom Among Those Exploiting a WinRAR 0-Day in Highly-Targeted Attacks

What Trump’s Nvidia and AMD China Deal Means for the World

Finland Charges Captain of Suspected Russian ‘Shadow Fleet’ Tanker for Subsea Cable Damage

REvil Actor Accuses Russia of Planning 2021 Kaseya Attack

North Korean Kimsuky Hackers Exposed in Alleged Data Breach

Wikimedia Foundation Loses First Court Battle to Swerve Online Safety Act Regulation

How Wikipedia Is Fighting AI Slop Content

UK Red Teamers “Deeply Skeptical” of AI

Inside the Multimillion-Dollar Gray Market for Video Game Cheats

Ghanaian Nationals Extradited for Roles in $100M Romance and Wire Fraud Ring
Connex Credit Union Breach Exposes 172,000 Members’ Data

New TETRA Radio Encryption Flaws Expose Law Enforcement Communications

Netherlands: Citrix Netscaler Flaw CVE-2025-6543 Exploited to Breach Orgs

Interlock Ransomware Gang Claims Attack on St. Paul City Government

How to Protect Yourself From Portable Point-of-Sale Scams

Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Over 29,000 Exchange Servers Unpatched Against High-Severity Flaw

What Does Palantir Actually Do?

MuddyWater’s DarkBit Ransomware Cracked for Free Data Recovery

8/8-10/2025

U.S. Federal Judiciary Tightens Security Following Escalated Cyber-Attacks

North Korean Cyber-Espionage Group ScarCruft Adds Ransomware in Recent Attack

Chinese Biz Using AI to Hit U.S. Politicians, Influencers With Propaganda

AI Agents Are Being Drafted Into the Cyber Defense Forces of Corporations

Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims

Cyber Companies Wary of Broader Economic Challenges

How Small Businesses Can Fight a Growing Wave of Cyber Crime

Krebs: KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series

DARPA Announces $4 Million Winner of AI Code Review Competition at DEF CON

Microsoft 365 Apps to Soon Block File Access via FPRPC by Default
Columbia University Data Breach Impacts Nearly 870,000 Individuals

Google Confirms Data Breach Exposed Potential Google Ads Customers’ Info

Royal and BlackSuit Ransomware Gangs Hit Over 450 U.S. Companies

Embargo Ransomware Gang Has Handled at Least $34 Million in About a Year

GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials

WinRAR Zero-Day Exploited to Plant Malware on Archive Extraction

New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks

Google Calendar Invites Let Researchers Hijack Gemini to Leak User Data

8/7/2025

U.S. Federal Court Filing System Hit in Sweeping Hack

Mysterious Crime Spree Targeted National Guard Equipment Stashes

Encryption Made for Police and Military Radios May Be Easily Cracked

A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT

Microsoft Accidentally Confirms GPT-5, GPT-5-Mini, GPT-5-Nano Ahead of Launch

ChatGPT’s GPT-5 Models Released: Everything You Need to Know

Massive IPTV Piracy Service With 28,000 Channels Taken Offline

Cryptomixer Samourai Wallet Founders Pled Guilty to Laundering Money for Cybercriminals

Germany’s Top Court Holds That Police Can Only Use Spyware to Investigate Serious Crimes

What CMMC 3.0 Really Means for Government Contractors

CISA Releases Malware Analysis for Sharepoint Server Attack

The Critical Flaw in CVE Scoring
KLM, Air France Latest Major Organizations Looted for Customer Data

Bouygues Telecom Confirms Data Breach Impacting 6.4 Million Customers

Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes

Fake WhatAapp Developer Libraries Hide Destructive Data-Wiping Code

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

New EDR Killer Tool Used by Eight Different Ransomware Groups

Wave of 150 Crypto-Draining Extensions Hits Firefox Add-on Store

6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits

SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

New Microsoft Exchange Vulnerability Puts Hybrid Cloud Environments at Risk

CISA Orders Fed Agencies to Patch New Exchange Flaw by Monday

8/6/2025

British Intelligence Warns Cyber Threat to Critical Infrastructure Is Increasing

Hackers Using Fake Summonses in Attacks on Ukraine’s Defense Sector

Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home

As AI Changes Internet Search, Reddit Lies in a Sweet Spot

Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools

Nuclear Experts Say Mixing AI and Nuclear Weapons Is Inevitable

Krebs: Who Got Arrested in the Raid on the XSS Crime Forum?

What to Know About Traveling to China for Business

WhatsApp Adds New Security Feature to Protect Against Scams

Why the Old Ways Are Still the Best for Most Cybercriminals

Tornado Cash Cofounder Dodges Money Laundering Conviction, Found Guilty of Lesser Charge

Microsoft Pays Record $17 Million in Bounties Over the Last 12 Months
Google Says the Group Behind Last Year’s Snowflake Attack Slurped Data From One of Its Salesforce Instances

A Rival Tea App for Men TeaOnHer Is Leaking Its Users’ Personal Data and Driver’s Licenses

Florida Hand Center Hit by Ransomware Attack

Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

Akira Ransomware Abuses CPU Tuning Tool to Disable Microsoft Defender

Ransomware Actors Expand Tactics Beyond Encryption and Exfiltration

New Ghost Calls Tactic Abuses Zoom and Microsoft Teams for C2 Operations

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

Attackers Are Targeting Critical Apex One Vulnerabilities, Trend Micro Warns

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

ReVault Flaws Let Hackers Bypass Windows Login on Dell Laptops

8/5/2025

Pro-Iran Hackers Aligned Cyber with Kinetic War Aims

Active Infrastructure for Candiru Spyware Linked to Hungary, Saudi Arabia

Vietnamese-Speaking Hackers Appear to Be Running Global Data Theft Operation Through Telegram

Taiwan’s TSMC Fires Engineers Over Suspected Theft of Semiconductor Secrets

France Extradites Nigerian National to U.S. Over $2.5 Million Hack Targeting Tax Businesses

Dutch Caribbean Islands Respond to Cyberattacks on Courts, Tax Departments

Study Finds Humans Not Completely Useless at Malware Detection

Cybersecurity Teams Hit by Lowest Budget Growth in Five Years

U.S. Companies Spending Record Amounts to Protect Executives as Threats Rise

Hacker Summer Camp: What to Expect From BSides, Black Hat, and DEF CON

Jeff Moss on DEF CON And Its Shadow Power

Microsoft Increases Zero Day Quest Prize Pool to $5 Million

Microsoft and Google Among Most Affected as Zero Day Exploits Jump 46%

Bipartisan Senate Duo Wants Answers From UnitedHealth Over Episource Data Breach
Pandora Confirms Data Breach Amid Ongoing Salesforce Data Theft Attacks

Some Georgia Electronic Food Benefits Accounts Locked After Cyberattack

PBS Confirms Data Breach After Employee Info Leaked on Discord Servers

Fort Smith Schools (AR) Employees’ Personal Information May Have Been Accessed During Cyber Attack

Hacked Columbia University Data Includes Bank Numbers, GPAs

Dialysis Company DaVita Says More Than 900,000 People Affected by April Ransomware Attack

Chinese Smishing Campaigns Compromise up to 115 Million US Payment Cards

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

SonicWall Urges Admins to Disable SSLVPN Amid Rising Attacks

Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval

Adobe Issues Emergency Fixes for AEM Forms Zero-Days After PoCs Released

Android Gets Patches for Qualcomm Flaws Exploited in Attacks

Security Flaw Found, Fixed That Could Have Left Millions of Dell Laptops Vulnerable, Researchers Say

Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

8/4/2025

Hacked Crimean Servers Reveal Information About Abducted Children, Ukraine Says

Ransomware Gangs Join Attacks Targeting Microsoft SharePoint Servers

Attackers Exploit Link-Wrapping Services to Steal Microsoft 365 Logins

Sean Cairncross Confirmed as National Cyber Director

Panel to Create Roadmap for Establishing U.S. Cyber Force

The Big Money and High Cost of the U.S. Military’s On-Base Slot Machines

Crypto ATMs Fueling Criminal Activity, Treasury Warns

German Phone Repair Biz Einhaus Group Collapses Following 2023 Ransomware Attack
Fashion Giant Chanel Hit in Wave of Salesforce Data Theft Attacks

CTM360 Spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop Users

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

Mozilla Flags Phishing Wave Aimed at Hijacking Trusted Firefox Add-Ons

Ghost in the Zip Reveals Expanding Ecosystem Behind PXA Stealer

New ‘Plague’ PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft

NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

Proton Fixes Authenticator Bug Leaking TOTP Secrets in Logs

8/1-3/2025

Russia’s Mobile Internet Shutdowns Hit Record High Amid Ukrainian Drone Attacks

Luxembourg Probes Reported Attack on Huawei Tech That Caused Nationwide Telecoms Outage

Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

China State Media Says Nvidia Must Provide ‘Security Proofs’ to Regain Trust

North Korea Sent Me Abroad to Be a Secret IT Worker. My Wages Funded the Regime

Not Just YouTube: Google Is Using AI to Guess Your Age Based on Your Activity – Everywhere

Silent Push CEO on Cybercrime Takedowns: ‘It’s an Ongoing Cat-And-Mouse Game’

CISA Roasts Unnamed Critical National Infrastructure Body for Shoddy Security Hygiene
Hackers Leak Purported Aeroflot Data as Russia Denies Breach

Pi-hole Discloses Data Breach Triggered by WordPress Plugin Flaw

AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown

Affiliates of Disrupted Ransomware Gangs Sought by Other Operations

Staggering 800% Rise in Infostealer Credential Theft

Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts

AI-Powered Cursor IDE Vulnerable to Prompt-Injection Attacks

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

Pwn2Own Hacking Contest Pays $1 Million for WhatsApp Exploit

Hackers Regularly Exploit Vulnerabilities Before Public Disclosure, Study Finds

Pentagon Snub Rattles Cybersecurity Conference Circuit

7/31/2025

Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies

The Kremlin’s Most Devious Hacking Group Turla Is Using Russian ISPs to Plant Spyware

Espionage Costing Australia $8 Billion Each Year, Warns Intelligence Chief

Nvidia Says Its Chips Have No ‘Backdoors’ After China Flags H20 Security Concerns

Spikes in Malicious Activity Precede New Security Flaws in 80% of Cases

Columbia University Fends Off Hackers by Going Back to Basics

Israeli Cyber Startup Noma Security Raises $100 Million to Keep AI Agents From Going Rogue

As Ransomware Gangs Threaten Physical Harm, ‘I Am Afraid of What’s Next,’ Ex-negotiator Says
N. Korean Hackers Used Job Lures, Cloud Account Access, and Malware to Steal Millions in Crypto

DoubleTrouble Android Malware Targets Banking Users Through Discord Channels

Microsoft Now Pays up to $40,000 for Some .Net Vulnerabilities

Microsoft to Disable Excel Workbook Links to Blocked File Types

Kali Linux Can Now Run in Apple Containers on macOS Systems

CISA Unveils Eviction Strategies Tool to Aid Incident Response

CISA Open-Sources Thorium Platform for Malware, Forensic Analysis

Biotech Contractor Illumina Settles for $9.8 Million With DOJ Over Alleged Cybersecurity Lapses

Cybercriminals ‘Spooked’ After Scattered Spider Arrests

7/30/2025

More Than 90 State, Local Governments Targeted Using Microsoft Sharepoint Vulnerability, Group Says

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

Cyberattack Shuts Down Hundreds of Russian Pharmacies, Disrupts Healthcare Services

Russia Blocks Popular U.S.-Made Internet Speed Test Tool Over National Security Concerns

Krebs: Scammers Unleash Flood of Slick Online Gaming Sites

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Warning Over Email Scam Using Fake Telecom Bills

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

Dropbox Is Shutting Down Its Password Manager

More Than 100 Flights Cancelled After UK Air Traffic Control Issue

The TSA Likes Facial Recognition at Airports. Passengers and Politicians, Not So Much
SafePay Ransomware Threatens to Leak 3.5tb of Ingram Micro Data

ShinyHunters Behind Salesforce Data Theft Attacks at Qantas, Allianz Life, and LVMH

Dollar Tree Denies Ransomware Claims, Says Stolen Data Is From Defunct Discount Chain

Hidden Backdoor Found in ATM Network via Raspberry Pi

Hackers Actively Exploit Critical RCE in WordPress Alone Theme

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

New Lenovo UEFI Firmware Updates Fix Secure Boot Bypass Flaws

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Third of Exploited Vulnerabilities Weaponized Within a Day of Disclosure

Google to Publicly Report New Vulnerabilities Within One Week of Vendor Disclosure

Schools Are Next for Flock Safety’s Automatic License Place Reader Cameras

7/29/2025

Minnesota Activates National Guard After St. Paul Cyberattack

Poland Says More Than 30 Suspects Face Trial Over Pro-Russian Sabotage

Wyden Asks White House to Scrutinize UK Surveillance Laws

Senator Presses Musk on Starlink ‘Misuse’ by Southeast Asian Scammers

Google Workspace Is Rolling Out a Security Update to Stop Token Stealing Attacks

Charity Birthlink Fined After Destroying “Irreplaceable” Records

FBI Seizes $2.4m in Crypto from Chaos Ransomware Gang

Palo Alto Networks Nears Over $20 Billion Deal for Cybersecurity Firm CyberArk
Sex Toy Maker Lovense Caught Leaking Users’ Email Addresses and Exposing Accounts to Takeovers

French Telco Orange Hit by Cyber-Attack

Scattered Spider Is Targeting Victims’ Snowflake Data Storage for Quick Exfiltration

Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain

Nimble ‘Gunra’ Ransomware Evolves With Linux Variant

Auto-Color Backdoor Malware Exploits SAP Vulnerability

Critical Authentication Flaw Identified in Base44 Vibe Coding Platform

7/28/2025

Flights Grounded as Russia’s Largest Airline Aeroflot Hacked and Systems ‘Destroyed’

‘Partisans’ Who Paralyzed Russian Airports Have Track Record of Disruptive Hacks

Naval Group Denies Hack Claims, Alleges “Reputational Attack”

Microsoft: macOS Sploitlight Flaw Leaks Apple Intelligence Data

The UK Is Slogging Through an Online Age-Gate Apocalypse

An Inside Look Into How a Coalition of State Legislators Plans to Take On Data Brokers

The Internet Archive Is Now a U.S. Federal Depository Library
Tea App Leak Worsens With Second Database Exposing User Chats

Endgame Gear Mouse Config Tool Infected Users With Malware

CISA Flags Papercut RCE Bug as Exploited in Attacks, Patch Now

Exploit Available for Critical Cisco ISE Bug Exploited in Attacks

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Flaw in Gemini CLI AI Coding Assistant Allowed Stealthy Code Execution

New York State Cyber Chief Calls Out Trump for Cybersecurity Cuts

7/25-27/2025

Patchwork Targets Turkish Defense Firms with Spear-Phishing Using Malicious LNK Files

Microsoft Probing if Chinese Hackers Learned Sharepoint Flaws Through Alert

Cyber Espionage Campaign ‘CargoTalon’ Hits Russian Aerospace Sector Using EAGLET Backdoor

‘Quishing’ Scams Dupe Millions of Americans as Cybercriminals Turn the QR Code Bad

Scattered Spider is Running a VMware ESXi Hacking Spree

Amazon AI Coding Agent Hacked to Inject Data Wiping Commands

SpaceX Probes for Cause of Starlink’s Global Satellite Network Outage

U.S. Sanctions North Korean Firm, Nationals Behind IT Worker Schemes
Allianz Life Confirms Data Breach Impacts Majority of 1.4 Million Customers

Women’s Dating App Tea Reports 72,000 Images Stolen in Security Breach

Parents Concerned After Personal Information of Hundreds of Dearborn Heights (MI) Children Exposed Online

NASCAR Confirms Data Breach After March Cyberattack

Email Scam Demanding Money Targets Hull University

New Chaos Ransomware Emerges, Launches Wave of Attacks

Post SMTP Plugin Flaw Exposes 200K WordPress Sites to Hijacking Attacks

Security Awareness: Why Security Nudges Majorly Took Off

7/24/2025

China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community

Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments

Satya Nadella Seeks to Reassure Microsoft Employees in Layoffs Memo

Microsoft Put Older Versions of Sharepoint on Life Support. Hackers Are Taking Advantage

DHS and HHS Among Federal Agencies Hacked in Microsoft Sharepoint Breach

Microsoft Says Some SharePoint Server Hackers Now Using Ransomware

U.S. Lawmaker Presses for Details of Pentagon Use of Chinese Engineers Under Microsoft Deal

Temu Lawsuits Pit States Against a Digital Superpower

UK and Romania Crack Down on ATM Fraudster Network

BlackSuit Ransomware Leak Sites Seized in Operation Checkmate

FBI Exposes The Com’s Criminal Activities and Involvement of Minors

U.S. Woman Gets 8-Year Sentence for Stealing Identities to Give North Koreans Jobs
A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User—Including Diplomats

Krebs: Phishers Target Aviation Execs to Scam Customers

SarangTrap: Malware Campaign Masquerades as Dating Apps to Steal Data

New Koske Linux Malware Hides in Cute Panda Images

Hacker Sneaks Infostealer Malware Into Early Access Steam Game

Soco404: Active Campaign Exploits Cloud Flaws for Cryptomining

CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing

Hackers Breach Toptal Github Account, Publish Malicious npm Packages

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems

Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices

Why ISO 42001 Matters for AI Governance at Scale

7/23/2025

U.S. Nuclear Weapons Agency Reportedly Breached in Microsoft Sharepoint Attacks

CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks

Microsoft SharePoint Victim Count Hits 400+ Orgs in Ongoing Attacks

Nothing to See Here: Brave Browser Blocks Privacy-Busting Microsoft Recall

Proton Is Launching a Privacy-Focused AI Chatbot

ChatGPT Is Rolling Out ‘Personality’ Toggles to Become Your Assistant

After $380M Hack, Clorox Sues Its “Service Desk” Vendor for Simply Giving Out Passwords

Suspected XSS Forum Admin Arrested in Ukraine

5 Nevada Men Sentenced to Prison for Running Jetflicks Pirated Content Site

Russia Turns to Kyrgyzstan’s Booming Crypto Sector to Evade Sanctions, Researchers Say
France: New Data Breach Could Affect 340,000 Jobseekers

Radiology Associates of Richmond Data Breach Affects 1.4 Million Patients

Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware

CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF

NPM Package ‘Is’ With 2.8m Weekly Downloads Infected Devs With Malware

NPM ‘Accidentally’ Removes Stylus Package, Breaks Builds and Pipelines

VMware Prevents Some Perpetual License Holders From Downloading Patches

New York Unveils New Cyber Regulations, $2.5 Million Grant Program for Water Systems

IRL Com Recruits Teens for Real-Life Stabbings, Shootings, FBI Warns

7/22/2025

Microsoft Says Chinese Hacking Groups Are Behind Sharepoint Attacks

Linen Typhoon, Violet Typhoon & Storm-2603

Microsoft Knew of SharePoint Security Flaw but Failed to Effectively Patch It, Timeline Shows

Russian Threat Actors Target NGOs with New OAuth Phishing Tactics

YouTube Wipes Out Thousands of Propaganda Channels Linked to China, Russia, Others

Russian-Speaking Hacker Group Disrupted by Local Researchers

Silicon Valley Engineer Admits Theft of U.S. Missile Tech Secrets

UK Confirms Ransomware Payment Ban for Public Sector and CNI

UK Government Wants Ransomware Victims to Report Breaches So It Can Carry Out ‘Targeted Disruptions’ Against Hackers

Australian Regulator Alleges Financial Firm Exposed Clients to Unacceptable Cyber Risks

Citizen Will Share Crime Videos With the NYPD

AI’s High Cost Pushes Smaller Cybersecurity Companies to Sell
Major European Healthcare Network AMEOS Group Discloses Security Breach

158-Year-Old Company Knights of Old Forced to Close After Ransomware Attack Precipitated by a Single Guessed Password — 700 Jobs Lost After Hackers Demand Unpayable Sum

Widespread Net RFQ Scam Targets High-Value Goods

Credential Theft and Remote Access Surge as AllaKore, PureRAT, and Hijack Loader Proliferate

CISA and FBI Warn of Escalating Interlock Ransomware Attacks

Lumma Infostealer Malware Returns After Law Enforcement Disruption

Coyote Malware Abuses Windows Accessibility Framework for Data Theft

Arch Linux Users Told to Purge Firefox Forks After AUR Malware Scare

Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access

Critical Infrastructure Security Is a Critical Concern

Humans Can Be Tracked With Unique ‘Fingerprint’ Based on How Their Bodies Block Wi-Fi Signals

7/21/2025

China Denies Link to Espionage Group Accused of Attacking Singapore Critical Infrastructure

China-Linked APT41 Hackers Launch Targeted Espionage Campaign on African IT Infrastructure

Iranian Hackers Deploy New Android Spyware Version

This ‘Violently Racist’ Hacker Claims to Be the Source of the New York Times’ Mamdani Scoop

Malicious Implants Are Coming to AI Components, Applications

Poland Investigates Sabotage After Air Traffic Control Disruption Delayed Flights

Alaska Airlines Lifts Ground Stop Caused by Software Outage

UK Wants to Weasel Out of Demand for Apple Encryption Back Door

Ring Reintroduces Video Sharing With Police

Intel Announces End of Clear Linux OS Project, Archives GitHub Repos
Krebs: Microsoft Fix Targets Attacks on SharePoint Zero-Day

Microsoft Server Hack Hit About 100 Organizations, Researchers Say

Dell Confirms Breach of Test Lab Platform by World Leaks Extortion Group

Ring Denies Breach After Users Report Suspicious Logins

Dior Begins Sending Data Breach Notifications to U.S. Customers

Indian Crypto Exchange CoinDCX Says $44 Million Stolen from Reserves

ExpressVPN Bug Leaked User IPs in Remote Desktop Sessions

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

Accounting Firm Targeted by Malware Campaign Using New Crypter Ghost Crypt

Fake Receipt Generators Fuel Rise in Online Fraud

7/18-20/2025

Singapore Says Cyber Espionage Group UNC3886 Targeting Critical Infrastructure

Microsoft to Stop Using Engineers in China for Tech Support of U.S. Military, Hegseth Orders Review

How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns

Russia APT28 Linked to New Malware ‘Authentic Antics’ Targeting Email Accounts for Espionage

Krebs: Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Ex-IDF Cyber Chief on Iran, Scattered Spider, and Why Social Engineering Worries Him More Than 0-Days

New Phobos and 8Base Ransomware Decryptor Recover Files for Free

Retail Becomes New Target as Healthcare Ransomware Attacks Slow

At Least 750 U.S. Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds

Securing the Budget: Demonstrating Cybersecurity’s Return
Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack

AI-Generated Lcryx Ransomware Discovered in Cryptomining Botnet

Arch Linux Pulls AUR Packages that Installed Chaos RAT Malware

Threat Actors Downgrade FIDO2 MFA Auth in PoisonSeed Phishing Attack

EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware

HPE Warns of Hardcoded Passwords in Aruba Access Points

Hackers Scanning for TeleMessage Signal Clone Flaw Exposing Passwords

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers

Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers

CISA Issues Advisories on Critical ICS Vulnerabilities Across Multiple Sectors

Citrix Bleed 2 Exploited Weeks Before PoCs as Citrix Denied Attacks

7/17/2025

Personal Details of UK Special Forces and Spies Were Included in Afghan Data Breach

Lawmakers Call On DNI to Review Intel Sharing With Spain Over Huawei Revelations

AI Cloaking Tools Enable Harder-to-Detect Cyber-Attacks

Microsoft Exposes Scattered Spider’s Latest Tactics

One in 12 US/UK Employees Uses Chinese GenAI Tools

Crypto Crime in 2025 Is Topping Last Year’s Totals Already

Quantum Code Breaking? You’d Get Further With an 8-Bit Computer, an Abacus, and a Dog

Google Sues to Disrupt BadBox 2.0 Botnet Infecting 10 Million Devices

Armenian, Ukrainian Nationals Among Ryuk Ransomware Actors Facing U.S. Hacking Charges

UK NCA Officer Jailed for Stealing Bitcoin From Darknet Criminal He Previously Helped Investigate

Meta Investors, Zuckerberg Settle $8 Billion Privacy Lawsuit Tied to Cambridge Analytica Scandal

Elite Russian University Launches Degree Program on Sanctions Evasion
Thai Officials Restore Ministry of Labor Website After Hack, Defacement

Co-op Confirms Data of 6.5 Million Members Stolen in Cyberattack

Hacker Steals $27 Million in BigONE Exchange Crypto Breach

Russian Vodka Producer Reports Disruptions After Ransomware Attack

Mower County (MN) Still Working to Restore Systems After Cyber Attack

Malware-as-a-Service Campaign Exploits GitHub to Deliver Payloads

Hackers Are Finding New Ways to Hide Malware in DNS Records

LameHug Malware Uses AI LLM to Craft Windows Data-Theft Commands in Real-Time

Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner

Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code

VMware Fixes Four ESXi Zero-Day Bugs Exploited at Pwn2Own Berlin

Why Cybersecurity Still Matters for America’s Schools

7/16/2025

Ukrainian Hackers Claim to Have Destroyed Major Russian Drone Maker’s Entire Network

What We Know So Far About Afghan Data Breach

China-Linked Hackers Target Taiwan’s Chip Industry With Increasing Attacks, Researchers Say

Senate Panel Passes Intelligence Authorization Act That Takes Aim At Telecom Hacks

Chinese Authorities Are Using a New Tool to Hack Seized Phones and Extract Data

Dark Web Travel Agencies Take Flight

Cloudflare Says 1.1.1.1 Outage Not Caused by Attack or BGP Hijack

Pro-Russian Cybercrime Network NoName057(16) Demolished in Operation Eastwood

Co-op Aims to Divert More Young Hackers into Cyber Careers
Adoption Agency Data Exposure Revealed Information About Children and Parents

Louis Vuitton Says Regional Data Breaches Tied to Same Cyberattack

DragonForce Claims Belk Data Breach from May, Says Belk Refuse to Pay Up

SquidLoader Malware Campaign Targets Hong Kong Financial Sector

Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms

New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code

New Fortinet FortiWeb Hacks Likely Linked to Public RCE Exploits

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild

7/15/2025

U.S. National Guard Unit Was ‘Extensively’ Hacked by Salt Typhoon in 2024, Memo Says

NSA: Volt Typhoon Was ‘Not Successful’ at Persisting in Critical Infrastructure

State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments

North Korean Actors Expand Contagious Interview Campaign with New Malware Loader XORIndex

Krebs: DOGE Denizen Marko Elez Leaked API Key for xAI

MITRE Launches New Framework to Tackle Crypto Risks

ICEBlock Isn’t ‘Completely Anonymous’

Ex-U.S. Soldier Who Googled ‘Can Hacking Be Treason’ Pleads Guilty to Extortion

Police Disrupt “Diskstation” Ransomware Gang Attacking NAS Devices
Louis Vuitton Says Customers in Turkey, South Korea and UK Impacted by Data Breaches

Albemarle County (VA) IDs INC Ransom Group Behind Ransomware Attack

Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects

AsyncRAT’s Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe

Android Malware Konfety Uses Malformed APKs to Evade Detection

Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors

Google Says ‘Big Sleep’ AI Tool Found Bug Hackers Planned to Use

Curl Creator Mulls Nixing Bug Bounty Awards to Stop AI Slop

Abacus Dark Web Market Shutters After Exit Scam, Say Experts

7/14/2025

Russia-Linked Group Storm-1516 Spoofing European Journalists to Spread Disinformation

Elmo’s Hacked X Account Posted Racist Messages. Sesame Workshop Is Trying to Regain Control

Grok-4 Jailbroken Two Days After Release Using Combined Attack

AI ‘Nudify’ Websites Are Raking in Millions of Dollars

CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center

Romanian Police Arrest 13 Scammers Targeting UK’s Tax Authority

Piracy Sites for Nintendo Switch, PS4 Games Taken Down by FBI

Federal IT Contractor Hill Associates to Pay $14.75 Fine Over ‘Cyber Fraud’ Allegations
Gardendale (AL) Purportedly Compromised by INC Ransom Group

Malicious VSCode Extension in Cursor IDE Led to $500K Crypto Theft

Interlock Ransomware Unleashes New RAT in Widespread Campaign

Gigabyte Motherboards Vulnerable to UEFI Malware Bypassing Secure Boot

IoT Devices at Risk Due to eSIM Flaw in Kigen eUICC Cards

Exploited Wing File Transfer Bug Risks ‘Total Server Compromise,’ CISA Warns

UK Launches Vulnerability Research Program for External Experts

The Dark Side of Global Power Shifts & Demographic Decline

7/11-13/2025

MPs Warn of “Significant” Iranian Cyber-Threat to UK

Spain Awards Huawei Contracts to Manage Intelligence Agency Wiretaps

Former Mexican President Investigated Over Allegedly Taking Bribes From Spyware Industry

Mounting Ransomware Gang Prevalence Met With Decline in Victimization

Trump Blocks Acquisition of Equipment Supplier Jupiter Systems by Hong Kong Firm

TikTok Loses Bid to Dismiss Lawsuit Alleging Its ‘Addictive Design’ Exploits Kids

Over Half of “Finfluencer” Victims Have Lost Money, Says TSB

Google Gemini Flaw Hijacks Email Summaries for Phishing

Airline Executive Agrees to Dismiss Litigation Around Alleged Hack-For-Hire Scheme

British Man Sentenced for Network Rail Wi-Fi Hack

Indonesia Extradites Russian Accused of Selling Personal Data on Telegram

ISACA Addresses Experience Gap with CISA Associate Designation
Louis Vuitton Says UK Customer Data Stolen in Cyber-Attack

Hacker Returns Cryptocurrency Stolen From GMX Exchange After $5 Million Bounty Payment

GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs

WordPress Gravity Forms Developer Hacked to Push Backdoored Plugins

Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub

Hackers Are Exploiting Critical RCE Flaw in Wing FTP Server

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Windows 11 Now Uses JScript9Legacy Engine for improved Security

Factoring Cybersecurity Into Finance’s Digital Strategy

7/10/2025

Security Through Quality: Navigating the Latest Cybersecurity Executive Order

Hackers Target Eldercare Homes

New AI Malware PoC Reliably Evades Microsoft Defender

LLMs Fall Short in Vulnerability Discovery and Exploitation

Krebs: UK Arrests Four in ‘Scattered Spider’ Ransom Group

Russian Pro Basketball Player Arrested in France for Alleged Role in Ransomware Attacks

Ex-ASML Engineer Who Stole Chip Tech for Russia Gets Three Years in Dutch Prison

Lovestruck U.S. Air Force Worker Admits Leaking Secrets on Dating App

Windows 11 Now Uses JScript9Legacy Engine for Improved Security
Nippon Steel IT Subsidiary Hit by “Zero-Day Attack,” Causing Data Breach

Albemarle County (VA) Warns of Cybersecurity Breach

Florida Lung, Asthma and Sleep Specialists Warn Patients of Data Breach After Russian Group Claims Responsibility

Microsoft Outlook Hit With Hours-Long Outage

Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord

New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App

Critical MCP-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

PerfektBlue Bluetooth Flaws Impact Mercedes, Volkswagen, Skoda Cars

7/9/2025

French Intel Chief Warns of Evolving Russian Hybrid Operations, ‘Existential Threat’ to Europe

Rubio Impersonator Signals Growing Security Threat From Deepfakes

DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware

Fake CNN and BBC Sites Used to Push Investment Scams

After Setback, Tech Firms Renew Push for Federal AI Regulation

Israel’s Cyberstarts Launches $300 Million Fund to Help Startups Retain Talent

Microsoft Authenticator on iOS Moves Backups Fully to iCloud

Samsung Announces Major Security Enhancements Coming to One UI 8

Google Reveals Details on Android’s Advanced Protection for Chrome

German Court Rules Meta Tracking Technology Violates European Privacy Laws

Treasury Sanctions North Korean Over IT Worker Malware Scheme

Know Your Enemy: Understanding Dark Market Dynamics
McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Using the Password ‘123456’

Ransomware Attack Stops Nova Scotia Power Meter Readings

M&S Confirms Social Engineering Led to Massive Ransomware Attack

Qantas Confirms Data Breach Impacts 5.7 Million Customers

Bitcoin Depot Breach Exposes Data of Nearly 27,000 Crypto Users

More Than $40 Million Stolen From GMX Crypto Platform

Ingram Micro Starts Restoring Systems After Ransomware Attack

New Android TapTrap Attack Fools Users With Invisible UI Trick

Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

New ServiceNow Flaw Lets Attackers Enumerate Restricted Data

Ruckus Networks Leaves Severe Flaws Unpatched in Management Devices

AMD Warns of New Meltdown, Spectre-Like Bugs Affecting CPUs

Krebs: Microsoft Patch Tuesday, July 2025 Edition