Trending Articles

article thumbnail

Surveillance Used by a Drug Cartel

Schneier on Security

Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report. The incident was disclosed in a justice department inspector general’s audit of the FBI’s efforts to mitigate the effects of “ubiquitous technical surveillance,” a t

article thumbnail

Welcoming Truyu to Have I Been Pwned's Partner Program

Troy Hunt

I always used to joke that when people used Have I Been Pwned (HIBP), we effectively said "Oh no - you've been pwned! Uh, good luck!" and left it at that. That was fine when it was a pet project used by people who live in a similar world to me, but it didn't do a lot for the everyday folks just learning about the scary world of data breaches.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Big Tech’s Mixed Response to U.S. Treasury Sanctions

Krebs on Security

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook , Github , PayPal and Twitter/X.

Scams 192
article thumbnail

News alert: SquareX research finds browser AI agents are proving riskier than human employees

The Last Watchdog

Palo Alto, Calif., Jun. 30, 2025, CyberNewswire–Every security practitioner knows that employees are the weakest link in an organization, but this is no longer the case. SquareX ’s research reveals that Browser AI Agents are more likely to fall prey to cyberattacks than employees, making them the new weakest link that enterprise security teams need to look out for.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Four Critical RCE Flaws Found in Grafana Plugins via Chromium: Patch Now!

Penetration Testing

Grafana warns of four critical RCE flaws in Image Renderer and Synthetic Monitoring Agent, stemming from Chromium V8 bugs. Update to patched versions immediately!

article thumbnail

Ubuntu Disables Spectre/Meltdown Protections

Schneier on Security

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost.

Malware 261

LifeWorks

More Trending

article thumbnail

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

The Hacker News

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has been described as a type confusing flaw in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 138.0.7204.

article thumbnail

Why Discomfort Might Be the Ultimate Power Move for Cybersecurity Leaders

Jane Frankland

Most of us have heard the saying, “No pain, no gain.” For cybersecurity leaders navigating the high-stakes world of defending critical systems, this phrase takes on a whole new meaning. Pain, in this context, doesn’t have to mean the physical discomfort. Instead, it’s the uncomfortable reality of facing constant threats, adapting to a rapidly shifting landscape, and shouldering the pressure of being the frontline defence for organisations.

article thumbnail

Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson

Penetration Testing

A critical flaw (CVE-2025-34067, CVSS 10.0) in HIKVISION applyCT allows unauthenticated RCE via Fastjson deserialization, risking surveillance systems. Patch immediately!

article thumbnail

How Cybersecurity Fears Affect Confidence in Voting Systems

Schneier on Security

American democracy runs on trust, and that trust is cracking. Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn’t just political polarization—it’s a creeping erosion of trust in the machinery of democracy itself.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

Security Affairs

Over 1,000 SOHO devices were hacked in a China-linked spying campaign called LapDogs, forming a covert network to support cyber espionage. Security researchers at SecurityScorecard’s STRIKE team have uncovered a cyber espionage campaign, dubbed LapDogs, involving over 1,000 hacked SOHO (small office/home office) devices. These compromised devices formed a hidden network, called an Operational Relay Box (ORB), used to support long-term spying operations linked to China-nexus hacking groups.

IoT 125
article thumbnail

Microsoft Removes Password Management from Authenticator App Starting August 2025

The Hacker News

Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft’s move is part of a much larger shift away from traditional password-based logins. The company said the changes are also meant to streamline autofill within its two-factor authentication (2FA) app, making the experience simpler and more secure.

article thumbnail

AT&T to pay compensation to data breach victims. Here’s how to check if you were affected

Malwarebytes

AT&T is set to pay $177 million to customers affected by two significant data breaches. These breaches exposed sensitive personal information of millions of current and former AT&T customers. For those that have missed the story so far: Back in 2021, an entity named Shiny Hunters (a known hacking group) claimed to have breached AT&T. Later reports indicated this breach started in 2019.

article thumbnail

Critical RCE in MCP Inspector Exposes AI Devs to Web-Based Exploits (CVE-2025-49596)

Penetration Testing

Skip to content July 1, 2025 Linkedin Twitter Facebook Youtube Daily CyberSecurity Primary Menu Home Cyber Criminals Cyber Security Data Leak Linux Malware Vulnerability Submit Press Release Vulnerability Report Windows Search for: Home News Vulnerability Report Critical RCE in MCP Inspector Exposes AI Devs to Web-Based Exploits (CVE-2025-49596) Vulnerability Report Critical RCE in MCP Inspector Exposes AI Devs to Web-Based Exploits (CVE-2025-49596) Ddos July 1, 2025 A critical vulnerability—CVE

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Iranian Blackout Affected Misinformation Campaigns

Schneier on Security

Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran. Well, that’s one way to identify fake accounts and misinformation campaigns.

article thumbnail

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler vulnerability, tracked as CVE-2025-6543 , to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-6543 (CVSS score of 9.2) is a memory overflow vulnerability in NetScaler ADC and NetScaler Gateway when configured as a Gateway (e.g., VPN virtual server, ICA Pro

VPN 99
article thumbnail

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

The Hacker News

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts. The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4 out of a maximum of 10.0.

article thumbnail

Update your Chrome to fix new actively exploited zero-day vulnerability

Malwarebytes

Google has released an update for its Chrome browser to patch an actively exploited flaw. This update is crucial since it addresses an actively exploited vulnerability which can be exploited when the user visits a malicious website. It doesn’t require any further user interaction, which means the user doesn’t need to click on anything in order for their system to be compromised.

Spyware 112
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Next.js Flaw (CVE-2025-49826, CVSS 7.5): Cache Poisoning Leads to Denial-of-Service

Penetration Testing

A critical flaw (CVE-2025-49826, CVSS 7.5) in Next.js causes cache poisoning, leading to DoS by serving cached HTTP 204 responses for static pages.

article thumbnail

Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App

Security Boulevard

Content warning: Domestic abuse, stalking, controlling behavior, Schadenfreude, irony. The post Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App appeared first on Security Boulevard.

article thumbnail

GDPR violations prompt Germany to push Google and Apple to ban DeepSeek AI

Security Affairs

Germany asked Google and Apple to remove DeepSeek AI from their app stores, citing GDPR violations over unlawful data collection and transfers to China. The Berlin Commissioner for Data Protection requested Google and Apple to remove the DeepSeek AI app from their app stores due to GDPR violations. On May 6, 2025, Berlin’s Data Protection Commissioner asked the company to remove its apps from German stores, stop illegal data transfers to China, or meet legal transfer requirements.

article thumbnail

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

The Hacker News

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Microsoft Authenticator will soon ditch passwords for passkeys - here's what to do

Zero Day

X Trending Amazon Prime Day is July 8 - 11: Here's what you need to know Best Prime Day deals overall 2025 Best Sam's Club tech deals 2025 Best Buy Black Friday in July deals 2025 Best Walmart tech deals 2025 Best Prime Day tablet deals 2025 Best Prime Day headphone deals 2025 Best Prime Day laptop deals 2025 Best Prime Day TV deals 2025 Best Prime Day PS5 deals 2025 Best Prime Day gaming deals 2025 Best July 4th tech deals 2025 Best July 4th TV deals 2025 Best remote access software o

article thumbnail

Apache Under Attack: Critical RCE Flaws in Tomcat & Camel Spark Thousands of Exploit Attempts

Penetration Testing

Palo Alto Networks reveals thousands of exploit attempts targeting RCE flaws in Apache Tomcat (CVE-2025-24813) and Apache Camel (CVE-2025-27636, CVE-2025-29891).

article thumbnail

Drug cartel hacked cameras and phones to spy on FBI and identify witnesses

Malwarebytes

The “El Chapo” Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to identify and kill potential witnesses, the US Department of Justice has said. And seven years on, the Bureau’s defenses against this kind of surveillance are still inadequate. The findings came to light in a June 2025 report from the DoJ’s Inspector General.

Hacking 99
article thumbnail

Cisco removed the backdoor account from its Unified Communications Manager

Security Affairs

Digital communications technology giant Cisco addressed a static SSH credentials vulnerability in its Unified Communications Manager (Unified CM). A flaw, tracked as CVE-2025-20309 (CVSS score of 10), in Cisco Unified Communications Manager and its Session Management Edition lets remote attackers log in using hardcoded root credentials set during development.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

The Hacker News

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.

115
115
article thumbnail

How AI companies are secretly collecting training data from the web (and why it matters)

Zero Day

AI companies are quietly harvesting your web content.

98
article thumbnail

Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited on 2,100+ Unpatched Appliances

Penetration Testing

The post Urgent Citrix NetScaler Alert: Critical Memory Overflow Flaw (CVE-2025-6543, CVSS 9.2) Actively Exploited on 2,100+ Unpatched Appliances appeared first on Daily CyberSecurity.

article thumbnail

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

We Live Security

ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024

102
102
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.