Graham Cluley
JULY 24, 2025
There is good news for any organisation which has been hit by the Phobos ransomware. Japanese police have released a free decryptor capable of recovering files encrypted by both the notorious Phobos ransomware, and its offshoot 8Base. Read more in my article on the Fortra blog.
Penetration Testing
JULY 22, 2025
CISA added four actively exploited vulnerabilities—including zero-days in CrushFTP, Chrome, and SysAid—to its KEV Catalog, urging immediate remediation for critical systems.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
JULY 21, 2025
On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the SharePoint flaw to breach U.S. federal and state agencies, universities, and energy companies. Image: Shutterstock, by Ascannio.
Security Affairs
JULY 21, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft SharePoint flaw, tracked as CVE-2025-53770 (“ToolShell”) (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
The Hacker News
JULY 22, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-2775 (CVSS score: 9.
Schneier on Security
JULY 23, 2025
It will be interesting to watch what will come of this private lawsuit : Google on Thursday announced filing a lawsuit against the operators of the Badbox 2.0 botnet, which has ensnared more than 10 million devices running Android open source software. These devices lack Google’s security protections, and the perpetrators pre-installed the Badbox 2.0 malware on them, to create a backdoor and abuse them for large-scale fraud and other illicit schemes.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
JULY 21, 2025
Microsoft patched an exploited SharePoint flaw (CVE-2025-53770) and disclosed a new one, warning of ongoing attacks on on-prem servers. Microsoft released emergency SharePoint updates for two zero-day flaws, tracked as CVE-2025-53770 and CVE-2025-53771, exploited since July 18 in attacks dubbed “ ToolShell.” Both vulnerabilities only impact on-premises SharePoint Servers, threat actors could chain them for unauthenticated, remote code execution.
Penetration Testing
JULY 22, 2025
CISA, FBI, and HHS issue a joint advisory on Interlock ransomware, active since Sep 2024, targeting businesses and critical infrastructure with double extortion tactics.
The Hacker News
JULY 23, 2025
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks.
Krebs on Security
JULY 24, 2025
KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies in the transportation and aviation industries.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Google Security
JULY 21, 2025
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers.
Security Affairs
JULY 23, 2025
Sophos addressed five Sophos Firewall vulnerabilities that could allow remote attackers to execute arbitrary code. Sophos has fixed five vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973) in Sophos Firewall that could allow an attacker to remotely execute arbitrary code. “Sophos has resolved five independent security vulnerabilities in Sophos Firewall.
Penetration Testing
JULY 23, 2025
SonicWall warns of CVE-2025-40599 in SMA 100 series, allowing authenticated admins to upload arbitrary files, potentially leading to RCE.
The Hacker News
JULY 20, 2025
A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706 (CVSS score: 6.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
eSecurity Planet
JULY 25, 2025
This article was originally published on TechRepublic. Severe vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated remote attacker to issue commands with root privileges, Cisco said in an advisory on July 17. Cisco released multiple patches for the issues, including an expanded fix for specific software versions.
Cisco Security
JULY 24, 2025
Skip to content Cisco Blogs / Security / Cisco Secure Firewall: First to earn SE Labs AAA in Advanced Performance July 24, 2025 Leave a Comment Security Cisco Secure Firewall: First to earn SE Labs AAA in Advanced Performance 3 min read Marc Mastrangelo Cisco just captured cybersecurity’s Olympic gold again! Our Secure Firewall 4225 is the first firewall ever to earn SE Labs’ coveted AAA rating in the ultra-tough Advanced Performance test, hot on the heels of its February AAA rating for efficacy
Security Affairs
JULY 20, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet FortiWeb flaw, tracked as CVE-2025-25257 , to its Known Exploited Vulnerabilities (KEV) catalog. Hackers began exploiting the critical Fortinet FortiWeb flaw CVE-2025-25257 (CVSS score of 9.6) on the same day a proof-of-concept (PoC) exploit was published, leading to dozens of c
Penetration Testing
JULY 23, 2025
Dahua IP cameras are vulnerable to two high-severity buffer overflow flaws (CVE-2025-31700, CVE-2025-31701) allowing remote attackers to crash devices or execute arbitrary code. Update firmware immediately.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
JULY 20, 2025
Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems. The vulnerability, tracked as CVE-2025-37103, carries a CVSS score of 9.8 out of a maximum of 10.0.
Schneier on Security
JULY 24, 2025
The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you’ve never heard of. These entities collect, store, and trade your data, often without your knowledge or consent. It’s both redundant and inconsistent.
Cisco Security
JULY 23, 2025
SE Labs research identifies the many ways Email Threat Defense successfully defends against advanced email threats in real time to earn the highest rating.
Security Affairs
JULY 23, 2025
U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2025-54309 CrushFTP Unprotected Alternate Channel Vulnerability CVE-2025-6558 Google Chromium ANGLE and GPU Improper Input Validation Vulnerability CVE-2025-2776 SysAid On-
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Penetration Testing
JULY 21, 2025
The post Urgent Sophos Firewall Update: Two Critical RCE Flaws (CVE-2025-6704, CVE-2025-7624) Patched via Hotfixes appeared first on Daily CyberSecurity.
The Hacker News
JULY 24, 2025
Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution. The two vulnerabilities impacting Sophos Firewall are listed below - CVE-2025-6704 (CVSS score: 9.
The Last Watchdog
JULY 21, 2025
Austin, TX, July 21, 2025, CyberNewswire — Living Security, the global leader in Human Risk Management (HRM), today released the 2025 State of Human Cyber Risk Report , an independent study conducted by leading research firm Cyentia Institute. The report provides an unprecedented look at behavioral risk inside organizations and reveals how strategic HRM programs can reduce that risk 60% faster than traditional methods.
Adam Shostack
JULY 21, 2025
Threat modeling finds threats; risk management helps us deal with the tricky ones. One the most common questions I’m asked is “what’s the relationship of threat modeling to risk management?” The simple answer is that threat modeling always precedes and sometimes feeds into risk management. Let me offer simple definitions: A threat is a possible future problem; a risk is a quantified threat.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
JULY 24, 2025
The DSPM market hit around $1.2 billion in 2024 and should grow to $4.5 billion by 2033 (≈16.5% CAGR). The AI sector is projected to swell from $189 billion in 2023 to $4.8 trillion by 2033. The tech realm is continually evolving. New tools are invented every day, and certain technologies are reaching market valuations that have never been seen before.
Penetration Testing
JULY 23, 2025
GitLab patched multiple high-severity XSS and data exposure vulnerabilities in CE/EE, urging users to update to 18.2.1, 18.1.3, or 18.0.5.
The Hacker News
JULY 24, 2025
Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections.
The Last Watchdog
JULY 23, 2025
In today’s post-signature world, attackers don’t just break in — they blend in. In this second installment of the Last Watchdog Strategic LinkedIn Reel (LW SLR) series, Corelight CEO Brian Dye delivers a clear-eyed take on how defenders can regain the upper hand with network-derived ground truth. This high-impact reel distills key insights from our RSAC 2025 Fireside Chat, including how NDR empowers SOC teams to trace the full attack path — from initial access to containment — and to prove what
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Expert insights. Personalized for you.
113 
Let's personalize your content