Fri.Jun 20, 2025

article thumbnail

Surveillance in the US

Schneier on Security

Good article from 404 Media on the cozy surveillance relationship between local Oregon police and ICE: In the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of surveillance tools and tactics they have access to and felt comfortable using, and in some cases offered to perform surveillance for their colleagues in other departments.

article thumbnail

Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal

Penetration Testing

A critical flaw (CVE-2025-4981, CVSS 9.9) in Mattermost allows authenticated users to achieve RCE via path traversal during archive uploads. Update immediately!

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider

The Hacker News

Cloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider.

DDOS 129
article thumbnail

Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider

Security Affairs

Cloudflare blocked a record-breaking 7.3 Tbps DDoS attack in May 2025. Cloudflare blocked a record 7.3 Tbps DDoS attack in May 2025, 12% greater than its previous peak and 1 Tbps greater than the attack reported by the popular cyber journalist Brian Krebs. The attack targeted a Cloudflare customer, a hosting provider using the company’s DDoS protection solution Magic Transit.

DDOS 120
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Future-Proof Your Network With Cisco’s Simpler, Smarter, Safer SD-WAN

Cisco Security

Cisco's latest updates to our SD-WAN solutions showcase our commitment to innovation. These advancements empower businesses and deliver secure connectivity.

Firewall 128
article thumbnail

Linux flaws chain allows Root access across major distributions

Security Affairs

Researchers discovered two local privilege escalation flaws that could let attackers gain root access on systems running major Linux distributions. Qualys researchers discovered two local privilege escalation (LPE) vulnerabilities, an attacker can exploit them to gain root privileges on machines running major Linux distributions. The two vulnerabilities are: CVE-2025-6018: LPE from unprivileged to allow_active in *SUSE 15’s PAM CVE-2025-6019: LPE from allow_active to root in libblockdev vi

LifeWorks

More Trending

article thumbnail

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Zero Day

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

Passwords 106
article thumbnail

Iran's State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist

The Hacker News

Iran's state-owned TV broadcaster was hacked Wednesday night to interrupt regular programming and air videos calling for street protests against the Iranian government, according to multiple reports. It's currently not known who is behind the attack, although Iran pointed fingers at Israel, per Iran International.

article thumbnail

Aflac Discloses Cybersecurity Incident, Customer Data Potentially Exposed Amid Industry-Wide Attacks

eSecurity Planet

Insurance giant Aflac Incorporated has confirmed it was hit by a cybersecurity breach this month, making it one of the latest casualties in a growing wave of cyberattacks targeting US insurance companies. The company says it contained the attack within hours and continues to operate normally, but warns that sensitive customer information may have been exposed.

article thumbnail

IBM QRadar SIEM Exposed by Trio of Security Flaws, Including Critical Command Execution Bug

Penetration Testing

IBM warns of three critical QRadar SIEM flaws (CVSS 9.1 RCE, XXE, info disclosure). Update to 7.5.0 UP12 IF02 immediately to protect your SIEM.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers

The Hacker News

Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python-based hacking tools, but deliver trojanized payloads instead.

Hacking 84
article thumbnail

Krispy Kreme hack exposed sensitive data of over 160,000 people

Graham Cluley

Krispy Kreme, the dispenser of delectable doughnuts, has revealed that an astonishingly wide range of personal information belonging to past and present employees, as well as members of their families, was accessed by hackers during a cyber attack last year. Read more in my article on the Hot for Security blog.

Hacking 99
article thumbnail

I upgraded my Pixel 9 Pro to Android 16 - here's what I love (and what's still missing)

Zero Day

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

article thumbnail

A ransomware attack pushed the German napkin firm Fasana into insolvency

Security Affairs

A cyberattack pushed the German napkin firm Fasana into insolvency, likely worsening existing financial troubles and serving as the final blow. German napkin maker Fasana filed for insolvency after a major cyberattack on May 19 paralyzed its systems, halting over €250K in orders the next day. The napkin factory is located in Stotzheim, Germany, and has 240 employees.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Forget Ray-Bans: The $499 Meta Oakley smart glasses are better in almost every way

Zero Day

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

article thumbnail

Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms

The Hacker News

The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals. The new feature takes the form of a "Call Lawyer" feature on the affiliate panel, per Israeli cybersecurity company Cybereason.

article thumbnail

Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover

Penetration Testing

Skip to content June 20, 2025 Linkedin Twitter Facebook Youtube Daily CyberSecurity Primary Menu Home Cyber Criminals Cyber Security Data Leak Linux Malware Vulnerability Submit Press Release Vulnerability Report Windows Search for: Home News Vulnerability Report Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover Vulnerability Report Urgent WordPress Alert: Motors Theme Flaw (CVE-2025-4322) Actively Exploited for Site Takeover Ddos June 20, 2025 Last m

article thumbnail

Your passwords are everywhere: What the massive 16 billion login leak means for you

Security Boulevard

Security researchers discovered 16 billion stolen passwords from Apple, Google, Facebook and more. Unlike traditional hacks, malicious software infected millions of personal devices, secretly stealing every login. Here's what this means for your accounts and how to protect yourself immediately. The post Your passwords are everywhere: What the massive 16 billion login leak means for you appeared first on Security Boulevard.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Critical Pterodactyl RCE (CVSS 10.0): Unauthenticated Attackers Exploiting Flaw Now!

Penetration Testing

A critical RCE flaw (CVE-2025-49132, CVSS 10.0) in Pterodactyl game server panel allows unauthenticated arbitrary code execution. Malicious actors are already exploiting it.

article thumbnail

6 Steps to 24/7 In-House SOC Success

The Hacker News

Hackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That’s when they can count on fewer security personnel monitoring systems, delaying response and remediation.

Retail 83
article thumbnail

Is Your CISO Ready to Flee? 

Security Boulevard

Companies with $1 billion in revenue or less might want to give a heads-up to HR to kickstart the search for a new CISO — because according to a study from IANS Research, your current CISO might be out the door within a year. The 363 CISOs in SMBs surveyed for the 2025 Small and. The post Is Your CISO Ready to Flee? appeared first on Security Boulevard.

CISO 84
article thumbnail

Iran Plunges into Near-Total Internet Blackout Amid Escalating Cyberwar with Israel

Penetration Testing

Iran has drastically cut internet connectivity to 3% nationwide, citing Israeli cyberattacks. The blackout includes international calls, affecting millions amid rising tensions.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

How Agentic AI Can Secure Network Infrastructure?

Security Boulevard

We’ve officially entered the era of agentic AI—where systems do more than just follow instructions. These AI agents can now act autonomously, make decisions, execute tasks, and learn continuously from their interactions within digital environments. In the context of network infrastructure and penetration testing, agentic AI marks a major leap forward.

article thumbnail

This overlooked phone accessory gave me a greater sense of security - and it's not a case

Zero Day

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

article thumbnail

Qilin offers “Call a lawyer” button for affiliates attempting to extort ransoms from victims who won’t pay

Graham Cluley

Imagine for one moment that you are a cybercriminal. You have compromised an organisation's network, you have stolen their data, you have encrypted their network, and you are now knee-deep in the ransomware negotiation. However, there's a problem. Your target is stalling for time. Who can you, as the perpetrator of the crime rather than the innocent victim, turn to for advice?

article thumbnail

SERPENTINE#CLOUD: Stealthy Malware Campaign Leverages Cloudflare Tunnels for In-Memory RAT Delivery

Penetration Testing

The SERPENTINE#CLOUD campaign exploits Cloudflare Tunnel subdomains and LNK files to deliver in-memory RATs like AsyncRAT and Remcos, evading detection.

Malware 69
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

10 strategies OpenAI uses to create powerful AI agents - that you should use too

Zero Day

AI agents promise next-level automation, but where do you start? Here are OpenAI's ten proven strategies to build smarter, safer, and more manageable agents that actually get things done.

103
103
article thumbnail

OpenVPN Driver Flaw: Local Users Can Crash Windows Systems via Buffer Overflow

Penetration Testing

A flaw in the OpenVPN Windows kernel driver allows unprivileged local users to crash systems (BSOD) via oversized control packets. Update to 2.6.14-I002.

article thumbnail

I finally found a Lenovo ThinkPad I'm comfortable taking to the office without a charger

Zero Day

X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder

article thumbnail

The $4.88 Million Question: Why Password-Based Breaches Are Getting More Expensive

Security Boulevard

The $4.88 million question isn't really whether organizations can afford to implement passwordless authentication—it's whether they can afford not to. With breach costs rising 10% annually, credential-based attacks representing the primary threat vector, and operational costs of password management continuing to escalate, the economic case for passwordless transformation has moved from compelling to urgent.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!