Penetration Testing
JULY 18, 2025
CrushFTP has issued an urgent advisory for CVE-2025-54309, a critical zero-day allowing remote exploitation via HTTP(S), already being actively used in the wild.
Security Affairs
JULY 18, 2025
VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them. Broadcom four vulnerabilities in VMware products demonstrated at Pwn2Own Berlin 2025. White hat hackers earned over $340,000 for VMware exploits, including $150,000 awarded to STARLabs SG for using an integer overflow flaw to compromise VMware ESXi.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
JULY 18, 2025
Google is suing the operators of BadBox 2.0, one of the world's largest smart TV botnets, to combat digital fraud and protect over 10 million infected Android devices.
Security Affairs
JULY 18, 2025
A modern AI-based SOC platform must adapt in real time to handle alert overloads and fast-moving threats, surpassing traditional SIEM tools. Modern security operations centers (SOCs) are under immense pressure. Analysts are overwhelmed, alert queues are overflowing, and attackers are moving faster than ever. Where once it was enough to have good visibility and a decent SIEM, security operations today require need platforms that can think, act, and adapt in real time.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Penetration Testing
JULY 18, 2025
The post Grafana Patches XSS (CVE-2025-6023) and Open Redirect (CVE-2025-6197) Flaws in Recent Security Release appeared first on Daily CyberSecurity.
The Hacker News
JULY 18, 2025
Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape by Google-owned cloud security company Wiz.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Penetration Testing
JULY 18, 2025
Nvidia released patches for critical vulnerabilities (CVE-2025-23270, CVE-2025-23269) in Jetson Linux and IGX, allowing RCE, data tampering, and info disclosure.
Security Affairs
JULY 18, 2025
Japanese police released a free decryptor for Phobos and 8Base ransomware, letting victims recover files without paying ransom. Japanese authorities released a free decryptor for Phobos and 8Base ransomware , allowing victims to recover files without paying. Japanese police released the free decryptor for ransomware families, which was likely built using intel from a recent gang takedown.
Penetration Testing
JULY 18, 2025
A new ransomware, KAWA4096, combines features from Qilin and Akira, targeting organizations in the US and Japan with multi-threaded encryption and anti-recovery measures.
The Hacker News
JULY 18, 2025
Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Penetration Testing
JULY 18, 2025
NetSPI uncovered CVE-2025-4660 in Forescout SecureConnector, allowing unauthenticated attackers to hijack endpoints remotely via a misconfigured named pipe.
Security Boulevard
JULY 18, 2025
Google is suing the operators behind BadBox 2.0, accusing multiple Chinese threat groups of playing different roles in the operation of the massive botnet that rolled up more than 10 million devices to run large-scale ad fraud and other malicious campaigns. The post Google Sues the Operators Behind the BadBox 2.0 Botnet appeared first on Security Boulevard.
Penetration Testing
JULY 18, 2025
The post Major npm Supply Chain Attack: Phishing Campaign Steals Maintainer Credentials, Injects Malware into Popular Packages appeared first on Daily CyberSecurity.
The Hacker News
JULY 18, 2025
With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Penetration Testing
JULY 18, 2025
CISA added CVE-2025-25257, a critical FortiWeb SQL injection vulnerability (CVSS 9.6), to its KEV Catalog, confirming active exploitation in the wild. Update immediately!
Security Boulevard
JULY 18, 2025
Most security teams subscribe to more threat‑intel feeds than they can digest, yet attackers keep winning. Cyware’s Jawahar Sivasankaran explains why: Outside the Fortune 500 and federal agencies, many organizations still treat cyberthreat intelligence (CTI) as another inbox rather than an engine for action. They know intel is “absolutely critical,” but legacy tools and skill gaps.
The Hacker News
JULY 18, 2025
Google on Thursday revealed it's pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. "The BADBOX 2.
Security Boulevard
JULY 18, 2025
Zimperium, a provider of mobile security software, this week published a report that notes more than 5 million unsecured public Wi-Fi networks have been detected globally since the beginning of 2025 The post Summer Vacation Alert Surfaces More Than 5 Million Unsecured Wi-Fi Networks appeared first on Security Boulevard.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Tech Republic Security
JULY 18, 2025
Researchers recently demoed GPUHammer, the first Rowhammer-style exploit targeting GPU memory, posing major threats to AI reliability and data integrity.
The Hacker News
JULY 18, 2025
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that's designed to deliver a malware codenamed LAMEHUG. "An obvious feature of LAMEHUG is the use of LLM (large language model), used to generate commands based on their textual representation (description)," CERT-UA said in a Thursday advisory.
Security Boulevard
JULY 18, 2025
Cambodian police and military arrested more than 1,000 people in a crackdown on cyberscam operations that have proliferated in recent years in Southeast Asia and now are spreading globally, ensnaring hundreds of thousands of people in human trafficking schemes who are forced to run romance and other online frauds. The post Cambodia Arrests More Than 1,000 in Cyberscam Crackdown appeared first on Security Boulevard.
The Hacker News
JULY 18, 2025
Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a broader cyber espionage campaign.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
JULY 18, 2025
LameHug malware uses AI to create data-theft commands on infected Windows systems. Ukraine links it to the Russia-nexus APT28 group. Ukrainian CERT-UA warns of a new malware strain dubbed LameHug that uses a large language model (LLM) to generate commands to be executed on compromised Windows systems. Ukrainian experts attribute the malware to the Russia-linked group APT28 (aka UAC-0001, Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ). “An obvious feature
Appknox
JULY 18, 2025
The risk that goes unseen Most mobile security conversations start with code: vulnerabilities, misconfigurations, tokens, and flaws. But few discussions focus on a critical dimension— location : not where an app is used, but where its data travels.
Security Affairs
JULY 18, 2025
Hackers breached Anne Arundel Dermatology systems for three months, potentially exposing personal and health data of 1.9 million people. Anne Arundel Dermatology is a physician-owned and managed dermatology group headquartered in Maryland, founded over 50 years ago. It’s one of the largest dermatology providers in the Mid‑Atlantic and Southeastern United States, operating more than 100 clinics across seven states with over 275 clinicians.
Graham Cluley
JULY 18, 2025
The future of cybersecurity awareness might just be… gluten-based.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
JULY 18, 2025
Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as Meiya Pico.
Security Boulevard
JULY 18, 2025
We must pay attention to what holds everything together - the glue. That’s where the real MCP vulnerabilities are hiding. The post Critical MCP Vulnerabilities are Slipping Through the Cracks appeared first on Security Boulevard.
Schneier on Security
JULY 18, 2025
The Chinese have a new tool called Massistant. Massistant is the presumed successor to Chinese forensics tool, “MFSocket”, reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gains access to device GPS location data, SMS messages, images, audio, contacts and phone services.
Penetration Testing
JULY 18, 2025
Mark Zuckerberg and other Meta executives have settled an $8 billion shareholder lawsuit linked to repeated privacy violations from the 2018 Cambridge Analytica scandal.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
78 
Let's personalize your content