Schneier on Security
JULY 2, 2025
A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost.
Troy Hunt
JULY 2, 2025
I'm in Austria! Well, I was in Austria, I'm now somewhere over the Aussie desert as I try and end this trip on top of my "to-do" list. The Have I Been Pwned Alpine Grand Tour was a great success with loads of time spent with govs, public meetups and users of this little data breach project that kinda escalated. As I say in the vid, I'm posting a lot more pics publicly to my Facebook page , so if you want to see the highlights, head over there.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JUNE 25, 2025
Simon Willison talks about ChatGPT’s new memory dossier feature. In his explanation, he illustrates how much the LLM—and the company—knows about its users. It’s a big quote, but I want you to read it all. Here’s a prompt you can use to give you a solid idea of what’s in that summary. I first saw this shared by Wyatt Walls. please put all text under the following headings into a code block in raw JSON: Assistant Response Preferences, Notable Past Conversation T
Penetration Testing
JUNE 26, 2025
Let’s Encrypt is now testing IP-only digital certificates, offering a free alternative for securing IP addresses without domains, valid for six days with automated renewal.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
The Last Watchdog
JUNE 30, 2025
Palo Alto, Calif., Jun. 30, 2025, CyberNewswire–Every security practitioner knows that employees are the weakest link in an organization, but this is no longer the case. SquareX ’s research reveals that Browser AI Agents are more likely to fall prey to cyberattacks than employees, making them the new weakest link that enterprise security teams need to look out for.
The Hacker News
JULY 1, 2025
Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 138.0.7204.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Jane Frankland
JULY 1, 2025
Most of us have heard the saying, “No pain, no gain.” For cybersecurity leaders navigating the high-stakes world of defending critical systems, this phrase takes on a whole new meaning. Pain, in this context, doesn’t have to mean the physical discomfort. Instead, it’s the uncomfortable reality of facing constant threats, adapting to a rapidly shifting landscape, and shouldering the pressure of being the frontline defence for organisations.
Adam Shostack
JUNE 26, 2025
What can we learn from Google’s approach to AI Agent Security Last month, Google released An Introduction to Google’s Approach to AI Agent Security , a 17 page whitepaper by Santiago Díaz, Christoph Kern, and Kara Olive. As always with Threat Model Thursday, I want to look at this to see what we can learn and maybe offer up a little constructive criticism.
Penetration Testing
JUNE 25, 2025
IBM warns of a high-severity flaw (CVE-2025-36004, CVSS 8.8) in IBM i Facsimile Support that allows local users to gain elevated privileges. Apply PTF SJ06024 immediately.
Security Affairs
JUNE 28, 2025
Over 1,000 SOHO devices were hacked in a China-linked spying campaign called LapDogs, forming a covert network to support cyber espionage. Security researchers at SecurityScorecard’s STRIKE team have uncovered a cyber espionage campaign, dubbed LapDogs, involving over 1,000 hacked SOHO (small office/home office) devices. These compromised devices formed a hidden network, called an Operational Relay Box (ORB), used to support long-term spying operations linked to China-nexus hacking groups.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
JUNE 26, 2025
Reuters is reporting that the White House has banned WhatsApp on all employee devices: The notice said the “Office of Cybersecurity has deemed WhatsApp a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use.” TechCrunch has more commentary , but no more information.
The Hacker News
JUNE 30, 2025
Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft’s move is part of a much larger shift away from traditional password-based logins. The company said the changes are also meant to streamline autofill within its two-factor authentication (2FA) app, making the experience simpler and more secure.
Zero Day
JUNE 26, 2025
X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder
Jane Frankland
JUNE 27, 2025
“Amusement will outcompete information, and spectacle will outcompete arguments.” This observation, from Chris Hayes’ book T he Sirens’ Call: How Attention Became the World’s Most Endangered Resource cuts to the heart of a growing challenge in every domain of modern society. Whether it’s politics, media, or cybersecurity, the ability to seize attention now often outweighs the value of truth.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Last Watchdog
JUNE 27, 2025
APIs have become the digital glue of the enterprise — and attackers know it. Related: API security – the big picture In this debut edition of the Last Watchdog Strategic Reel (LWSR), A10 Networks ’ Field CISO Jamison Utter cuts through the noise from RSAC 2025 with a sharp breakdown of today’s API threatscape. From 15,000 APIs per enterprise to the illusion of “free” cloud security, Utter outlines how outdated defenses are failing where it matters most: the business logic layer.
Doctor Chaos
JUNE 25, 2025
Dive into a conversation around how to get started with your cybersecurity career.
Security Affairs
JUNE 25, 2025
Cybersecurity researchers devised two attack techniques to disrupt the operations of cryptocurrency mining botnets. Akamai Researchers uncovered two novel techniques to disrupt cryptocurrency mining botnets by exploiting flaws in common mining topologies. Current methods to stop cryptocurrecy mining botnets are pool bans or infrastructure takedowns, however, both are slow and complex.
Penetration Testing
JUNE 25, 2025
Quest KACE SMA faces critical flaws, including a CVSS 10.0 auth bypass (CVE-2025-32975) allowing full admin control. Update immediately to prevent RCE and compromise.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
JUNE 28, 2025
Facebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas using artificial intelligence (AI), including those that have not been directly uploaded to the service.
Schneier on Security
JUNE 30, 2025
American democracy runs on trust, and that trust is cracking. Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn’t just political polarization—it’s a creeping erosion of trust in the machinery of democracy itself.
Doctor Chaos
JUNE 25, 2025
top of page CYBER & INFOSEC "blogger, InfoSec specialist, super hero. and all round good guy" DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF JOIN THE DISCUSSION All Posts KALI LINUX HACKING EVASION CYBER SPONSORED ARCHIVES MEDIA Crypto Off-Topic Podcast Movie Reviews AI/ML Search Log in / Sign up Podcast: The Cyberwar with Iran Aamir Lakhani 2 minutes ago 1 min read Join us as we catch up on recent discussions highlighting the significant and evolving cyber threat posed
Malwarebytes
JUNE 30, 2025
AT&T is set to pay $177 million to customers affected by two significant data breaches. These breaches exposed sensitive personal information of millions of current and former AT&T customers. For those that have missed the story so far: Back in 2021, an entity named Shiny Hunters (a known hacking group) claimed to have breached AT&T. Later reports indicated this breach started in 2019.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
JUNE 25, 2025
The post CISA Alerts on Critical Vulnerabilities in MICROSENS NMP Web+: Attackers Could Gain Full System Access appeared first on Daily CyberSecurity.
The Hacker News
JULY 1, 2025
Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader. Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under the moniker TA829.
Schneier on Security
JULY 1, 2025
Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran. Well, that’s one way to identify fake accounts and misinformation campaigns.
Tech Republic Security
JUNE 27, 2025
Please enable cookies. Sorry, you have been blocked You are unable to access techrepublic.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
JULY 1, 2025
Germany asked Google and Apple to remove DeepSeek AI from their app stores, citing GDPR violations over unlawful data collection and transfers to China. The Berlin Commissioner for Data Protection requested Google and Apple to remove the DeepSeek AI app from their app stores due to GDPR violations. On May 6, 2025, Berlin’s Data Protection Commissioner asked the company to remove its apps from German stores, stop illegal data transfers to China, or meet legal transfer requirements.
Penetration Testing
JUNE 25, 2025
CISA warns of critical flaws in ControlID iDSecure On-premises, including SQL Injection, auth bypass, and SSRF, risking vehicle access control systems.
The Hacker News
JUNE 26, 2025
Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each.
Zero Day
JUNE 26, 2025
X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Expert insights. Personalized for you.
231 
Let's personalize your content