Trending Articles

article thumbnail

Paragon Spyware used to Spy on European Journalists

Schneier on Security

Paragon is a Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of their product. Citizen Lab caught them spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware.

Spyware 273
article thumbnail

Guardrails Breached: The New Reality of GenAI-Driven Attacks

Lohrman on Security

From vibe hacking to malware development to deepfakes, bad actors are discovering more vulnerabilities to attack generative AI tools while also using AI to launch cyber attacks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Patch Tuesday, June 2025 Edition

Krebs on Security

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public. The sole zero-day flaw this month is CVE-2025-33053 , a remote code execution flaw in the Windows implementation of WebDAV — an HTTP extension that lets users remotely manage files and direct

Software 196
article thumbnail

INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure

The Hacker News

INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants. The joint action, codenamed Operation Secure, took place between January and April 2025, and involved law enforcement agencies from 26 countries to identify servers, map physical networks, and execute targeted takedowns.

Malware 136
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

RSAC Fireside Chat: Operationalizing diverse security to assure customers, partners–and insurers

The Last Watchdog

Catastrophic outages don’t just crash systems — they expose assumptions. Related: Getting the most from cyber insurance At RSAC 2025, I met with ESET Chief Security Evangelist Tony Anscombe to trace a quiet but growing convergence: endpoint defense, cyber insurance, and monoculture risk are no longer separate concerns. They’re overlapping — and reshaping how security programs are evaluated.

Insurance 147
article thumbnail

'No Kings’ Protests, Citizen-Run ICE Trackers Trigger Intelligence Warnings

WIRED Threat Level

Army intelligence analysts are monitoring civilian-made ICE tracking tools, treating them as potential threats, as immigration protests spread nationwide.

144
144

LifeWorks

More Trending

article thumbnail

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

The Hacker News

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.

Spyware 137
article thumbnail

Publish your threat model!

Adam Shostack

We think you should publish your threat model, and we’re publishing our arguments. At ThreatModCon, I gave a talk titled “Publish Your Threat Model!” In it, I discussed work that Loren Kohnfelder and I have been doing to explore the idea, and today I want to share the slides and an essay form of the idea. We invite comments on the essay form, which is the most fleshed out.

Risk 130
article thumbnail

Output-driven SIEM — 13 years later

Anton on Security

Output-driven SIEM — 13 years later Output-driven SIEM! Apart from EDR and SOC visibility triad , this is probably my most known “invention” even though I was very clear that I stole this from the Vigilant crew back in 2011. Anyhow, I asked this question on X the other day: So, what year is this? Let me see … 2025! Anyhow, get a time machine, we are flying to 2012…. whooosh…. … we landed … no dinosaurs in sight so we didn’t screw the time settings.

130
130
article thumbnail

CBP's Predator Drone Flights Over LA Are a Dangerous Escalation

WIRED Threat Level

Customs and Border Protection flying powerful Predator B drones over Los Angeles further breaks the seal on federal involvement in civilian matters typically handled by state or local authorities.

141
141
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Palo Alto Networks fixed multiple privilege escalation flaws

Security Affairs

Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions. Palo Alto Networks fixed seven privilege escalation vulnerabilities and integrated the latest Chrome security patches into its products. Palo Alto applied 11 Chrome fixes and patched CVE-2025-4233, a cache vulnerability impacting the Prisma Access Browser.

article thumbnail

Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

The Hacker News

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.

article thumbnail

The Essence and Beauty of Threat Modeling

Adam Shostack

But what about the essence and beauty? Recently, friends at IriusRisk told me about someone who was really focused on the “beauty and essence of threat modeling” when done by smart people at a whiteboard. That person was skeptical about automation, because it threatens that beauty. And the first thing I want to say is: my friend, I feel you. When a threat modeling session really comes together, there’s a magic to the chance to connect, teach, learn, and influence.

article thumbnail

Toxic trend: Another malware threat targets DeepSeek

SecureList

Introduction DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. We previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and general browsing.

Malware 105
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

How to Protest Safely in the Age of Surveillance

WIRED Threat Level

Law enforcement has more tools than ever to track your movements and access your communications. Here’s how to protect your privacy if you plan to protest.

article thumbnail

Airlines Secretly Selling Passenger Data to the Government

Schneier on Security

This is news : A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media.

article thumbnail

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

The Hacker News

A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3).

article thumbnail

Unusual toolset used in recent Fog Ransomware attack

Security Affairs

Fog ransomware operators used in a May 2025 attack unusual pentesting and monitoring tools, Symantec researchers warn. In May 2025, attackers hit an Asian financial firm with Fog ransomware , using rare tools like Syteca monitoring software and pentesting tools GC2, Adaptix, and Stowaway. Symantec researchers pointed out that the use of these tools is unusual for ransomware campaigns.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Insyde UEFI Flaw (CVE-2025-4275): Secure Boot Bypass Allows Rootkits & Undetectable Malware

Penetration Testing

A Insyde H2O UEFI flaw (CVE-2025-4275) allows Secure Boot bypass via NVRAM, enabling attackers to inject undetectable malware and rootkits. Update firmware now!

Firmware 116
article thumbnail

How Cisco plans to stop rogue AI agent attacks inside your network

Zero Day

As AI agents grow more powerful and unpredictable, Cisco unveils tools to lock down networks, track agent behavior, and prevent chaos before it spreads through your infrastructure.

99
article thumbnail

News alert: Arsen launches AI-powered vishing simulation to help combat voice phishing at scale

The Last Watchdog

Paris, Jun. 3, 2025, CyberNewswire– Arsen , the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one of the fastest-growing attack vectors: voice phishing (vishing). This new module uses AI-generated voices and adaptive dialogue systems to simulate live phone-based social engineering attacks — such as those impersonating IT suppo

Phishing 100
article thumbnail

Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild

The Hacker News

Microsoft has released patches to fix 67 security flaws, including one zero-day bug in Web Distributed Authoring and Versioning (WEBDAV) that it said has come under active exploitation in the wild. Of the 67 vulnerabilities, 11 are rated Critical and 56 are rated Important in severity.

114
114
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Kali Linux 2025.2 Release (Kali Menu Refresh, BloodHound CE & CARsenal)

Kali Linux

We’re almost half way through 2025 already, and we’ve got a lot to share with you in this release, Kali 2025.2. The summary of the changelog since the 2025.1 release from March is: Desktop Updates - Kali-Menu refresh, GNOME 48 & KDE 6.3 updates BloodHound Community Edition - Major upgrade with full set of ingestors Kali NetHunter Smartwatch Wi-Fi Injection - TicWatch Pro 3 now able to de-authenticate and capture WPA2 handshakes Kali NetHunter CARsenal - Car hacking tool set!

VPN 103
article thumbnail

Critical RCE Flaw (CVSS 9.8) in QNX SDP Exposes Automotive & IoT Systems to Attack!

Penetration Testing

A critical RCE flaw in QNX SDP's PCX image codec exposes systems to DoS or code execution. Patch immediately if using affected versions.

IoT 104
article thumbnail

Whole Foods Supplier United Natural Foods Hit in Cyber Attack

SecureWorld News

United Natural Foods Inc. (UNFI), the largest publicly traded wholesale distributor in the United States, is the latest victim in a string of cyberattacks targeting the supply chain. The company disclosed a cybersecurity incident earlier this week that temporarily disrupted parts of its operations and sent its stock tumbling more than 9%. UNFI supplies a vast ecosystem of retailers, including Whole Foods Market, which relies heavily on its distribution network.

article thumbnail

SHARED INTEL Q&A: A sharper lens on rising API logic abuse — and a framework to fight back

The Last Watchdog

In today’s digital enterprise, API-driven infrastructure is the connective tissue holding everything together. Related: The DocuSign API-abuse hack From mobile apps to backend workflows, APIs are what keep digital services talking—and scaling. But this essential layer of connectivity is also where attackers are gaining traction, often quietly and with alarming precision.

CISO 100
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

The Hacker News

Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts.

article thumbnail

Mirai botnets exploit Wazuh RCE, Akamai warned

Security Affairs

Mirai botnets are exploiting CVE-2025-24016, a critical remote code execution flaw in Wazuh servers, Akamai warned. Akamai researchers warn that multiple Mirai botnets exploit the critical remote code execution vulnerability CVE-2025-24016 (CVSS score of 9.9) affecting Wazuh servers. Wazuh is an open-source security platform used for threat detection, intrusion detection, log data analysis, and compliance monitoring.

article thumbnail

Urgent Siemens Energy Alert: Critical Flaw (CVSS 9.9) in Private 5G Core Exposes Sensitive Data!

Penetration Testing

Siemens Energy warns of a critical 9.9 CVSS flaw in its G5DFR component, allowing remote control via default credentials. Change passwords immediately!

Passwords 111
article thumbnail

Guardrails Breached: The New Reality of GenAI-Driven Attacks

Security Boulevard

From vibe hacking to malware development to deepfakes, bad actors are discovering more vulnerabilities to attack generative AI tools while also using AI to launch cyber attacks. The post Guardrails Breached: The New Reality of GenAI-Driven Attacks appeared first on Security Boulevard.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.