2025 and Internet - Cyber Security Informer

Microsoft: Happy 2025. Here’s 161 Security Updates

Krebs on Security

JANUARY 14, 2025

Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. The Microsoft flaws already seeing active attacks include CVE-2025-21333 , CVE-2025-21334 and, you guessed it– CVE-2025-21335. “It may be the first of many in 2025.”

Artificial Intelligence

Artificial Intelligence Social Engineering Encryption Internet

Microsoft Patch Tuesday, July 2025 Edition

Krebs on Security

JULY 8, 2025

While not listed as critical, CVE-2025-49719 is a publicly disclosed information disclosure vulnerability, with all versions as far back as SQL Server 2016 receiving patches. Barnett also called attention to CVE-2025-47981 , a vulnerability with a CVSS score of 9.8 (10 Two more high severity bugs include CVE-2025-49740 (CVSS 8.8)

Authentication

Authentication Software Internet Internet

Patch Tuesday, June 2025 Edition

Krebs on Security

JUNE 10, 2025

The sole zero-day flaw this month is CVE-2025-33053 , a remote code execution flaw in the Windows implementation of WebDAV — an HTTP extension that lets users remotely manage files and directories on a server. CVE-2025-33073 has a CVSS risk score of 8.8 (out “Exploitation relies on the user clicking a malicious link.

Software

Software Engineering Internet Internet

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Krebs on Security

MARCH 11, 2025

Two of the zero-day flaws include CVE-2025-24991 and CVE-2025-24993 , both vulnerabilities in NTFS , the default file system for Windows and Windows Server. CVE-2025-24993 would lead to the possibility of local code execution, while CVE-2025-24991 could cause NTFS to disclose portions of memory. and Server 2012 R2. .

System Administration

System Administration Engineering Internet Internet

Microsoft Patch Tuesday, February 2025 Edition

Krebs on Security

FEBRUARY 11, 2025

All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name CVE-2025-21418. “At this time, it is unclear if CVE-2025-21418 was also exploited by Lazarus Group.” which fixes a zero day vulnerability (CVE-2025-24200) that is showing up in attacks.

Artificial Intelligence

Artificial Intelligence Engineering Software Internet

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Williams Brandon Williams , CTO, Conversant Group Predictions for 2025 point to attack speeds increasing by up to 100X, necessitating faster detection and response times. Salzman Shirley Slazman , CEO, SeeMetrics In 2025, organizations will recognize that adding more tools doesnt equate to better security.

Cyber threats

Cyber threats CISO IoT Phishing

Patch Tuesday, May 2025 Edition

Krebs on Security

MAY 14, 2025

Tracked as CVE-2025-32701 & CVE-2025-32706 , these flaws are present in all supported versions of Windows 10 and 11, as well as their server versions. Chris Goettl at Ivanti points out that the Windows 11 and Server 2025 updates include some new AI features that carry a lot of baggage and weigh in at around 4 gigabytes.

Artificial Intelligence

Artificial Intelligence Internet Internet Phishing

Patch Tuesday, April 2025 Edition

Krebs on Security

APRIL 8, 2025

The zero-day flaw already seeing exploitation is CVE-2025-29824 , a local elevation of privilege bug in the Windows Common Log File System (CLFS) driver. “For the past two years, elevation of privilege flaws have led the pack and, so far in 2025, account for over half of all zero-days exploited,” Narang wrote.

Software

Software Media Internet Internet

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

JANUARY 22, 2025

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. 14, 2025 shows the mistyped domain name a22-65.akam.ne. A DNS lookup on the domain az.mastercard.com on Jan.

DNS

DNS Internet Internet Risk

News alert: RSAC 2025 ramps up – watch Byron Acohido on Bospar’s Politely Pushy podcast

The Last Watchdog

MARCH 25, 2025

Acohido joins DigiCerts Christina Knittel and ConnectSafely.orgs Larry Magid for a spirited roundtable on how to get the most out of RSAC 2025. This conversation kicks off Last Watchdogs pre-show coverage of RSAC 2025. Follow along as the road to RSAC 2025 continues. First episodes go live the week of April 21.

Internet

Internet Internet Cybersecurity

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Shashanka Dr. Madhu Shashanka , Chief Data Scientist, Concentric AI Generative AI in 2025 will bring transformative opportunities but heightened cybersecurity risks, including data exposure, AI misuse, and novel threats like prompt injection attacks. Real-time defense and a robust security mindset are crucial to staying resilient.

Risk

Risk Threat Detection Technology Phishing

MY TAKE: RSAC 2025 – Conversing with vendors hanging out in the Marriott Marquis mezzanine

The Last Watchdog

MAY 1, 2025

Related: RSAC 2025 top takeaways In between sessions at RSAC 2025 , I slipped over to the Marriott lobby and held quick, off-the-cuff interviews with a handful of cybersecurity vendors each doing something genuinely different, often radical, to help organizations shore up digital defenses. Ill keep watch and keep reporting.

Mobile

Mobile Government CISO Technology

Hi, robot: Half of all internet traffic now automated

Malwarebytes

APRIL 16, 2025

If you sometimes feel that the internet isn’t the same vibrant place it used to be, you’re not alone. But in its 2025 Bad Bot Report , application security company Imperva claimed this is the first time traffic from bots became more prevalent than human traffic. Bad bots do all kinds of unpleasant things.

Internet

Internet Internet Passwords Artificial Intelligence

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Krebs on Security

MAY 29, 2025

” In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.

Scams

Scams Internet Internet Cybercrime

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

Security Affairs

FEBRUARY 19, 2025

Palo Alto Networks warns that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls. Palo Alto Networks warns that threat actors are chaining the vulnerability CVE-2025-0111 with two other vulnerabilities, tracked as CVE-2025-0108 with CVE-2024-9474 , to compromise PAN-OS firewalls.

Firewall

Firewall Authentication Architecture Internet

Critical RCE in MCP Inspector Exposes AI Devs to Web-Based Exploits (CVE-2025-49596)

Penetration Testing

JUNE 30, 2025

We managed to identify MCP Inspector instances that are exposed to the internet and are in immediate risk of remote code execution. Oligo also found several public-facing instances of MCP Inspector online, fingerprintable via unique HTTP headers. These systems are exposed to full remote command execution—no browser needed. “

Penetration Testing

Penetration Testing Authentication Advertising Cybersecurity

MY TAKE: As RSAC 2025 opens, Microsoft, Amazon make GenAI grab — will control tighten?

The Last Watchdog

APRIL 28, 2025

SAN FRANCISCO RSAC 2025 kicks off today at Moscone Center, with more than 40,000 cybersecurity pros, tech executives, and policy leaders gathering to chart the future of digital risk management. Related: RSAC 2025’s full agenda One dominant undercurrent is already clear: GenAI isnt coming. Stay tuned.

Small Business

Small Business Internet Internet Architecture

Threat landscape for industrial automation systems in Q1 2025

SecureList

MAY 15, 2025

Percentage of ICS computers on which malicious objects were blocked, Q1 2022Q1 2025 In JanuaryMarch 2025, the figures were the lowest compared to the same months of the previous four years. In Q1 2025, the percentage of affected ICS computers ranged from 10.7% The internet is the primary source of threats to ICS computers.

Spyware

Spyware Phishing Internet Internet

Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days

Security Affairs

MAY 14, 2025

Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flawsacross multiple products, including five zero-day flaws. The bug forces Edge to switch into Internet Explorer mode. An attacker can exploit this flaw to achieve privilege escalation to SYSTEM.

Engineering

Engineering Ransomware Phishing Hacking

Iran experienced a near-total national internet blackout

Security Affairs

JUNE 19, 2025

Iran experienced a near-total internet blackout on Wednesday as tensions with Israel escalated into the first week of conflict. Global internet monitor NetBlocks reported almost near-total Internet disruptions in Iran as tensions with Israel escalated into the first week of conflict.

Internet

Internet Internet Banking Hacking

Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider

The Hacker News

JUNE 20, 2025

The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider. Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks," Cloudflare's Omer Yoachimik terabits per second (Tbps).

DDOS

DDOS Internet Internet

Iran confirmed it shut down internet to protect the country against cyberattacks

Security Affairs

JUNE 21, 2025

Iran confirmed an Internet shutdown to counter Israeli cyberattacks, citing threats to critical infrastructure, and interfere with drone control. Iran experienced a near-total internet blackout on Wednesday as tensions with Israel escalated into the first week of conflict. ” states the Iranian website CHN.

Internet

Internet Internet Banking Cyber Attacks

Experts Flag Security, Privacy Risks in DeepSeek AI App

Krebs on Security

FEBRUARY 6, 2025

The device information shared, combined with the user’s Internet address and data gathered from mobile advertising companies , could be used to deanonymize users of the DeepSeek iOS app, NowSecure warned. “Since this protection is disabled, the app can (and does) send unencrypted data over the internet.”

Risk

Risk Artificial Intelligence Mobile Encryption

Gladinet flaw CVE-2025-30406 actively exploited in the wild

Security Affairs

APRIL 15, 2025

Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406 , in Gladinet CentreStack and Triofox software.

Internet

Internet Internet Risk Software

You should probably delete any sensitive screenshots you have in your phone right now. Here's why

Zero Day

JUNE 26, 2025

Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 (..)

Password Management

Password Management Small Business Passwords Artificial Intelligence

AI and collaboration tools: how cyberattackers are targeting SMBs in 2025

SecureList

JUNE 25, 2025

Share of unique files with names mimicking the nine most popular legitimate applications in 2024 and 2025 ( download ) A comparison of the threat landscape in 2024 and 2025 reveals a clear shift: with the growing popularity of AI services, cyberattackers are increasingly disguising malware as various AI tools. ChatGPT 1.47% 4.38% 2.9

Adware

Adware Phishing Computers and Electronics Banking

As Texas floods, so does the internet – with dangerous lies

Graham Cluley

JULY 9, 2025

ⓘ As Texas floods, so does the internet – with dangerous lies Graham Cluley @ 3:25 pm, July 9, 2025 @grahamcluley.com @ [email protected] As Texas reels from devastating floods , conspiracy theorists are hard at work. Winner of the best new podcast award in 2025. Copyright © 2001-2025 Cluley Associates Limited.

Internet

Internet Internet Scams Media

MY TAKE: Notes on how GenAI is shifting tension lines in cybersecurity on the eve of RSAC 2025

The Last Watchdog

APRIL 27, 2025

Trekked here with some 40,000-plus cyber security pros and company execs striving heading to RSAC 2025 at Moscone Center. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. Related: GenAI disrupting tech jobs Ive been feeling that tension lately.

Cybersecurity

Cybersecurity DDOS Cyber Risk Engineering

86 million AT&T customer records reportedly up for sale on the dark web

Zero Day

JUNE 6, 2025

X Trending Memorial Day tech sales 2025 Memorial Day TV sales 2025 Memorial Day lawn & outdoor sales 2025 Memorial Day phone sales 2025 Memorial Day health tracker sales 2025 Memorial Day headphone sales 2025 Memorial Day laptop sales 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best (..)

Password Management

Password Management Passwords Identity Theft Software

Yes, your internet provider can throttle your speed. Here's an easy solution that may help

Zero Day

JUNE 23, 2025

Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 (..)

Internet

Internet Internet VPN Password Management

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

SecureWorld News

APRIL 23, 2025

In its 17th edition, Verizon's 2025 Data Breach Investigations Report (DBIR) continues to deliver one of the most comprehensive analyses of cyber incidents worldwide. The 2025 DBIR is a call to arms for CISOs and security leaders to rethink how they detect, respond to, and recover from breaches. Your response must be equally fast."

CISO

CISO Backups Ransomware Risk

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Security Affairs

APRIL 22, 2025

Japan s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. from fake websites (phishing sites) disguised as websites of real securities companies.” ” reads the FSA’s alert. When did it occur? billion yen Approximately 37.4

Financial Services

Financial Services Passwords Antivirus Accountability

MY TAKE: RSAC 2025’s big takeaway — GenAI is growing up fast, but still needs human direction

The Last Watchdog

MAY 5, 2025

Related: RSAC 2025 by the numbers Beneath the cacophony of GenAI-powered product rollouts, the signal that stood out was subtler: a broadening consensus that artificial intelligence especially the agentic kind isnt going away. RSAC 2025 didnt just showcase agentic AIs momentum; it clarified the mandate.

Engineering

Engineering DDOS Threat Detection Risk

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover

Penetration Testing

JUNE 20, 2025

Tracked as CVE-2025-4322 and rated CVSS 9.8, Tracked as CVE-2025-4322 and rated CVSS 9.8, Following the public disclosure on May 19, threat actors began targeting vulnerable sites almost immediately, with mass exploitation observed beginning on June 7th, 2025.

Passwords

Passwords Accountability Penetration Testing Firewall

Why SMS two-factor authentication codes aren't safe and what to use instead

Zero Day

JUNE 17, 2025

Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 (..)

Authentication

Authentication Password Management Small Business Passwords

INTRODUCING: LastWatchdog strategic LinkedIN reels – insights from the ground floor at RSAC 2025

The Last Watchdog

MAY 5, 2025

’ At RSAC 2025, the volume knob turned to AI its potential, its peril, and its increasingly complex role in enterprise defense. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. What exactly is ‘agentic AI?’

Internet

Internet Internet Cybersecurity

Top 11 Dangerous VPN Providers to Avoid in 2025

SecureBlitz

MAY 13, 2025

In today’s digital landscape, a Virtual Private Network (VPN) has become an essential tool for many internet users. VPNs encrypt your internet traffic, masking your online activity and location from prying […] The post Top 11 Dangerous VPN Providers to Avoid in 2025 appeared first on SecureBlitz Cybersecurity.

VPN

VPN Internet Internet Encryption

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

10, 2025 by a China-based SMS phishing service called “Lighthouse.” The FBI asks that before you bin the missives, consider filing a complaint with the agency’s Internet Crime Complaint Center (IC3), including the phone number where the text originated, and the website listed within the text.

Phishing

Phishing Scams Mobile Authentication

Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324

Security Affairs

MAY 6, 2025

In April, ReliaQuest researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. SAP addressed the flaw with the release of the April 2025 Security Patch Day.

VPN

VPN Hacking Internet Internet

Breachforums Boss to Pay $700k in Healthcare Breach

Krebs on Security

MAY 15, 2025

In January 2025, Nonstop agreed to pay $1.5 ” In January 2025, a federal appeals court agreed with the government’s assessment, vacating Fitzpatrick’s sentence and ordering him to be resentenced on June 3, 2025. million to settle the class action. “Law enforcement would never share that material.

Healthcare

Healthcare Insurance Data breaches Government

Happy 15th Anniversary, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2024

Easily the longest story this year was an investigation into Stark Industries Solutions , a large, mysterious new Internet hosting firm that materialized when Russia invaded Ukraine. Look for a story here in early 2025 that will explore the internal operations of these ruthless and ephemeral voice phishing gangs.

Scams

Scams Cybercrime Cryptocurrency Social Engineering

Cloudflare blocks largest DDoS attack - here's how to protect yourself

Zero Day

JUNE 27, 2025

Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 (..)

DDOS

DDOS Small Business Password Management Passwords

Apple quietly makes running Linux containers easier on Macs

Zero Day

JUNE 13, 2025

Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 (..)

Password Management

Password Management Small Business Energy and Utilities Artificial Intelligence

Microsoft Authenticator will soon ditch passwords for passkeys - here's what to do

Zero Day

JUNE 30, 2025

X Trending Amazon Prime Day is July 8 - 11: Here's what you need to know Best Prime Day deals overall 2025 Best Sam's Club tech deals 2025 Best Buy Black Friday in July deals 2025 Best Walmart tech deals 2025 Best Prime Day tablet deals 2025 Best Prime Day headphone deals 2025 Best Prime Day laptop deals 2025 Best Prime Day TV deals 2025 (..)

Authentication

Authentication Passwords Password Management Artificial Intelligence

Microsoft: Happy 2025. Here’s 161 Security Updates

Microsoft Patch Tuesday, July 2025 Edition

Trending Sources

Patch Tuesday, June 2025 Edition

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Microsoft Patch Tuesday, February 2025 Edition

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Patch Tuesday, May 2025 Edition

Patch Tuesday, April 2025 Edition

MasterCard DNS Error Went Unnoticed for Years

News alert: RSAC 2025 ramps up – watch Byron Acohido on Bospar’s Politely Pushy podcast

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

MY TAKE: RSAC 2025 – Conversing with vendors hanging out in the Marriott Marquis mezzanine

Hi, robot: Half of all internet traffic now automated

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

Critical RCE in MCP Inspector Exposes AI Devs to Web-Based Exploits (CVE-2025-49596)

MY TAKE: As RSAC 2025 opens, Microsoft, Amazon make GenAI grab — will control tighten?

Threat landscape for industrial automation systems in Q1 2025

Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days

Iran experienced a near-total national internet blackout

Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider

Iran confirmed it shut down internet to protect the country against cyberattacks

Experts Flag Security, Privacy Risks in DeepSeek AI App

Gladinet flaw CVE-2025-30406 actively exploited in the wild

You should probably delete any sensitive screenshots you have in your phone right now. Here's why

AI and collaboration tools: how cyberattackers are targeting SMBs in 2025

As Texas floods, so does the internet – with dangerous lies

MY TAKE: Notes on how GenAI is shifting tension lines in cybersecurity on the eve of RSAC 2025

86 million AT&T customer records reportedly up for sale on the dark web

Yes, your internet provider can throttle your speed. Here's an easy solution that may help

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

MY TAKE: RSAC 2025’s big takeaway — GenAI is growing up fast, but still needs human direction

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover

Why SMS two-factor authentication codes aren't safe and what to use instead

INTRODUCING: LastWatchdog strategic LinkedIN reels – insights from the ground floor at RSAC 2025

Top 11 Dangerous VPN Providers to Avoid in 2025

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324

Breachforums Boss to Pay $700k in Healthcare Breach

Happy 15th Anniversary, KrebsOnSecurity!

Cloudflare blocks largest DDoS attack - here's how to protect yourself

Apple quietly makes running Linux containers easier on Macs

Microsoft Authenticator will soon ditch passwords for passkeys - here's what to do

Stay Connected