Schneier on Security

JULY 3, 2025

Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report. The incident was disclosed in a justice department inspector general’s audit of the FBI’s efforts to mitigate the effects of “ubiquitous technical surveillance,” a t

Surveillance 283

Surveillance 283

Krebs on Security

JULY 3, 2025

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook , Github , PayPal and Twitter/X.

Scams 193

Scams Accountability Government Technology 193

Penetration Testing

JULY 3, 2025

A critical flaw (CVE-2025-34067, CVSS 10.0) in HIKVISION applyCT allows unauthenticated RCE via Fastjson deserialization, risking surveillance systems. Patch immediately!

Surveillance 126

Surveillance Risk Cybersecurity 126

The Hacker News

JULY 3, 2025

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices.

Telecommunications 104

Telecommunications Government Media Hacking 104

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Penetration Testing

JULY 3, 2025

A critical flaw (CVE-2025-49826, CVSS 7.5) in Next.js causes cache poisoning, leading to DoS by serving cached HTTP 204 responses for static pages.

Cybersecurity 108

Cybersecurity 108

Malwarebytes

JULY 3, 2025

The “El Chapo” Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to identify and kill potential witnesses, the US Department of Justice has said. And seven years on, the Bureau’s defenses against this kind of surveillance are still inadequate. The findings came to light in a June 2025 report from the DoJ’s Inspector General.

Hacking 106

Hacking Surveillance Risk Mobile 106

The Hacker News

JULY 3, 2025

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk.

Cryptocurrency 107

Cryptocurrency Risk Cybersecurity 107

Malwarebytes

JULY 3, 2025

Microsoft, DocuSign, Adobe, McAfee, NortonLifeLock, PayPal, and Best Buy’s Geek Squad are being impersonated online through malicious emails that contain fake telephone support numbers and dangerous QR codes that can ensnare victims into phishing scams. The brands and their products are frequently relied upon for everyday administration, like sending emails, obtaining signatures, viewing documents, receiving payments, and even getting tech help, emphasizing the threat these phishing campaigns ha

Scams 102

Scams Phishing Social Engineering Small Business 102

Penetration Testing

JULY 3, 2025

The post Microsoft Edge Alert: Two High-Severity Flaws (CVE-2025-6554, CVE-2025-49713) Allow Remote Code Execution, One Actively Exploited appeared first on Daily CyberSecurity.

Cybersecurity 92

Cybersecurity 92

Security Affairs

JULY 3, 2025

A data breach at Kelly Benefits has impacted 550,000 people, with the number of affected individuals growing as the investigation continues. Benefits and payroll solutions firm Kelly Benefits has confirmed that a recent data breach has affected 550,000 individuals. As the investigation continued, the scale of the impact expanded, revealing that more people were affected than initially believed.

Data breaches 108

Data breaches Accountability Hacking Ransomware 108

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Penetration Testing

JULY 3, 2025

A flaw (CVE-2025-46647) in Apache APISIX's OpenID Connect plugin allows authenticated attackers to bypass token issuer validation and gain unauthorized cross-issuer access.

Authentication 96

Authentication 96

Security Affairs

JULY 3, 2025

China-linked group Houken hit French govt, telecom, media, finance and transport sectors using Ivanti CSA zero-days, says France’s ANSSI. France’s cyber agency ANSSI revealed that a Chinese hacking group used Ivanti CSA zero-days to target government, telecom, media, finance, and transport sectors. The campaign, active since September 2024, is linked to the Houken intrusion set, which overlaps with UNC5174 (aka Uteus), tracked by Mandiant.

Government 76

Government Media Hacking Education 76

Malwarebytes

JULY 3, 2025

If an app markets itself as being for “child monitoring”, a customer might expect that their data and those of the person you’re monitoring is handled with the utmost care and respect. However, as we’ve seen many times before, stalkerware (which is what monitoring software is known as) apps have a tendency to be low quality and lack security. Stalkerware refers to apps and other monitoring software that enable someone to secretly spy on another person’s private life via their mobile device

Marketing 90

Marketing Mobile Surveillance Software 90

Penetration Testing

JULY 3, 2025

PHP patches two flaws: CVE-2025-1735 allows SQL injection/crashes in pgsql, and CVE-2025-6491 enables DoS in SOAP via oversized XML. Update immediately!

Cybersecurity 94

Cybersecurity 94

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Zero Day

JULY 3, 2025

X Trending Amazon Prime Day is July 8 - 11: Here's what you need to know Best Prime Day deals overall 2025 Best Sam's Club tech deals 2025 Best Buy Black Friday in July deals 2025 Best Walmart tech deals 2025 Best Prime Day tablet deals 2025 Best Prime Day headphone deals 2025 Best Prime Day laptop deals 2025 Best Prime Day TV deals 2025 Best Prime Day PS5 deals 2025 Best Prime Day gaming deals 2025 Best July 4th tech deals 2025 Best July 4th TV deals 2025 Best remote access software o

Password Management 91

Password Management Passwords Artificial Intelligence Firmware 91

WIRED Threat Level

JULY 3, 2025

LGBTIQ+ organizations in El Salvador are using technology to protect themselves and create a record of the country’s ongoing authoritarian escalations against their community. It’s not without risks.

Technology 84

Technology Risk 84

Security Boulevard

JULY 3, 2025

A Barracuda Networks analysis of unsolicited and malicious emails sent between February 2022 to April 2025 indicates 14% of the business email compromise (BEC) attacks identified were similarly created using a large language model (LLM). The post Analysis Surfaces Increased Usage of LLMs to Craft BEC Attacks appeared first on Security Boulevard.

Social Engineering 80

Social Engineering Security Awareness Engineering 80

Penetration Testing

JULY 3, 2025

Sucuri uncovers a stealthy WordPress malware plugin that mimics your domain to inject SEO spam for bots while remaining invisible to users, evading detection.

Malware 81

Malware Engineering Cybersecurity 81

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

WIRED Threat Level

JULY 3, 2025

IARPA director Rick Muller is departing after just over a year at the R&D unit that invests in emerging technologies of potential interest to agencies like the NSA and the CIA, WIRED has learned.

Technology 90

Technology 90

Security Affairs

JULY 3, 2025

Resecurity found a breach in Brazil’s CIEE One platform, exposing PII and documents, later sold by data broker “888” on the dark web. Resecurity identified a data breach of one of the major platforms in Brazil connecting businesses and trainees called CIEE One – leading to the compromise of sensitive PII, including ID records, contact information, medical reports, scans of documents, and other related data.

Data breaches 80

Data breaches Identity Theft Telecommunications Hacking 80

The Hacker News

JULY 3, 2025

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the company's Satori Threat Intelligence and Research Team.

Scams 86

Scams Malware Mobile 86

Security Affairs

JULY 3, 2025

Europol shuts down Archetyp Market, longest-running dark web drug site, the police arrested the admin in Spain, top vendors hit in Sweden. An international law enforcement operation led by German authorities has shut down Archetyp Market, the longest-running dark web drug marketplace, in a coordinated operation across six countries with support from Europol and Eurojust.

Marketing 76

Marketing Hacking Cybercrime Information Security 76

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Penetration Testing

JULY 3, 2025

SCATTERED SPIDER targets U.S. airlines with ransomware, vishing, and VMware exploits—CrowdStrike warns of a rising threat across cloud identities.

Ransomware 71

Ransomware Phishing Cybercrime 71

We Live Security

JULY 3, 2025

Deep cuts in federal cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to a cyberattack.

Government 72

Government Risk Cybersecurity 72

Penetration Testing

JULY 3, 2025

The post Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out appeared first on Daily CyberSecurity.

Authentication 68

Authentication Cybersecurity 68

Heimadal Security

JULY 3, 2025

Amsterdam, Netherlands – July 3, 2025 – Heimdal, a leading European provider of unified, AI-driven cybersecurity solutions, today announced a strategic distribution partnership with Portland, a top-tier IT channel specialist in the Benelux region. The collaboration gives Managed Service Providers (MSPs) across Belgium, the Netherlands, and Luxembourg streamlined access to Heimdal’s award-winning Extended Detection and […] The post Heimdal Partners with Portland to Deliver Unified Cyb

Cybersecurity 78

Cybersecurity 78

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

JULY 3, 2025

Wiz Research Team uncovers rapid exploitation of exposed JDWP interfaces, deploying XMRig cryptominers in TeamCity and other Java environments within hours of exposure.

Malware 68

Malware Cybersecurity 68

The Hacker News

JULY 3, 2025

If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday’s SOC, today's reality is different.

79

79

Penetration Testing

JULY 3, 2025

The post CIEE Data Breach Exposes 248K Brazilian Records: Medical Reports, CVs, & Videos Leaked from Google Cloud appeared first on Daily CyberSecurity.

Data breaches 68

Data breaches Cybersecurity Cybercrime 68

Cisco Security

JULY 3, 2025

Skip to content Cisco Blogs / Security / Secure Your Business With Cisco Hybrid Mesh Firewall Solutions July 3, 2025 Leave a Comment Security Secure Your Business With Cisco Hybrid Mesh Firewall Solutions 3 min read Renato Morais Technology is advancing faster than ever, and with it comes new challenges for businesses trying to stay secure. From hybrid cloud setups to remote work and the rise of AI tools, keeping your organization safe isn’t as simple as it used to be.

Firewall 64

Firewall IoT Risk Technology 64

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!