Trending Articles

article thumbnail

Hiding Prompt Injections in Academic Papers

Schneier on Security

Academic papers were found to contain hidden instructions to LLMs: It discovered such prompts in 17 articles, whose lead authors are affiliated with 14 institutions including Japan’s Waseda University, South Korea’s KAIST, China’s Peking University and the National University of Singapore, as well as the University of Washington and Columbia University in the U.S.

320
320
article thumbnail

Microsoft Patch Tuesday, July 2025 Edition

Krebs on Security

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Welcoming Truyu to Have I Been Pwned's Partner Program

Troy Hunt

I always used to joke that when people used Have I Been Pwned (HIBP), we effectively said "Oh no - you've been pwned! Uh, good luck!" and left it at that. That was fine when it was a pet project used by people who live in a similar world to me, but it didn't do a lot for the everyday folks just learning about the scary world of data breaches.

article thumbnail

Fake Jobs, Real Threats: How to Stay Safe on LinkedIn and Email

Lohrman on Security

How can we spot sophisticated new scams, fake profiles and more within our emails and on professional networking sites like LinkedIn? Here’s some helpful advice.

Scams 156
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

The Hacker News

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.

article thumbnail

Surveillance Used by a Drug Cartel

Schneier on Security

Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report. The incident was disclosed in a justice department inspector general’s audit of the FBI’s efforts to mitigate the effects of “ubiquitous technical surveillance,” a t

LifeWorks

More Trending

article thumbnail

Weekly Update 458

Troy Hunt

I'm in Austria! Well, I was in Austria, I'm now somewhere over the Aussie desert as I try and end this trip on top of my "to-do" list. The Have I Been Pwned Alpine Grand Tour was a great success with loads of time spent with govs, public meetups and users of this little data breach project that kinda escalated. As I say in the vid, I'm posting a lot more pics publicly to my Facebook page , so if you want to see the highlights, head over there.

article thumbnail

Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson

Penetration Testing

A critical flaw (CVE-2025-34067, CVSS 10.0) in HIKVISION applyCT allows unauthenticated RCE via Fastjson deserialization, risking surveillance systems. Patch immediately!

article thumbnail

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

The Hacker News

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices.

article thumbnail

Ubuntu Disables Spectre/Meltdown Protections

Schneier on Security

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost.

Malware 269
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

No thanks: Google lets its Gemini AI access your apps, including messages

Malwarebytes

If you’re an Android user, you’ll need to take action if you don’t want Google’s Gemini AI to have access to your apps. That’s because, regardless of your previous settings, Google now allows Gemini to interact with third-party apps. Through Gemini extensions , it already had the ability to integrate with apps to lend a helping hand and make Google Assistant obsolete.

Mobile 132
article thumbnail

Set Sail: Remote Code Execution in SailPoint IQService via Default Encryption Key

NetSpi Technical

During an Internal Network Penetration Test, NetSPI identified a vulnerability affecting a component of SailPoint, a highly privileged Identity and Access Management solution. The affected IQService component is used primarily for syncing changes between Active Directory and SailPoint. This blog walks through the discovery methods, exploit development, and remediation guidance.

article thumbnail

Four Critical RCE Flaws Found in Grafana Plugins via Chromium: Patch Now!

Penetration Testing

Grafana warns of four critical RCE flaws in Image Renderer and Synthetic Monitoring Agent, stemming from Chromium V8 bugs. Update to patched versions immediately!

article thumbnail

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

The Hacker News

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.

129
129
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

Security Affairs

Microsoft released Patch Tuesday security updates for July 2025, which addressed 130 flaws, including one a Microsoft SQL Server zero-day. Microsoft Patch Tuesday security updates for July 2025 addressed 130 vulnerabilities in Windows and Windows Components, Office and Office Components,NET and Visual Studio, Azure, Teams, Hyper-V, Windows BitLocker, Microsoft Edge (Chromium-based), and the Windows Cryptographic Service. 10 vulnerabilities addressed by the company are rated Critical, and the res

Hacking 108
article thumbnail

Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App

Security Boulevard

Content warning: Domestic abuse, stalking, controlling behavior, Schadenfreude, irony. The post Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App appeared first on Security Boulevard.

article thumbnail

Texas Passes Most Comprehensive AI Governance Bill

SecureWorld News

Texas is making waves in AI governance. Governor Greg Abbott recently signed House Bill 149 , formally titled the Texas Responsible Artificial Intelligence Governance Act (TRAIGA), on June 22, 2025. The new law, effective January 1, 2026, establishes clear guardrails around AI development and deployment—regulating who it applies to, what it prohibits, and how oversight will be handled.

article thumbnail

Fortinet Fixes Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257, CVSS 9.6)

Penetration Testing

Fortinet released a critical patch for FortiWeb (CVE-2025-25257, CVSS 9.6). This unauthenticated SQL injection flaw allows remote code execution; update immediately!

Firewall 116
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Manufacturing Security: Why Default Passwords Must Go

The Hacker News

If you didn't hear about Iranian hackers breaching US water facilities, it's because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn't its scale, but how easily the hackers gained access — by simply using the manufacturer's default password "1111.

article thumbnail

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

Security Affairs

Italian police arrested a Chinese national linked to Silk Typhoon APT group at Milan’s Malpensa Airport on a U.S. warrant. Italian police arrested a Chinese national, Zewei Xu (33), at Milan’s Malpensa Airport on a U.S. warrant. Xu was arrested at Malpensa Airport on July 3rd after arriving on a flight from China. Authorities accused the man of cyberespionage, U.S. authorities linked him to the China-nexus group Hafnium (aka Silk Typhoon ), which carried out attacks against U.S. gove

article thumbnail

Drug cartel hacked cameras and phones to spy on FBI and identify witnesses

Malwarebytes

The “El Chapo” Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to identify and kill potential witnesses, the US Department of Justice has said. And seven years on, the Bureau’s defenses against this kind of surveillance are still inadequate. The findings came to light in a June 2025 report from the DoJ’s Inspector General.

Hacking 103
article thumbnail

BERT Ransomware Group Targets Asia and Europe on Multiple Platforms

Trend Micro

BERT is a newly emerged ransomware group that pairs simple code with effective execution—carrying out attacks across Europe and Asia. In this entry, we examine the group’s tactics, how their variants have evolved, and the tools they use to get past defenses and speed up encryption across platforms.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CVE-2025-41672 (CVSS 10): Critical JWT Certificate Flaw in WAGO Device Sphere Allows Full Remote Takeover

Penetration Testing

The post CVE-2025-41672 (CVSS 10): Critical JWT Certificate Flaw in WAGO Device Sphere Allows Full Remote Takeover appeared first on Daily CyberSecurity.

article thumbnail

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets

The Hacker News

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk.

article thumbnail

Task scams: Why you should never pay to get paid

We Live Security

Award-winning news, views, and insight from the ESET security community English Español Deutsch Português Français TIPS & ADVICE BUSINESS SECURITY ESET RESEARCH About ESET Research Blogposts Podcasts White papers Threat reports WeLiveScience FEATURED Ukraine crisis – Digital security resource center WeLiveProgress COVID-19 Resources Videos TOPICS Digital Security Scams How to Privacy Cybercrime Kids online Social media Internet of Things Malware Ransomware Secure coding Mobile security Criti

Scams 107
article thumbnail

Cisco Contributes to Cyber Hard Problems Report

Cisco Security

Skip to content Cisco Blogs / Security / Cisco Contributes to Cyber Hard Problems Report July 7, 2025 Leave a Comment Security Cisco Contributes to Cyber Hard Problems Report 6 min read Aamer Akhter While Cisco often focuses on business growth and market leadership, our most rewarding work happens when we set those metrics aside. These projects aren’t about driving profits — they’re about using our expertise to tackle challenges that benefit everyone.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

FBI Warning: Scattered Spider Hackers Are Targeting Airlines, Too

Tech Republic Security

Scattered Spider hackers are now targeting airlines with advanced social engineering tactics to bypass MFA and breach critical systems, the FBI warns.

article thumbnail

SAP’s July 2025 Patch Day Brings 27 New Notes, Multiple Critical RCE & Deserialization Flaws (CVSS 10.0)

Penetration Testing

The post SAP’s July 2025 Patch Day Brings 27 New Notes, Multiple Critical RCE & Deserialization Flaws (CVSS 10.0) appeared first on Daily CyberSecurity.

article thumbnail

That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat

The Hacker News

With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most important threats to your organization?

Firewall 123
article thumbnail

Cisco removed the backdoor account from its Unified Communications Manager

Security Affairs

Digital communications technology giant Cisco addressed a static SSH credentials vulnerability in its Unified Communications Manager (Unified CM). A flaw, tracked as CVE-2025-20309 (CVSS score of 10), in Cisco Unified Communications Manager and its Session Management Edition lets remote attackers log in using hardcoded root credentials set during development.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.