Jane Frankland

JULY 1, 2025

Most of us have heard the saying, “No pain, no gain.” For cybersecurity leaders navigating the high-stakes world of defending critical systems, this phrase takes on a whole new meaning. Pain, in this context, doesn’t have to mean the physical discomfort. Instead, it’s the uncomfortable reality of facing constant threats, adapting to a rapidly shifting landscape, and shouldering the pressure of being the frontline defence for organisations.

Cybersecurity 130

Cybersecurity Risk Cloud Migration CISO 130

Schneier on Security

JULY 3, 2025

Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI official’s phone records and use Mexico City’s surveillance cameras to help track and kill the agency’s informants in 2018, according to a new US justice department report. The incident was disclosed in a justice department inspector general’s audit of the FBI’s efforts to mitigate the effects of “ubiquitous technical surveillance,” a t

Surveillance 290

Surveillance 290

Krebs on Security

JULY 3, 2025

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook , Github , PayPal and Twitter/X.

Scams 216

Scams Accountability Government Technology 216

Troy Hunt

JULY 2, 2025

I always used to joke that when people used Have I Been Pwned (HIBP), we effectively said "Oh no - you've been pwned! Uh, good luck!" and left it at that. That was fine when it was a pet project used by people who live in a similar world to me, but it didn't do a lot for the everyday folks just learning about the scary world of data breaches.

Data breaches 188

Data breaches Financial Services Passwords Hacking 188

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Last Watchdog

JUNE 30, 2025

Palo Alto, Calif., Jun. 30, 2025, CyberNewswire–Every security practitioner knows that employees are the weakest link in an organization, but this is no longer the case. SquareX ’s research reveals that Browser AI Agents are more likely to fall prey to cyberattacks than employees, making them the new weakest link that enterprise security teams need to look out for.

Security Awareness 162

Security Awareness Risk Media Phishing 162

Schneier on Security

JULY 2, 2025

A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted in significant performance drops. Now, people are rethinking the trade-off. Ubuntu has disabled some protections, resulting in 20% performance boost.

Malware 267

Malware 267

Troy Hunt

JULY 2, 2025

I'm in Austria! Well, I was in Austria, I'm now somewhere over the Aussie desert as I try and end this trip on top of my "to-do" list. The Have I Been Pwned Alpine Grand Tour was a great success with loads of time spent with govs, public meetups and users of this little data breach project that kinda escalated. As I say in the vid, I'm posting a lot more pics publicly to my Facebook page , so if you want to see the highlights, head over there.

Data breaches 224

Data breaches 224

Penetration Testing

JULY 3, 2025

A critical flaw (CVE-2025-34067, CVSS 10.0) in HIKVISION applyCT allows unauthenticated RCE via Fastjson deserialization, risking surveillance systems. Patch immediately!

Surveillance 128

Surveillance Risk Cybersecurity 128

Schneier on Security

JUNE 30, 2025

American democracy runs on trust, and that trust is cracking. Nearly half of Americans, both Democrats and Republicans, question whether elections are conducted fairly. Some voters accept election results only when their side wins. The problem isn’t just political polarization—it’s a creeping erosion of trust in the machinery of democracy itself.

Cybersecurity 213

Cybersecurity Firewall Digital transformation Technology 213

The Hacker News

JULY 4, 2025

Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - CVE-2025-32462 (CVSS score: 2.8) - Sudo before 1.9.

Cybersecurity 135

Cybersecurity 135

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

JUNE 28, 2025

Over 1,000 SOHO devices were hacked in a China-linked spying campaign called LapDogs, forming a covert network to support cyber espionage. Security researchers at SecurityScorecard’s STRIKE team have uncovered a cyber espionage campaign, dubbed LapDogs, involving over 1,000 hacked SOHO (small office/home office) devices. These compromised devices formed a hidden network, called an Operational Relay Box (ORB), used to support long-term spying operations linked to China-nexus hacking groups.

IoT 125

IoT Hacking Firmware Malware 125

Penetration Testing

JULY 2, 2025

Grafana warns of four critical RCE flaws in Image Renderer and Synthetic Monitoring Agent, stemming from Chromium V8 bugs. Update to patched versions immediately!

Cybersecurity 123

Cybersecurity 123

Schneier on Security

JULY 1, 2025

Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran. Well, that’s one way to identify fake accounts and misinformation campaigns.

Accountability 249

Accountability Internet Internet Media 249

The Hacker News

JULY 3, 2025

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices.

Telecommunications 123

Telecommunications Government Media Hacking 123

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Malwarebytes

JULY 1, 2025

Google has released an update for its Chrome browser to patch an actively exploited flaw. This update is crucial since it addresses an actively exploited vulnerability which can be exploited when the user visits a malicious website. It doesn’t require any further user interaction, which means the user doesn’t need to click on anything in order for their system to be compromised.

Spyware 125

Spyware Engineering Data breaches Scams 125

Security Boulevard

JULY 4, 2025

Content warning: Domestic abuse, stalking, controlling behavior, Schadenfreude, irony. The post Yet More Stalkerware Leaks Secret Data: ‘Catwatchful’ is Latest Nasty App appeared first on Security Boulevard.

Social Engineering 126

Social Engineering Spyware Data privacy Data breaches 126

Penetration Testing

JUNE 30, 2025

Skip to content July 1, 2025 Linkedin Twitter Facebook Youtube Daily CyberSecurity Primary Menu Home Cyber Criminals Cyber Security Data Leak Linux Malware Vulnerability Submit Press Release Vulnerability Report Windows Search for: Home News Vulnerability Report Critical RCE in MCP Inspector Exposes AI Devs to Web-Based Exploits (CVE-2025-49596) Vulnerability Report Critical RCE in MCP Inspector Exposes AI Devs to Web-Based Exploits (CVE-2025-49596) Ddos July 1, 2025 A critical vulnerability—CVE

Penetration Testing 116

Penetration Testing Authentication Advertising Cybersecurity 116

The Hacker News

JULY 2, 2025

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.

127

127

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Malwarebytes

JUNE 30, 2025

AT&T is set to pay $177 million to customers affected by two significant data breaches. These breaches exposed sensitive personal information of millions of current and former AT&T customers. For those that have missed the story so far: Back in 2021, an entity named Shiny Hunters (a known hacking group) claimed to have breached AT&T. Later reports indicated this breach started in 2019.

Data breaches 112

Data breaches Cybercrime Hacking Encryption 112

Security Affairs

JULY 1, 2025

Germany asked Google and Apple to remove DeepSeek AI from their app stores, citing GDPR violations over unlawful data collection and transfers to China. The Berlin Commissioner for Data Protection requested Google and Apple to remove the DeepSeek AI app from their app stores due to GDPR violations. On May 6, 2025, Berlin’s Data Protection Commissioner asked the company to remove its apps from German stores, stop illegal data transfers to China, or meet legal transfer requirements.

Artificial Intelligence 120

Artificial Intelligence Data collection Hacking Cybersecurity 120

Penetration Testing

JULY 3, 2025

A critical flaw (CVE-2025-49826, CVSS 7.5) in Next.js causes cache poisoning, leading to DoS by serving cached HTTP 204 responses for static pages.

Cybersecurity 110

Cybersecurity 110

The Hacker News

JULY 1, 2025

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts. The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4 out of a maximum of 10.0.

Artificial Intelligence 129

Artificial Intelligence Cybersecurity 129

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

SecureWorld News

JULY 2, 2025

Texas is making waves in AI governance. Governor Greg Abbott recently signed House Bill 149 , formally titled the Texas Responsible Artificial Intelligence Governance Act (TRAIGA), on June 22, 2025. The new law, effective January 1, 2026, establishes clear guardrails around AI development and deployment—regulating who it applies to, what it prohibits, and how oversight will be handled.

Government 111

Government Artificial Intelligence Risk Technology 111

Security Affairs

JUNE 30, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler vulnerability, tracked as CVE-2025-6543 , to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-6543 (CVSS score of 9.2) is a memory overflow vulnerability in NetScaler ADC and NetScaler Gateway when configured as a Gateway (e.g., VPN virtual server, ICA Pro

VPN 99

VPN Hacking Cybersecurity Software 99

Penetration Testing

JULY 3, 2025

Palo Alto Networks reveals thousands of exploit attempts targeting RCE flaws in Apache Tomcat (CVE-2025-24813) and Apache Camel (CVE-2025-27636, CVE-2025-29891).

Cybersecurity 102

Cybersecurity 102

The Hacker News

JULY 3, 2025

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk.

Cryptocurrency 124

Cryptocurrency Risk Cybersecurity 124

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

We Live Security

JULY 4, 2025

Award-winning news, views, and insight from the ESET security community English Español Deutsch Português Français TIPS & ADVICE BUSINESS SECURITY ESET RESEARCH About ESET Research Blogposts Podcasts White papers Threat reports WeLiveScience FEATURED Ukraine crisis – Digital security resource center WeLiveProgress COVID-19 Resources Videos TOPICS Digital Security Scams How to Privacy Cybercrime Kids online Social media Internet of Things Malware Ransomware Secure coding Mobile security Criti

Scams 107

Scams Cryptocurrency Phishing Media 107

Tech Republic Security

JULY 3, 2025

Threat actors are exploiting Vercel's AI tool to generate convincing phishing pages. Read Vercel’s response and Okta’s tips for keeping your organization secure.

Phishing 110

Phishing Artificial Intelligence 110

Penetration Testing

JULY 2, 2025

A new macOS information stealer, a potential AMOS variant, targets crypto users and Ledger Live accounts, stealing passwords and wallet data using stealthy daemonization and local admin prompt tactics.

Passwords 104

Passwords Accountability Cryptocurrency Malware 104

The Hacker News

JUNE 30, 2025

Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025. Microsoft’s move is part of a much larger shift away from traditional password-based logins. The company said the changes are also meant to streamline autofill within its two-factor authentication (2FA) app, making the experience simpler and more secure.

Authentication 131

Authentication Password Management Passwords 131

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!