Schneier on Security

JUNE 25, 2025

Simon Willison talks about ChatGPT’s new memory dossier feature. In his explanation, he illustrates how much the LLM—and the company—knows about its users. It’s a big quote, but I want you to read it all. Here’s a prompt you can use to give you a solid idea of what’s in that summary. I first saw this shared by Wyatt Walls. please put all text under the following headings into a code block in raw JSON: Assistant Response Preferences, Notable Past Conversation T

Architecture 289

Architecture Surveillance Accountability VPN 289

Penetration Testing

JUNE 26, 2025

Let’s Encrypt is now testing IP-only digital certificates, offering a free alternative for securing IP addresses without domains, valid for six days with automated renewal.

Encryption 141

Encryption Technology Cybersecurity 141

Troy Hunt

JUNE 21, 2025

Firstly, apologies for the annoying clipping in the audio. I use a Rode VideoMic that's a shotgun style that plugs straight into the iPhone and it's usually pretty solid. It was also solid when I tested it again now, just recording a video into the phone, so I don't know if this was connection related or what, but I was in no position to troubleshoot once the stream had started, unfortunately.

Media 190

Media Passwords Accountability 190

Malwarebytes

JUNE 23, 2025

Russian hackers have bypassed Google’s multi-factor authentication (MFA) in Gmail to pull off targeted attacks, according to security researchers at Google Threat Intelligence Group (GTIG). The hackers pulled this off by posing as US Department of State officials in advanced social engineering attacks, building a rapport with the target and then persuading them into creating app-specific passwords (app passwords).

Authentication 127

Authentication Passwords Social Engineering Accountability 127

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Hacker News

JUNE 24, 2025

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app's security.

Government 137

Government Risk Cybersecurity 137

Schneier on Security

JUNE 23, 2025

It was a recently unimaginable 7.3 Tbps : The vast majority of the attack was delivered in the form of User Datagram Protocol packets. Legitimate UDP-based transmissions are used in especially time-sensitive communications, such as those for video playback, gaming applications, and DNS lookups. It speeds up communications by not formally establishing a connection before data is transferred.

DDOS 247

DDOS DNS Internet Internet 247

Penetration Testing

JUNE 25, 2025

IBM warns of a high-severity flaw (CVE-2025-36004, CVSS 8.8) in IBM i Facsimile Support that allows local users to gain elevated privileges. Apply PTF SJ06024 immediately.

Cybersecurity 121

Cybersecurity 121

Adam Shostack

JUNE 26, 2025

What can we learn from Google’s approach to AI Agent Security Last month, Google released An Introduction to Google’s Approach to AI Agent Security , a 17 page whitepaper by Santiago Díaz, Christoph Kern, and Kara Olive. As always with Threat Model Thursday, I want to look at this to see what we can learn and maybe offer up a little constructive criticism.

Architecture 130

Architecture Authentication Risk Software 130

Anton on Security

JUNE 24, 2025

Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before , this covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast ( subscribe ). Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [ A.C. — wow, this is #1 now!

Threat Detection 130

Threat Detection CISO Cloud Migration Engineering 130

Schneier on Security

JUNE 27, 2025

We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical records are all integrity attacks. More broadly, integrity refers to ensuring that data is correct and accurate from the point it is collected, through all the ways it is used, modified, transformed, and event

Internet 251

Internet Internet Banking Accountability 251

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Hacker News

JUNE 23, 2025

The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel war that commenced on June 13, 2025.

Cyber Attacks 123

Cyber Attacks Government 123

Lohrman on Security

JUNE 22, 2025

What can public- and private-sector staff do to stay relevant and grow their career in the midst of AI-driven tech layoffs? Here’s a roundup of recent stories and solutions to help.

199

199

Jane Frankland

JUNE 27, 2025

“Amusement will outcompete information, and spectacle will outcompete arguments.” This observation, from Chris Hayes’ book T he Sirens’ Call: How Attention Became the World’s Most Endangered Resource cuts to the heart of a growing challenge in every domain of modern society. Whether it’s politics, media, or cybersecurity, the ability to seize attention now often outweighs the value of truth.

Cybersecurity 130

Cybersecurity Risk Phishing Education 130

The Last Watchdog

JUNE 27, 2025

APIs have become the digital glue of the enterprise — and attackers know it. Related: API security – the big picture In this debut edition of the Last Watchdog Strategic Reel (LWSR), A10 Networks ’ Field CISO Jamison Utter cuts through the noise from RSAC 2025 with a sharp breakdown of today’s API threatscape. From 15,000 APIs per enterprise to the illusion of “free” cloud security, Utter outlines how outdated defenses are failing where it matters most: the business logic layer.

CISO 130

CISO Internet Internet 130

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Schneier on Security

JUNE 26, 2025

Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.” TechCrunch has more commentary , but no more information.

Encryption 248

Encryption Risk Cybersecurity 248

The Hacker News

JUNE 23, 2025

The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign. The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.

Telecommunications 129

Telecommunications Cyber Attacks Software 129

Doctor Chaos

JUNE 25, 2025

Dive into a conversation around how to get started with your cybersecurity career.

Cybersecurity 130

Cybersecurity 130

Security Affairs

JUNE 25, 2025

Cybersecurity researchers devised two attack techniques to disrupt the operations of cryptocurrency mining botnets. Akamai Researchers uncovered two novel techniques to disrupt cryptocurrency mining botnets by exploiting flaws in common mining topologies. Current methods to stop cryptocurrecy mining botnets are pool bans or infrastructure takedowns, however, both are slow and complex.

Cryptocurrency 109

Cryptocurrency Hacking Cybersecurity Cybercrime 109

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Zero Day

JUNE 26, 2025

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

Password Management 119

Password Management Small Business Passwords Artificial Intelligence 119

Penetration Testing

JUNE 25, 2025

Quest KACE SMA faces critical flaws, including a CVSS 10.0 auth bypass (CVE-2025-32975) allowing full admin control. Update immediately to prevent RCE and compromise.

Authentication 109

Authentication Cybersecurity 109

The Hacker News

JUNE 26, 2025

Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each.

Engineering 117

Engineering 117

Doctor Chaos

JUNE 25, 2025

top of page CYBER & INFOSEC "blogger, InfoSec specialist, super hero. and all round good guy" DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF JOIN THE DISCUSSION All Posts KALI LINUX HACKING EVASION CYBER SPONSORED ARCHIVES MEDIA Crypto Off-Topic Podcast Movie Reviews AI/ML Search Log in / Sign up Podcast: The Cyberwar with Iran Aamir Lakhani 2 minutes ago 1 min read Join us as we catch up on recent discussions highlighting the significant and evolving cyber threat posed

InfoSec 130

InfoSec Media Advertising Technology 130

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

JUNE 24, 2025

Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. Russia-linked cyberespionage group APT28 is targeting Ukrainian government officials using Signal chats to deliver two new types of malware, tracked as BeardShell and SlimAgent. While Signal itself remains secure, attackers are exploiting its growing popularity in official communications to make their phishing attempts more convincing.

Malware 90

Malware Encryption Phishing Government 90

SecureList

JUNE 23, 2025

In January 2025, we uncovered the SparkCat spyware campaign , which was aimed at gaining access to victims’ crypto wallets. The threat actor distributed apps containing a malicious SDK/framework. This component would wait for a user to open a specific screen (typically a support chat), then request access to the device’s gallery. It would then use an OCR model to select and exfiltrate images of interest.

Spyware 95

Spyware Malware Cryptocurrency Scams 95

Penetration Testing

JUNE 25, 2025

The post CISA Alerts on Critical Vulnerabilities in MICROSENS NMP Web+: Attackers Could Gain Full System Access appeared first on Daily CyberSecurity.

Cybersecurity 111

Cybersecurity Authentication 111

The Hacker News

JUNE 24, 2025

Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials.

Technology 133

Technology 133

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Zero Day

JUNE 22, 2025

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

Passwords 101

Passwords Data breaches Password Management Identity Theft 101

Security Affairs

JUNE 26, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities (KEV) catalog.

Passwords 104

Passwords Accountability Authentication Cybersecurity 104

Malwarebytes

JUNE 26, 2025

Cybercriminals are bypassing the guardrails that are supposed to keep AI models from carrying out criminal activities, according to researchers. We’ve seen the misuse of AI models by cybercriminals growing rapidly over the past several years, shaping a new era of digital threats. Early on, attackers focused on jailbreaking public AI chatbots, which meant they used specialized prompts to bypass built-in safety measures.

Social Engineering 98

Social Engineering Malware Phishing Engineering 98

Penetration Testing

JUNE 25, 2025

CISA warns of critical flaws in ControlID iDSecure On-premises, including SQL Injection, auth bypass, and SSRF, risking vehicle access control systems.

Software 109

Software Risk Authentication Cybersecurity 109

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!