Thu.Jun 19, 2025

article thumbnail

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

Malwarebytes

When organizations, good or bad, start hoarding collections of login credentials the numbers quickly add up. Take the 184 million logins for social media accounts we reported about recently. Now try to imagine 16 billion! Researchers at Cybernews have discovered 30 exposed datasets containing from several millions to over 3.5 billion records each. In total, the researchers uncovered an unimaginable 16 billion records.

article thumbnail

Simplifying Decryption With Cisco’s Secure Firewall 7.7

Cisco Security

Skip to content Cisco Blogs / Security / Simplifying Decryption With Cisco’s Secure Firewall 7.7 June 19, 2025 Leave a Comment Security Simplifying Decryption With Cisco’s Secure Firewall 7.7 6 min read Gurdeep Gill Decryption is a fundamental pillar in combating modern cyber threats, empowering organizations to scrutinize encrypted web traffic and reveal concealed risks.

Firewall 129
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Mattel’s going to make AI-powered toys, kids’ rights advocates are worried

Malwarebytes

Toy company Mattel has announced a deal with OpenAI to create AI-powered toys, but digital rights advocates have urged caution. In a press release last week, the owner of the Barbie brand signed a “strategic collaboration” with the AI company, which owns ChatGPT. “By using OpenAI’s technology, Mattel will bring the magic of AI to age-appropriate play experiences with an emphasis on innovation, privacy, and safety,” it said.

article thumbnail

Researchers discovered the largest data breach ever, exposing 16 billion login credentials

Security Affairs

Researchers discovered the largest data breach ever, exposing 16 billion login credentials, likely due to multiple infostealers. Researchers announced the discovery of what appears to be the largest data breach ever recorded, with an astonishing 16 billion login credentials exposed. The ongoing investigation, which began earlier this year, suggests that the credentials were collected through multiple infostealer malware strains.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

End-to-end phishing resistance that’s actually deployable

Duo's Security Blog

In the modern cybersecurity landscape, attackers are no longer just one step ahead—they’re miles ahead. They know your organization likely uses multi-factor authentication (MFA). In fact, they’ve come to expect it. But here’s the problem: not all MFA is created equal, and attackers have learned to exploit its weaker forms. Phishing-resistant MFA is the answer, but—it’s been notoriously difficult to implement at scale for all workers and all use cases.

Phishing 110
article thumbnail

Self-Driving Car Video Footage

Schneier on Security

Two articles crossed my path recently. First, a discussion of all the video Waymo has from outside its cars: in this case related to the LA protests. Second, a discussion of all the video Tesla has from inside its cars. Lots of things are collecting lots of video of lots of other things. How and under what rules that video is used and reused will be a continuing source of debate.

LifeWorks

More Trending

article thumbnail

Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

The Hacker News

Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app passwords) as part of a novel social engineering tactic designed to gain access to victims' emails.

Passwords 107
article thumbnail

Israel–Iran Conflict Escalates in Cyberspace: Banks and Crypto Hit, Internet Cut

SecureWorld News

As kinetic conflict continues to unfold between Israel and Iran, a parallel battle is raging in cyberspace—one that is disrupting financial systems, wiping out crypto holdings, hijacking broadcast channels, and even triggering a near-total internet shutdown. The escalation marks one of the most comprehensive campaigns of cyber warfare in recent memory.

article thumbnail

BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with macOS Backdoor Malware

The Hacker News

The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices.

Malware 95
article thumbnail

Data Resilience in a Post-Quantum World

Security Boulevard

As cyberthreats grow more sophisticated and the quantum era draws closer, resilience is no longer just a best practice—it’s a business imperative. Many organizations have focused on breach prevention. Forward-looking enterprises are shifting to a resilience-first model. This model prioritizes continuity, recovery, and adaptability in the face of emerging risks.

Risk 96
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

AI and Data Security: Takeaways from Latest Cybersecurity Info Sheet

SecureWorld News

The 2025 Cybersecurity Information Sheet (CSI) on AI and Data Security offers critical guidance for organizations navigating the intersection of artificial intelligence and cybersecurity. The U.S. National Security Agency (NSA), in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and cybersecurity agencies from Australia, New Zealand, and the United Kingdom, released the guidance— AI Data Security: Best Practices for Securi

article thumbnail

Iran experienced a near-total national internet blackout

Security Affairs

Iran experienced a near-total internet blackout on Wednesday as tensions with Israel escalated into the first week of conflict. Global internet monitor NetBlocks reported almost near-total Internet disruptions in Iran as tensions with Israel escalated into the first week of conflict. However, the exact cause behind the collapse of Iran’s internet remains unclear.

article thumbnail

Secure Vibe Coding: The Complete New Guide

The Hacker News

DALL-E for coders? That’s the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces "silent killer" vulnerabilities: exploitable flaws that evade traditional security tools despite perfect test performance. A detailed analysis of secure vibe coding practices is available here.

article thumbnail

How the New HIPAA Regulations 2025 Will Impact Healthcare Compliance

Security Boulevard

The U.S. Department of Health and Human Services (HHS) is rolling out new HIPAA regulations in 2025. It’s designed to strengthen patient privacy and security in the face of these changes. These HIPAA updates are a response to the rise of telemedicine, the growing use of electronic health records (EHR), and an alarming increase in […] The post How the New HIPAA Regulations 2025 Will Impact Healthcare Compliance appeared first on Centraleyes.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft

The Hacker News

Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique campaigns.

Malware 92
article thumbnail

Banana Squad Strikes Again: 60+ GitHub Repositories Trojanized in New Software Supply Chain Attack

Penetration Testing

Banana Squad has compromised over 60 GitHub repos with malicious Python files, using UI quirks to hide malware and steal data from developers via a sophisticated supply chain attack.

article thumbnail

The MSP Cyber Snapshot – Weekly News with Adam Pilton – June 19th 2025

Heimadal Security

In this week’s Snapshot, cybersecurity advisor Adam Pilton breaks down the latest news on dodgy VPNs, sneaky phishing, a worrying shift from Scattered Spider, and more. Read on to find out how to avoid falling victim to similar threats. Adam is a former cyber detective with years of experience in this field. Use his insights […] The post The MSP Cyber Snapshot – Weekly News with Adam Pilton – June 19th 2025 appeared first on Heimdal Security Blog.

article thumbnail

The Identity Gaps in Agentic AI: 9 Problems We Must Solve to Secure the Future

Security Boulevard

AI agents have evolved from passive tools into proactive actors—making decisions, executing transactions, and interacting with APIs autonomously. Unlike traditional non-human identities (NHI) that serve narrow, static purposes, agentic identities are dynamic, ephemeral, and often independent in their actions. By 2026, Gartner predicts that 30% of enterprises will rely on AI agents that operate with.

72
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Facebook's new passkey support could let you ditch your password once and for all

Zero Day

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

article thumbnail

Massive Data Leak: Hacker Allegedly Selling 16 Billion Login Credentials from Major Tech Giants

Penetration Testing

A hacker is allegedly selling 16 billion login credentials, likely aggregated from past breaches via info-stealing malware, impacting major tech platforms. Use MFA to stay safe!

Malware 74
article thumbnail

A New Identity Playbook for AI Agents: Securing the Agentic User Flow

Security Boulevard

Artificial intelligence has reached an inflection point. AI agents are no longer just service accounts or background processes. They’re decision-makers, workflow executors, and digital delegates—acting autonomously across APIs, clouds, and systems. Unlike traditional non-human identities (NHI), like service accounts or static API keys, agentic identities are dynamic, ephemeral, and often self-directed.

article thumbnail

CISA Warning: Critical Flaw (CVE-2025-5310) Exposes Fueling Station Devices

Penetration Testing

CISA warns fuel infrastructure operators of a critical flaw (CVE-2025-5310) in Dover Fueling Solutions ProGauge MagLink devices, risking control

Risk 61
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Prepare for the UK Cyber Security and Resilience Bill

Pen Test Partners

TL;DR The UK Cyber Security and Resilience Bill (CS&R) was announced last year in the King’s Speech. It addresses gaps in current regulation, like NIS, with a broad scope, enhanced incident reporting requirements, and highlights the importance of supply chains in security. It is expected to come into force early 2026. Scope CS&R expands the […] The post Prepare for the UK Cyber Security and Resilience Bill appeared first on Pen Test Partners.

59
article thumbnail

Critical Versa Director Flaw: RCE Possible via HA Ports, PoC Available

Penetration Testing

A critical flaw (CVE-2024-45208, CVSS 9.8) in Versa Director allows unauthenticated RCE via exposed HA ports. PoC code is public, demanding immediate hardening.

article thumbnail

Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session

The Hacker News

Most cyberattacks today don’t start with loud alarms or broken firewalls. They start quietly—inside tools and websites your business already trusts. It’s called “Living Off Trusted Sites” (LOTS)—and it’s the new favorite strategy of modern attackers. Instead of breaking in, they blend in. Hackers are using well-known platforms like Google, Microsoft, Dropbox, and Slack as launchpads.

article thumbnail

Critical Privilege Escalation Flaw in FreeIPA Threatens Linux Domain Security

Penetration Testing

A critical flaw (CVE-2025-4404, CVSS 9.1) in FreeIPA allows authenticated users to escalate privileges to domain admin via Kerberos impersonation.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How Financial Institutions Can Meet DORA Compliance with Crypto-Agility

Security Boulevard

Today’s financial systems are highly digital and deeply interconnected. That’s great until something breaks. Whether it’s ransomware paralyzing critical services or cryptographic vulnerabilities quietly eroding trust, disruptions are no longer rare—they’re systemic. The Modern Heist Bank Report 2025 shows just how serious it’s become: 64% of surveyed financial institutions reported cyber incidents in the past […] The post How Financial Institutions Can Meet DORA Compliance with Crypto-Agility ap

Banking 59
article thumbnail

AntiDot Android Trojan: New MaaS Malware Records Screens, Intercepts SMS, & Steals Financial Data

Penetration Testing

The post AntiDot Android Trojan: New MaaS Malware Records Screens, Intercepts SMS, & Steals Financial Data appeared first on Daily CyberSecurity.

Malware 61
article thumbnail

Five Uncomfortable Truths About LLMs in Production

Security Boulevard

Many tech professionals see integrating large language models (LLMs) as a simple process -just connect an API and let it run. At Wallarm, our experience has proved otherwise. Through rigorous testing and iteration, our engineering team uncovered several critical insights about deploying LLMs securely and effectively. This blog shares our journey of integrating cutting-edge AI [.

article thumbnail

PylangGhost: North Korean APT Deploys Python-Based RAT to Target Crypto Professionals

Penetration Testing

North Korean APT Famous Chollima (Wagemole) is using a new Python-based RAT, PylangGhost, in fake job interviews to target crypto professionals and steal credentials.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!