Schneier on Security

JUNE 17, 2025

If you’ve worried that AI might take your job, deprive you of your livelihood, or maybe even replace your role in society, it probably feels good to see the latest AI tools fail spectacularly. If AI recommends glue as a pizza topping , then you’re safe for another day. But the fact remains that AI already has definite advantages over even the most skilled humans, and knowing where these advantages arise—and where they don’t—will be key to adapting to the AI-infused

Advertising 263

Advertising Marketing Accountability Software 263

The Hacker News

JUNE 17, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2023-33538 (CVSS score: 8.

Wireless 122

Wireless Cybersecurity 122

Zero Day

JUNE 17, 2025

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

Authentication 108

Authentication Password Management Small Business Passwords 108

Trend Micro

JUNE 17, 2025

A recent attack campaign took advantage of exposed Docker Remote APIs and used the Tor network to deploy a stealthy cryptocurrency miner. This blog breaks down the attack chain.

Cryptocurrency 127

Cryptocurrency Malware 127

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Hacker News

JUNE 17, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2023-0386 (CVSS score: 7.

Cybersecurity 102

Cybersecurity 102

Duo's Security Blog

JUNE 17, 2025

We’re excited to announce a major update to Instant Restore for Duo Mobile on Android. This update brings multiple improvements which make it easier to move to a new device without losing access to your MFA accounts. Before we dive into the new feature, let’s quickly review how Instant Restore worked on Android prior to this update. When backing up both Duo and third-party accounts, the steps to start backing up are: Enable Instant Restore in Duo Mobile’s settings Select a Google Drive account f

Backups 111

Backups Mobile Accountability Encryption 111

The Last Watchdog

JUNE 17, 2025

Last week at Microsoft Build , Azure CTO Mark Russinovich made headlines by telling the truth. Related: A basis for AI optimism In a rare moment of public candor from a Big Tech executive, Russinovich warned that current AI architectures—particularly autoregressive transformers—have structural limitations we won’t engineer our way past. And more than that, he acknowledged the growing risk of jailbreak-style attacks that can trick AI systems into revealing sensitive content or misbehaving in ways

Risk 130

Risk Architecture Engineering Internet 130

The Hacker News

JUNE 17, 2025

A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3).

Technology 117

Technology 117

Security Affairs

JUNE 17, 2025

GreyNoise researchers have observed exploit attempts targeting the remote code execution vulnerability CVE-2023-28771 in Zyxel devices. On June 16, GreyNoise researchers detected exploit attempts targeting CVE-2023-28771 (CVSS score 9.8), a remote code execution flaw impacting Zyxel IKE decoders over UDP port 500. “Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks.

Firewall 108

Firewall Internet Internet Hacking 108

The Hacker News

JUNE 17, 2025

Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Today’s ransomware attacks initially target your last line of defense — your backup infrastructure. Before locking up your production environment, cybercriminals go after your backups to cripple your ability to recover, increasing the odds of a ransom payout.

Backups 92

Backups Ransomware 92

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Penetration Testing

JUNE 17, 2025

Qualys uncovered two critical Linux flaws (CVE-2025-6018, CVE-2025-6019) allowing local root privilege escalation via PAM and UDisks. Patching is urgent for major distros.

Cybersecurity 82

Cybersecurity 82

The Hacker News

JUNE 17, 2025

Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions. The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10.0.

Backups 93

Backups Authentication Software 93

Security Affairs

JUNE 17, 2025

State-sponsored hackers compromised the email accounts of several journalists working at the Washington Post. A cyberattack, likely carried out by state-sponsored hackers, compromised the Microsoft email accounts of Washington Post journalists, including reporters covering China and national security. “A cyberattack on the Washington Post compromised email accounts of several journalists and was potentially the work of a foreign government, company officials told some affected staffers in

Accountability 104

Accountability Cyber Attacks Media Hacking 104

The Hacker News

JUNE 17, 2025

The notorious cybercrime group known as Scattered Spider (aka UNC3944) that recently targeted various U.K. and U.S. retailers has begun to target major insurance companies, according to Google Threat Intelligence Group (GTIG). "Google Threat Intelligence Group is now aware of multiple intrusions in the U.S.

Insurance 96

Insurance Retail Cybercrime 96

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Malwarebytes

JUNE 17, 2025

In a confirmation that we’ve gone full Black Mirror, the UK’s privacy czar has wagged a finger at air fryer manufacturers and told them to stop playing with our data. New draft guidance from the Information Commissioner’s Office (ICO) targets not just air fryer vendors but manufacturers of any smart home products, ranging from smart lighting systems through to internet-connected refrigerators and connected toys.

IoT 114

IoT Manufacturing Internet Internet 114

The Hacker News

JUNE 17, 2025

A former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret National Defense Information (NDI) to people who were not entitled to receive them and for attempting to cover up the malicious activity.

94

94

Penetration Testing

JUNE 17, 2025

The post Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers appeared first on Daily CyberSecurity.

Backups 72

Backups Cybersecurity 72

The Hacker News

JUNE 17, 2025

Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated remote code execution. Sitecore Experience Platform is an enterprise-oriented software that provides users with tools for content management, digital marketing, and analytics and reports.

Passwords 83

Passwords Risk Marketing Authentication 83

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Boulevard

JUNE 17, 2025

Vulnerabilities, on their own, don’t mean much. You could be staring at thousands of scanner alerts every week, but unless you know which ones truly matter, you’re just reacting to. The post What Is Vulnerability Prioritization? A No-Fluff Playbook appeared first on Strobes Security. The post What Is Vulnerability Prioritization? A No-Fluff Playbook appeared first on Security Boulevard.

78

78

The Hacker News

JUNE 17, 2025

Cybersecurity researchers are warning of a new phishing campaign that's targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe. The activity is part of a broader campaign that delivered the Winos 4.

Malware 79

Malware Phishing Cybersecurity 79

Zero Day

JUNE 17, 2025

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

Password Management 118

Password Management Small Business Artificial Intelligence Software 118

Webroot

JUNE 17, 2025

Ready, set, pack! Summer travel season is here and that means family road trips, beach vacations, international adventures and more. While summertime is prime time for getaways, did you know it’s also prime time for online fraud? Scammers are targeting the travel industry, putting millions of travelers at increased risk. Research shows that the travel and tourism sector ranked third in cyberattacks, with nearly 31% of hospitality organizations experiencing a data breach and a record 340 million

VPN 82

VPN Scams Computers and Electronics Phishing 82

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Penetration Testing

JUNE 17, 2025

Mastodon updates its Terms of Service, formally prohibiting unauthorized AI data scraping and LLM training, effective July 1, 2025. Other Fediverse instances may follow.

Media 98

Media Technology 98

Security Boulevard

JUNE 17, 2025

Researchers with HiddenLayers uncovered a new vulnerability in LLMs called TokenBreak, which could enable an attacker to get around content moderation features in many models simply by adding a few characters to words in a prompt. The post Novel TokenBreak Attack Method Can Bypass LLM Security Features appeared first on Security Boulevard.

Data privacy 72

Data privacy Security Awareness Mobile Cybersecurity 72

The Hacker News

JUNE 17, 2025

Cybersecurity researchers have disclosed a now-patched security flaw in LangChain's LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security.

Cybersecurity 75

Cybersecurity 75

Penetration Testing

JUNE 17, 2025

Google Chrome 137.0.7151.119/.120 is rolling out with crucial security fixes, addressing two high-severity flaws: an integer overflow in V8 and a use-after-free in Profiler.

Cybersecurity 69

Cybersecurity 69

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

JUNE 17, 2025

The cybersecurity industry moves fast! The attackers are constantly adapting and relentless in their pursuits that victimize others. New users are being added to the global online ecosystem. Services are hungry for data, which is rising in total value. The result is more attacks and greater impacts. These detrimental effects shift consumers’ expectations which in turn drive the slow gears of regulation.

Cybersecurity 64

Cybersecurity Engineering Risk CISO 64

The Hacker News

JUNE 17, 2025

For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten. To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or test environments) are often left active with non-expiring or stale passwords.

Accountability 75

Accountability Risk Passwords 75

Penetration Testing

JUNE 17, 2025

The post Urgent Ubiquiti Alert: Critical Flaws (CVSS 9.9) Allow Privilege Escalation via XSS & SQL Injection appeared first on Daily CyberSecurity.

Cybersecurity 65

Cybersecurity 65

SecureWorld News

JUNE 17, 2025

Scattered Spider, the notorious threat group known for targeting major retailers and employing advanced social engineering techniques, has reportedly shifted its focus to the U.S. insurance industry, according to a new warning from Google's Threat Intelligence Group (GTIG). The group, which previously disrupted operations at several high-profile retail organizations in the U.K. and the U.S., is now believed to be behind several digital break-ins affecting U.S.

Insurance 64

Insurance Cyber Attacks Social Engineering Retail 64

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!