Schneier on Security
JUNE 20, 2025
Good article from 404 Media on the cozy surveillance relationship between local Oregon police and ICE: In the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of surveillance tools and tactics they have access to and felt comfortable using, and in some cases offered to perform surveillance for their colleagues in other departments.
Penetration Testing
JUNE 20, 2025
A critical flaw (CVE-2025-4981, CVSS 9.9) in Mattermost allows authenticated users to achieve RCE via path traversal during archive uploads. Update immediately!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
JUNE 19, 2025
When organizations, good or bad, start hoarding collections of login credentials the numbers quickly add up. Take the 184 million logins for social media accounts we reported about recently. Now try to imagine 16 billion! Researchers at Cybernews have discovered 30 exposed datasets containing from several millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.
The Hacker News
JUNE 17, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 (CVSS score: 8.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Trend Micro
JUNE 16, 2025
This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data.
Schneier on Security
JUNE 17, 2025
If you’ve worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping , then you’re safe for another day. But the fact remains that AI already has definite advantages over even the most skilled humans, and knowing where these advantages arise—and where they don’t—will be key to adapting to the AI-infused
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Malwarebytes
JUNE 18, 2025
Ads on Instagram—including deepfake videos—are impersonating trusted financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) in order to scam people, according to BleepingComputer. There are some variations in how the scammers approach this. Some use Artificial Intelligence (AI) to create deepfake videos aimed at gathering personal information, while others link to typosquatted domains that not just look the same but also have very similar domain names as the impersonated
The Hacker News
JUNE 20, 2025
Cloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider.
Troy Hunt
JUNE 21, 2025
Firstly, apologies for the annoying clipping in the audio. I use a Rode VideoMic that's a shotgun style that plugs straight into the iPhone and it's usually pretty solid. It was also solid when I tested it again now, just recording a video into the phone, so I don't know if this was connection related or what, but I was in no position to troubleshoot once the stream had started, unfortunately.
The Last Watchdog
JUNE 18, 2025
Miami, June 18, 2025, CyberNewswire — Halo Security today announced that its attack surface management solution has been named a 2025 MSP Today Product of the Year Award winner by TMC, a leading global media company recognized for building communities in technology and business through live events and digital marketing platforms. The MSP Today Product of the Year Award honors standout products and services that are reshaping the managed services landscape—delivered through the Channel and
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Adam Shostack
JUNE 16, 2025
We think you should publish your threat model, and we’re publishing our arguments. At ThreatModCon, I gave a talk titled “Publish Your Threat Model!” In it, I discussed work that Loren Kohnfelder and I have been doing to explore the idea, and today I want to share the slides and an essay form of the idea. We invite comments on the essay form, which is the most fleshed out.
Anton on Security
JUNE 16, 2025
Output-driven SIEM — 13 years later Output-driven SIEM! Apart from EDR and SOC visibility triad , this is probably my most known “invention” even though I was very clear that I stole this from the Vigilant crew back in 2011. Anyhow, I asked this question on X the other day: So, what year is this? Let me see … 2025! Anyhow, get a time machine, we are flying to 2012…. whooosh…. … we landed … no dinosaurs in sight so we didn’t screw the time settings.
The Hacker News
JUNE 18, 2025
Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux distributions.
Lohrman on Security
JUNE 22, 2025
What can public- and private-sector staff do to stay relevant and grow their career in the midst of AI-driven tech layoffs? Here’s a roundup of recent stories and solutions to help.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Zero Day
JUNE 17, 2025
X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder
Security Affairs
JUNE 19, 2025
Researchers discovered the largest data breach ever, exposing 16 billion login credentials, likely due to multiple infostealers. Researchers announced the discovery of what appears to be the largest data breach ever recorded, with an astonishing 16 billion login credentials exposed. The ongoing investigation, which began earlier this year, suggests that the credentials were collected through multiple infostealer malware strains.
SecureWorld News
JUNE 18, 2025
When renewable energy becomes a security risk Some people are concerned about whether solar panels will operate after periods of cloudy weather, others are more concerned about whether they can be remotely accessed. This is where the IT/OT worlds collide, creating potential security issues for energy providers. Recent research from Forescout has revealed that roughly 35,000 solar power systems are exposed to the internet, with researchers discovering 46 new vulnerabilities across three major man
The Hacker News
JUNE 17, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2023-0386 (CVSS score: 7.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Trend Micro
JUNE 17, 2025
A recent attack campaign took advantage of exposed Docker Remote APIs and used the Tor network to deploy a stealthy cryptocurrency miner. This blog breaks down the attack chain.
Schneier on Security
JUNE 19, 2025
Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things. How and under what rules that video is used and reused will be a continuing source of debate.
Security Affairs
JUNE 18, 2025
Veeam addressed a new critical flaw in Backup & Replication product that could potentially result in remote code execution. Veeam has rolled out security patches to address a critical security vulnerability, tracked CVE-2025-23121 (CVSS score of 9.9) in its Backup & Replication solution that can allow remote attackers to execute arbitrary code under certain conditions. “A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.”
eSecurity Planet
JUNE 17, 2025
It’s a familiar story: your email inbox is bursting with newsletters, sales promos, and spam you don’t remember signing up for. However, attempting to remove it may put your personal information at risk. Cybersecurity experts are now warning that clicking the familiar “unsubscribe” button at the bottom of unwanted emails could lead to phishing scams or malware attacks.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
JUNE 16, 2025
The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea. "For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade U.S.
The Last Watchdog
JUNE 17, 2025
Last week at Microsoft Build , Azure CTO Mark Russinovich made headlines by telling the truth. Related: A basis for AI optimism In a rare moment of public candor from a Big Tech executive, Russinovich warned that current AI architectures—particularly autoregressive transformers—have structural limitations we won’t engineer our way past. And more than that, he acknowledged the growing risk of jailbreak-style attacks that can trick AI systems into revealing sensitive content or misbehaving in ways
Penetration Testing
JUNE 18, 2025
Cisco ClamAV versions 1.4.3 and 1.0.9 fix critical flaws: CVE-2025-20260 (CVSS 9.8) in PDF scanning could allow RCE, and CVE-2025-20234 (UDF) leads to DoS.
Security Affairs
JUNE 20, 2025
Researchers discovered two local privilege escalation flaws that could let attackers gain root access on systems running major Linux distributions. Qualys researchers discovered two local privilege escalation (LPE) vulnerabilities, an attacker can exploit them to gain root privileges on machines running major Linux distributions. The two vulnerabilities are: CVE-2025-6018: LPE from unprivileged to allow_active in *SUSE 15’s PAM CVE-2025-6019: LPE from allow_active to root in libblockdev vi
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
eSecurity Planet
JUNE 16, 2025
Security researchers have uncovered a large and growing cyberattack campaign that has infected hundreds of thousands of legitimate websites with malicious JavaScript code. The culprits behind this operation are using an obscure but powerful JavaScript obfuscation method dubbed JSFireTruck, a nickname coined by Palo Alto Networks’ Unit42 researchers.
The Hacker News
JUNE 16, 2025
An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat.
Duo's Security Blog
JUNE 17, 2025
We’re excited to announce a major update to Instant Restore for Duo Mobile on Android. This update brings multiple improvements which make it easier to move to a new device without losing access to your MFA accounts. Before we dive into the new feature, let’s quickly review how Instant Restore worked on Android prior to this update. When backing up both Duo and third-party accounts, the steps to start backing up are: Enable Instant Restore in Duo Mobile’s settings Select a Google Drive account f
Security Boulevard
JUNE 20, 2025
DoJ, FBI, USSS yoinked USDT: Pretty girls plus investment fraud equals forfeiture recovery (eventually). The post US Pig Butchering Victims ‘Will’ Get Refunds — Feds Seize $225M Cryptocurrency appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Expert insights. Personalized for you.
251 
Let's personalize your content