IT Security News Daily Summary 2025-05-14

184 posts were published in the last hour

• 21:31 : FIPS 140-3: The Security Standard That Protects Our Federal Data
• 21:4 : European Vulnerability Database is Live: What This ‘Essential Tool’ Offers Security Experts
• 21:4 : Google Cracks Down on Fake ‘Unpaid Toll’ Text Scams with New Android Update
• 21:4 : U.S. CISA adds Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
• 21:4 : Identity Theft Surges as Criminals Deploy Advanced Tactics to Steal Personal Data
• 21:4 : Metal maker meltdown: Nucor stops production after cyber-intrusion
• 20:32 : The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge
• 20:31 : BSidesLV24 – GroundFloor – A Quick Story Of Security Pitfalls With Exec Commands In Software Integrations
• 20:5 : IT Security News Hourly Summary 2025-05-14 21h : 7 posts
• 20:4 : When Visibility Meets Action in NHS Cybersecurity
• 20:4 : SSOJet LLM-Friendly Documentation
• 19:32 : 10,000 WordPress Sites Affected by Remote Code Execution Vulnerability in UiPress lite WordPress Plugin
• 19:32 : Understanding IEEE 802.11(Wi-Fi) Encryption and Authentication: Write Your Own Custom Packet Sniffer
• 19:32 : Hackers Exploit Software Flaws within Hours Forcing Urgent Push for Faster Patches
• 19:31 : Hacking the Hardware Brains of Computers is the Ultimate Cyberattack
• 19:6 : RaaS Explained: How Cybercriminals Are Scaling Attacks Like Startups
• 19:6 : White House scraps plan to block data brokers from selling Americans’ sensitive data
• 19:6 : Ivanti fixed two EPMM flaws exploited in limited attacks
• 18:32 : CISA Adds Five Known Exploited Vulnerabilities to Catalog
• 18:32 : CISA Adds One Known Exploited Vulnerability to Catalog
• 18:32 : Why CVSS is failing us and what we can do about it
• 18:32 : Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware
• 18:32 : MCP, OAuth 2.1, PKCE, and the Future of AI Authorization
• 18:31 : BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
• 18:31 : Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
• 18:2 : Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play
• 17:32 : CFPB Quietly Kills Rule to Shield Americans From Data Brokers
• 17:31 : Global Powers Intensify Cyber Warfare with Covert Digital Strikes on Critical Systems
• 17:31 : Top 5 WMIC Commands Used By Malware
• 17:5 : North Korean Hackers Stole $88M by Posing as US Tech Workers
• 17:5 : What is business resilience?
• 17:5 : IT Security News Hourly Summary 2025-05-14 18h : 19 posts
• 17:4 : CFBP Quietly Kills Rule to Shield Americans From Data Brokers
• 17:4 : Ivanti patches two zero-days under active attack as intel agency warns customers
• 17:4 : Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
• 16:31 : Google strengthens secure enterprise access from BYOD Android devices
• 16:4 : Weaponized Google Calendar Invites Delivers Malicious Payload With Just One Character
• 16:4 : Critical Adobe Illustrator Vulnerability Let Attackers Execute Malicious Code
• 16:4 : Meta’s still violating GDPR rules with latest plan to train AI on EU user data, says noyb
• 16:4 : As US CVE Database Fumbles, EU ‘Replacement’ Goes Live
• 16:4 : Marks & Spencer Cyberattack Fallout May Last Months Amid Growing Threat from Scattered Spider
• 16:4 : Android Enterprise Launches Device Trust For Enhanced Security
• 15:32 : The Evolving Nature of DDoS Attacks: A Smokescreen for More Dangerous Threats
• 15:32 : Google Threat Intelligence Releases Actionable Threat Hunting Technique for Malicious .desktop Files
• 15:32 : TA406 Hackers Target Government Entities to Steal Login Credentials
• 15:31 : Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware
• 15:31 : Pakistan’s ‘Dance of the Hillary’ Malware Targets Indians—Here’s How to Safeguard Yourself
• 15:7 : Severe Adobe Illustrator Flaw Allows Remote Code Execution
• 15:7 : New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution
• 15:7 : Meet AlphaEvolve, the Google AI that writes its own code—and just saved millions in computing costs
• 15:7 : Entro Security and Wiz Announce Integration for Improved Non-Human Identity & Cloud Security
• 15:6 : Adobe Photoshop Vulnerability Let Attackers Execute Arbitrary Code
• 15:6 : Samsung MagicINFO 9 Server Vulnerability Let Attackers Write Arbitrary File
• 15:6 : Is AI Use in the Workplace Out of Control?
• 15:6 : Agentic AI and Ransomware: How Autonomous Agents Are Reshaping Cybersecurity Threats
• 14:32 : ‘Admin’ and ‘123456’ Still Among Most Used Passwords in FTP Attacks
• 14:32 : New HTTPBot Botnet Rapidly Expands to Target Windows Machines
• 14:32 : Researchers Unveil New Mechanism to Track Compartmentalized Cyber Threats
• 14:32 : LastPass can now monitor employees’ rogue reliance on shadow SaaS – including AI tools
• 14:32 : Windows 10 and Microsoft 365 support deadlines didn’t change – why this story just won’t die
• 14:32 : VPN Secure parent company CEO explains why he had to axe thousands of ‘lifetime’ deals
• 14:32 : Chipmaker Patch Tuesday: Intel, AMD, Arm Respond to New CPU Attacks
• 14:31 : CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users
• 14:5 : Critical Microsoft Outlook Flaw Enables Remote Execution of Arbitrary Code
• 14:5 : Critical Vulnerability in Windows Remote Desktop Gateway Allows Denial-of-Service Attacks
• 14:5 : Katz Stealer Malware Hits 78+ Chromium and Gecko-Based Browsers
• 14:5 : How to Stay Compliant with the New HIPAA Security Rule Updates
• 14:5 : IT Security News Hourly Summary 2025-05-14 15h : 5 posts
• 14:4 : Windows Remote Desktop Gateway Vulnerability Let Attackers Trigger Dos Condition
• 14:4 : Researchers Detailed New Threat-Hunting Techniques to Detect Azure Managed Identity Abuse
• 14:4 : Foxit Smart Redact Server automates the redaction of sensitive data
• 14:4 : CISA Reverses Decision on Cybersecurity Advisory Changes
• 13:32 : Threat Actors Exploit AI and LLM Tools for Offensive Cyber Operations
• 13:32 : Healthcare Cyberattacks in 2024 Expose 276 Million Patient Records Compromised
• 13:32 : Microsoft Defender Vulnerability Allows Unauthorized Privilege Gain
• 13:32 : Block Webcam Spying Fast and Forever for $10
• 13:31 : Obsidian’s browser extension manages shadow SaaS and AI tools
• 13:31 : McAfee’s Scam Detector identifies scams across text, email, and video
• 13:8 : Unlock New Growth Opportunities with Akamai Campaign Builder
• 13:8 : Apple to Pay $95 Million in Siri Snooping Lawsuit – Here’s How to Apply
• 13:8 : Nation-State Actors Target Healthcare Institutions to Sabotage IT and OT Systems
• 13:7 : Become a Cyber Security Industry Expert with Check Point’s New Course Catalog
• 13:7 : Patronus AI debuts Percival to help enterprises monitor failing AI agents at scale
• 13:7 : DLP in the GenAI Era: Shadow data and DLP product churn
• 13:7 : Unit 42 Develops Agentic AI Attack Framework
• 13:7 : Outlook RCE Vulnerability Allows Attackers to Execute Arbitrary Code
• 13:7 : Earth Ammit Hackers Attacking Using New Tools to Attack Drones Used in Military Sectors
• 12:32 : Patch Tuesday, May 2025 Edition
• 12:32 : Go ahead and ignore Patch Tuesday – it might improve your security
• 12:32 : Kosovar Administrator of Cybercrime Marketplace Extradited to US
• 12:31 : Strengthening Cloud Security: API Posture Governance, Threat Detection, and Attack Chain Visibility with Salt Security and Wiz
• 12:31 : Data Breach Exposes Personal Information of Hundreds of Thousands
• 12:4 : Chinese Hackers Exploit SAP NetWeaver 0-Day Vulnerability To Attack Critical Infrastructures
• 12:4 : Smart Electric Vehicles Face Hidden Cyber Vulnerabilities Exposing Drivers to Risks
• 12:4 : EU Cybersecurity Agency ENISA Launches European Vulnerability Database
• 12:4 : New Fortinet and Ivanti Zero Days Exploited in the Wild
• 11:32 : Google’s Advanced Protection Now on Android
• 11:32 : ENISA Launches European Vulnerability Database to Bolster EU Cyber Resilience
• 11:31 : Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails
• 11:31 : Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team
• 11:31 : Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
• 11:5 : IT Security News Hourly Summary 2025-05-14 12h : 20 posts
• 11:3 : Tesla Sees ‘Slow Demand’ For New Model Y
• 11:3 : Intel Chief ‘Focusing On Existing Strategy’
• 11:2 : General Motors Touts ‘Groundbreaking’ Lower-Cost EV Batteries
• 11:2 : Samsung Unveils Thin, Lightweight Flagship Smartphone
• 11:2 : White House Cuts Tariffs For Small E-Commerce Parcels
• 11:2 : The Forgotten Threat: How Supply Chain Attacks Are Targeting Small Businesses
• 11:2 : Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days
• 11:2 : Vulnerabilities Patched by Juniper, VMware and Zoom
• 11:2 : New ‘Chihuahua’ Infostealer Targets Browser Data and Crypto Wallet Extensions
• 10:33 : Another day, another phishing campaign abusing google.com open redirects, (Wed, May 14th)
• 10:33 : DarkCloud Stealer: Comprehensive Analysis of a New Attack Chain That Employs AutoIt
• 10:33 : Microsoft Alerts on AD CS Flaw Enabling Remote Denial-of-Service Attacks
• 10:33 : Weaponized PyPI Package Targets Developers to Steal Source Code
• 10:32 : Bitwarden vs Dashlane: Comparing Password Managers
• 10:32 : North Korean IT Workers Are Being Exposed on a Massive Scale
• 10:3 : 82,000+ WordPress Sites Exposed to Remote Code Execution Attacks
• 10:3 : Hacking Abusing GovDelivery For TxTag ‘Toll Charges’ Phishing Attack
• 10:3 : Microsoft Warns of AD CS Vulnerability Let Attackers Deny Service Over a Network
• 10:3 : Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files
• 10:2 : Microsoft Defender Vulnerability Allows Attackers to Elevate Privileges
• 10:2 : Fortinet Patches Zero-Day Exploited Against FortiVoice Appliances
• 10:2 : INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense
• 10:2 : European Police Bust €3m Investment Fraud Ring
• 9:32 : Job Seekers Targeted as Scammers Pose as Government Agencies on WhatsApp
• 9:32 : Windows CLFS Zero-Day Vulnerability Actively Exploited in the Wild
• 9:32 : Researchers Unveil New Threat-Hunting Techniques to Detect Azure Managed Identity Abuse
• 9:32 : Chinese Hackers Exploit SAP NetWeaver Zero-Day Vulnerability to Target Critical Infrastructure
• 9:31 : Everyone’s deploying AI, but no one’s securing it – what could go wrong?
• 9:31 : Nobara Linux 42 brings performance boost and better hardware support
• 9:8 : Critical Samsung MagicINFO 9 Server Flaw Allows Arbitrary File Writes
• 9:8 : Rebooting your phone daily is your best defense against zero-click attacks – here’s why
• 9:8 : Fortinet fixed actively exploited FortiVoice zero-day
• 9:8 : The Trojan Sysadmin: How I Got an AI to Build a Wolf in Sheep’s Clothing
• 9:7 : Advancing Security Training With Human Risk Management
• 9:7 : Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
• 8:33 : Windows Ancillary for WinSock 0-Day Vulnerability Actively Exploited to Gain Admin Access
• 8:33 : NSFOCUS WAF Selected in the 2025 Gartner® Market Guide for Cloud Web Application and API Protection
• 8:33 : SecuX releases Bitcoin self-managed solution for SMBs
• 8:32 : Resilience helps businesses understand their cyber risk in financial terms
• 8:32 : Microsoft Fixes Seven Zero-Days in May Patch Tuesday
• 8:5 : Earth Ammit Hackers Deploy New Tools to Target Military Drones
• 8:5 : Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers
• 8:5 : IT Security News Hourly Summary 2025-05-14 09h : 4 posts
• 7:33 : New Windows RDP Vulnerability Enables Network-Based Attacks
• 7:33 : Critical Microsoft Office Vulnerabilities Enable Malicious Code Execution
• 7:32 : New Microsoft Scripting Engine Vulnerability Exposes Systems to Remote Code Attacks
• 7:32 : ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact
• 7:32 : Radware clarifies patch, retailer data stolen, Alabama suffers cyberattack
• 7:4 : PowerSchool shows why ransom payments don’t work
• 7:4 : Ransomware scum have put a target on the no man’s land between IT and operations
• 7:4 : Mark’s and Spencer Data Breach, Vulnerable Routers, Fortinet Exploits, and New Ransomware Threats
• 6:31 : LastPass launches SaaS Monitoring to reduce shadow IT and AI risks
• 6:4 : Google to enhance security with Advanced Protection with Android 16
• 6:4 : The Power of Immutable Data Storage in Defending Against Ransomware Attacks
• 5:32 : AI Is Already in Your Org—Are You Securing It All?
• 5:32 : Critical 0-Day in Windows DWM Enables Privilege Escalation
• 5:32 : Insider risk management needs a human strategy
• 5:32 : Southwest Airlines CISO on tackling cyber risks in the aviation industry
• 5:32 : Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
• 5:31 : Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
• 5:6 : Cerbos: Open-source, scalable authorization solution
• 5:5 : IT Security News Hourly Summary 2025-05-14 06h : 3 posts
• 4:31 : European Vulnerability Database goes live, but who benefits?
• 4:4 : Windows Remote Desktop Vulnerability Let Attackers Execute Malicious Code Over Network
• 4:4 : Ransomware spreads faster, not smarter
• 3:33 : CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
• 2:5 : IT Security News Hourly Summary 2025-05-14 03h : 1 posts
• 2:2 : ISC Stormcast For Wednesday, May 14th, 2025 https://isc.sans.edu/podcastdetail/9450, (Wed, May 14th)
• 2:2 : Secrets Management That Fits Your Budget
• 2:2 : NHIs Solutions Tailored to Handle Your Needs
• 2:2 : Stay Ahead with Proactive Non-Human Identity Management
• 2:2 : Feel Supported by Advanced IAM Strategies
• 1:31 : Windows 10 and Microsoft 365 support deadlines changed? This story just won’t die
• 1:4 : Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu
• 23:6 : Protect against advanced DNS threats with Amazon Route 53 Resolver DNS Firewall
• 23:5 : IT Security News Hourly Summary 2025-05-14 00h : 3 posts
• 22:55 : IT Security News Daily Summary 2025-05-13
• 22:31 : Noodlophile Malware Distributed Through Bogus AI Video Generators: Who Are the Targets?
• 22:31 : xAI’s promised safety report is MIA
• 22:6 : Agentic AI for Automated Application Security and Vulnerability Management
• 22:6 : What your tools miss at 2:13 AM: How gen AI attack chains exploit telemetry lag – Part 2
• 22:6 : Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)