IT Security News Daily Summary 2025-05-15

192 posts were published in the last hour

• 21:31 : Endpoint Security Controls: Designing a Secure Endpoint Architecture, Part 1
• 20:31 : Detection and Mitigation of Lateral Movement in Cloud Networks
• 20:6 : Breachforums Boss to Pay $700k in Healthcare Breach
• 20:6 : In Memoriam: John L. Young, Cryptome Co-Founder
• 20:5 : IT Security News Hourly Summary 2025-05-15 21h : 3 posts
• 19:8 : Coinbase disclosed a data breach after an extortion attempt
• 18:32 : Hackers Abuse Google Services to Send Malicious Law Enforcement Requests
• 18:32 : New .NET Multi-stage Loader Attacking Windows Systems to Deploy Malicious Payloads
• 18:32 : Coinbase Hacked – Massive Data Breach Costs Them $400 Million
• 18:3 : Xoxo to Prague
• 18:3 : Coinbase Customer Info Stolen by Bribed Overseas Agents
• 18:3 : Coinbase Data Breach – Customers Personal Info, Government‑ID & Transaction Data Exposed
• 18:3 : The Kids Online Safety Act Will Make the Internet Worse for Everyone
• 18:3 : Closing the Loop: Continuous API Security Testing – FireTail Blog
• 17:32 : Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan
• 17:32 : CISA Alerts on Five Active Zero-Day Windows Vulnerabilities Being Exploited
• 17:32 : Inside Turla’s Uroboros Infrastructure and Tactics Revealed
• 17:32 : Coinbase Data Breach – Customers Personal Info, Government‑ID & Account Data Exposed
• 17:32 : Sit, Fetch, Steal – Chihuahua Stealer: A new Breed of Infostealer
• 17:32 : EFF to California Lawmakers: There’s a Better Way to Help Young People Online
• 17:32 : Cyber fiends battering UK retailers now turn to US stores
• 17:32 : Windows CLFS Zero-Day Flaw Exploited in Play Ransomware Attacks
• 17:32 : Meta Mirage” Phishing Campaign Poses Global Cybersecurity Threat to Businesses
• 17:32 : Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
• 17:5 : Trend Micro Puts a Spotlight on AI at Pwn2Own Berlin
• 17:5 : Siemens VersiCharge AC Series EV Chargers
• 17:5 : Siemens Mendix OIDC SSO
• 17:5 : Siemens SIRIUS 3SK2 Safety Relays and 3RK3 Modular Safety Systems
• 17:5 : Siemens SCALANCE LPE9403
• 17:5 : Siemens SIMATIC PCS neo
• 17:5 : IT Security News Hourly Summary 2025-05-15 18h : 12 posts
• 17:4 : Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a breach disclosure…
• 17:4 : ​​How the Microsoft Secure Future Initiative brings Zero Trust to life
• 16:33 : Google Algorithm Slashes Reddit Traffic: What It Means for UGC Platforms
• 16:33 : CISA Alerts on Active Exploitation of Zero-Day Vulnerability in Multiple Fortinet Products
• 16:33 : Record-Breaking $27 Billion Black Market ‘Haowang Guarantee’ Deals Conducted Behind Closed Doors
• 16:33 : Threat Actors Exploit Open Source Packages to Deploy Malware in Supply Chain Attacks
• 16:32 : Hackers Exploit Google Services to Send Malicious Law Enforcement Requests
• 16:32 : Intruder vs. Acunetix vs. Attaxion: Comparing Vulnerability Management Solutions
• 16:32 : CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation
• 16:32 : CISA Warns of Five Actively Exploited Windows 0-Day Vulnerabilities
• 16:31 : Proofpoint to acquire Hornetsecurity
• 16:7 : Insider Threat fetches $400m loss to Coinbase
• 16:7 : Socket buys Coana to tell you which security alerts you can ignore
• 16:7 : Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)
• 16:7 : Coinbase Offers $20m Bounty to Take Down Cybercrime Ring Behind Hack
• 15:33 : Fileless Remcos RAT Attack Evades Antivirus Using PowerShell Scripts
• 15:33 : Hackers Steal Customers Banking Details in Nova Scotia Cyber Attack
• 15:33 : Patch Tuesday: Microsoft Patches 78 Vulnerabilities, 5 Zero-Day Flaws
• 15:33 : Microsoft Outlook Down – Millions of Users Affected With This Longest Outage in Microsoft History
• 15:32 : Chihuahua Stealer Leverages Google Drive Document to Steal Browser Login Credentials
• 15:32 : New DarkCloud Stealer Uses AutoIt to Evade Detection & Steal Login Credentials
• 15:32 : TransferLoader Malware Allows Attackers to Execute Arbitrary Commands on Compromised System
• 15:32 : Xerox Issues April 2025 Security Patch Update for FreeFlow Print Server v2
• 15:32 : Coinbase Rejects $20M Ransom After Rogue Contractors Bribed to Leak Customer Data
• 15:32 : BSidesLV24 – GroundFloor – The Road To Developers’ Hearts
• 15:5 : New .NET Multi-Stage Loader Targets Windows Systems to Deploy Malicious Payloads
• 15:5 : Barclays Introduces New Step-by-Step Model to Tackle Modern Fraud
• 15:4 : One Click Is All It Takes: New Mac Malware Steals Your Data
• 15:4 : Audio and Video Chat Recording Could Be Part of Nintendo Switch 2
• 15:4 : iHeartMedia Cyberattack Exposes Sensitive Data Across Multiple Radio Stations
• 15:4 : Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
• 15:4 : PowerShell-Based Loader Deploys Remcos RAT in New Fileless Attack
• 14:32 : Wordfence Intelligence Weekly WordPress Vulnerability Report (May 5, 2025 to May 11, 2025)
• 14:32 : Customer Data Compromised in Dior Cyber Attack
• 14:32 : Nucor Steel Manufacturer Halts Production After Cyberattack
• 14:31 : Coinbase suffers data breach, gets extorted (but won’t pay)
• 14:31 : SAP NetWeaver Flaw Exploited by Ransomware Groups and Chinese-Backed Hackers
• 14:5 : Node.js Vulnerability Enables Attackers to Crash Processes and Disrupt Services
• 14:5 : Xanthorox Emerging BlackHat AI Tool Empowering Hackers in Phishing and Malware Campaigns
• 14:5 : Enisa Launched New European Vulnerability Database to Strengthen Cybersecurity
• 14:5 : Hackers Disguised Remote Access Malware as Microsoft Edge service
• 14:5 : IT Security News Hourly Summary 2025-05-15 15h : 11 posts
• 14:5 : Threat Actors Using Weaponized HTML Files to Deliver Horabot Malware
• 14:4 : Interlock Ransomware Attacking Defense Contractors and Their Supply Chains
• 14:4 : Snowflake CISO on the power of ‘shared destiny’ and ‘yes and’
• 14:4 : GitLab 18 increases developer productivity by integrating AI throughout the platform
• 14:4 : Dior Confirms Data Breach Affecting Customer Information
• 13:32 : Locked Out and Held for Ransom: A City’s Battle Against Cybercrime
• 13:32 : FrigidStealer Malware Hits macOS Users via Fake Safari Browser Updates
• 13:32 : Windows Defender Application Control Bypassed Through Browser Exploit Techniques
• 13:32 : Weaponized Google Calendar Invites Deliver Malicious Payload Using a Single Character
• 13:32 : Russian Hackers Exploit XSS Vulnerabilities to Inject Malicious Code into Email Servers
• 13:32 : Phishing Campaign Mimics Email Quarantine Notifications: 32,000 Emails Target 6,358 Customers
• 13:32 : Threat landscape for industrial automation systems in Q1 2025
• 13:32 : Russian Hackers Exploiting MDaemon 0-Day Vulnerability to Hack Webmail Servers
• 13:31 : DHS Cancels $2.4 Billion Leidos Contract, Cites Changes at CISA
• 13:5 : DarkCloud Stealer Employs AutoIt to Evade Detection and Steal Login Credentials
• 13:5 : TransferLoader Malware Enables Attackers to Execute Arbitrary Commands on Infected Systems
• 13:5 : U.S. Officials Probe Rogue Communication Devices in Solar Power Inverters
• 13:4 : You.com’s ARI Enterprise crushes OpenAI in head-to-head tests, aims at deep research market
• 13:4 : Production at Steelmaker Nucor Disrupted by Cyberattack
• 13:4 : CyberStrong May Product Update
• 13:4 : Small but Mighty: UX Design Tips for a Lean Team Environment
• 13:4 : New Linux Vulnerabilities Surge 967% in a Year
• 12:32 : Securing the Code: Building a Culture of Credential Protection in Dev Teams
• 12:31 : Interlock Ransomware Targeting Defense Contractors and Supply Chain Networks
• 12:31 : Chihuahua Stealer Exploits Google Drive Document to Harvest Browser Login Credentials
• 12:31 : Proofpoint to Acquire Hornetsecurity in Reported $1 Billion Deal
• 12:31 : “Endemic” Ransomware Prompts NHS to Demand Supplier Action on Cybersecurity
• 12:4 : Why Cloud Phone Systems are The Future of Business Communication
• 12:4 : Coinbase says customers’ personal information stolen in data breach
• 12:4 : Enisa Launches European Vulnerability Database to Enhance Digital Security
• 12:4 : TA406 Hackers Attacking to Attack Government Entities to Steal Login Credentials
• 12:4 : Pen Testing for Compliance Only? It’s Time to Change Your Approach
• 11:32 : US ‘Nears Deal’ With UAE On Advanced AI Chips
• 11:32 : Waymo Recalls Vehicles After Minor Collisions
• 11:31 : Chinese Hackers Hit Drone Sector in Supply Chain Attacks
• 11:31 : Samsung patches MagicINFO 9 Server vulnerability exploited by attackers
• 11:31 : PentestPad streamlines security testing workflows
• 11:5 : IT Security News Hourly Summary 2025-05-15 12h : 8 posts
• 11:3 : AI-Generated Law
• 11:3 : Researchers Unveiled a New Mechanism to Track Compartmentalized Threats
• 11:3 : Node.js Vulnerability Allows Attackers to Crash the Process & Halt Services
• 11:3 : Xanthorox – New BlackHat AI Tool Used to Launch Phishing & Malware Attacks
• 11:3 : Threat Actors Exploit AI & LLM Tools to Begun Using Them as Offensive Tools
• 11:2 : Ransomware Groups, Chinese APTs Exploit Recent SAP NetWeaver Flaws
• 11:2 : Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
• 11:2 : Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers
• 11:2 : 5 BCDR Essentials for Effective Ransomware Defense
• 10:31 : Police Shut Down Fake Trading Platform That Scammed Hundreds
• 10:5 : EU ‘Likely To Accept’ Microsoft Offer On Office, Teams
• 10:5 : M&S Hackers ‘Targeting US Retailers’
• 10:5 : U.S. CISA adds a Fortinet flaw to its Known Exploited Vulnerabilities catalog
• 10:5 : New HTTPBot Botnet Expanding Aggressively to Attack Windows Machines
• 10:5 : Nation State-Actors Attacking Healthcare Institutions to Sabotage IT & OT Systems
• 10:5 : macOS Security Guide – Safeguarding Against Adware and Malware
• 10:4 : Canadian Electric Utility Lists Customer Information Stolen by Hackers
• 10:4 : Russia-linked hackers target webmail servers in Ukraine-related espionage operation
• 10:4 : Fraud Losses Hit $11m Per Company as Customer Abuse Soars
• 10:4 : Call for Papers Deadline Approaching – Don’t Miss Your Shot to Speak at the OpenSSL Conference 2025!
• 9:5 : Compliance Fatigue Is Real—And It’s Putting Cybersecurity at Risk
• 9:5 : Kosovo authorities extradited admin of the cybercrime marketplace BlackDB.cc
• 9:5 : Keeping People Safe Online – Fundamental Rights Protective Alternatives to Age Checks
• 9:4 : Australian Human Rights Commission Discloses Data Breach
• 8:32 : Paris Woman Targeted In Latest Crypto Kidnap Attempt
• 8:32 : Co-op Hopes For Weekend Improvements After Cyber-Attack
• 8:32 : Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’
• 8:32 : LegoGPT: AI Transforms Text Prompts into Stable LEGO Structures
• 8:32 : Neon Serverless Postgres: Azure Native Integration Now Available
• 8:31 : China Launches First Satellites for AI Computing Constellation
• 8:31 : Google DeepMind’s AlphaEvolve: AI That Writes Code and Saves Costs
• 8:31 : LiongardIQ unifies asset inventory, network monitoring and AI insights
• 8:5 : IT Security News Hourly Summary 2025-05-15 09h : 8 posts
• 8:3 : Critical BitLocker Flaw Exploited in Minutes: Bitpixie Vulnerability Proof of Concept Unveiled
• 8:3 : BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released
• 8:2 : Healthcare Cyber Attacks – 276 Million Patient Records were Compromised In 2024
• 8:2 : Anthropic’s Claude Now Features Web Search Capabilities via API
• 8:2 : Google Cloud Expands AI/ML Innovations and Partnerships in 2025
• 8:2 : 89 Million Steam Accounts Compromised: Change Your Password Now
• 8:2 : Top 10 Programming Trends and Languages to Watch in 2025
• 8:2 : #Infosec2025: Ransomware Enters ‘Post-Trust Ecosystem,’ NCA Cyber Expert Says
• 7:31 : US Revokes Biden-Era AI Export Rule
• 7:31 : Attack on steel producer, EUVD online, CISA advisory overhaul
• 7:4 : Here’s what we know about the DragonForce ransomware that hit Marks & Spencer
• 7:4 : Developer Leaks API Key for Private Tesla, SpaceX LLMs
• 7:4 : New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
• 6:32 : Google Chrome Zero-Day Vulnerability (CVE-2025-4664) Actively Exploited in The Wild
• 6:32 : Hardening Windows Servers – Top Strategies to Prevent Exploits in 2025
• 6:31 : Linux Security Essentials – Protecting Servers from Supply Chain Attacks
• 6:31 : New Weaponized PyPI Package Attacking Developers to Steal Source Code
• 6:31 : The Growing and Changing Threat of Deepfake Attacks
• 6:4 : Google warns of US retail cyber attacks and M & S insurance payout to cost £100m
• 6:4 : How AI is Transforming Fraud Detection in Payment Processing
• 5:33 : Kubernetes has grown up: From testbed to critical infrastructure
• 5:33 : Building cybersecurity culture in science-driven organizations
• 5:5 : IT Security News Hourly Summary 2025-05-15 06h : 4 posts
• 5:4 : How Kim Crawley challenges big tech in “Digital Safety in a Dangerous World”
• 4:31 : New blockchain security standards target safer ecosystems
• 4:4 : Authorities Arrested 17 Criminal Bankers, EUR 4.5 Million Seized
• 4:4 : Google Chrome 0-Day Vulnerability Exploited in the Wild – Update Now
• 4:4 : 5 Identity Security Risks We Found in a Regulated Enterprise
• 3:31 : Data Protection Market: Endless Possibilities to Ensure a Secure Future
• 2:5 : IT Security News Hourly Summary 2025-05-15 03h : 2 posts
• 2:4 : ISC Stormcast For Thursday, May 15th, 2025 https://isc.sans.edu/podcastdetail/9452, (Thu, May 15th)
• 1:31 : Web Scanning SonicWall for CVE-2021-20016 – Update, (Wed, May 14th)
• 0:31 : Cybersecurity Industry Gains $1.7 Billion to Develop Cutting-Edge Protection Technologies
• 0:31 : Stopping States From Passing AI Laws for the Next Decade is a Terrible Idea
• 0:4 : Introducing the AWS User Guide to Governance, Risk and Compliance for Responsible AI Adoption within Financial Services Industries
• 23:31 : Developers Beware: Slopsquatting and Vibe Coding Can Increase Risk of AI-Powered Attacks
• 23:31 : Montana Becomes First State to Close the Law Enforcement Data Broker Loophole
• 23:7 : The End of VPNs — Part 1: Why Reachability is the New Risk
• 23:7 : How Google is Enhancing Security for Android, ‘The World’s Most Popular OS’
• 23:7 : Stay Relaxed with Efficient Non-Human Identity Security
• 23:6 : Building Trust Through Secure NHIs Practices
• 23:6 : Cultivate Independent Secrets Management Protocols
• 23:6 : Continuous Improvement in NHIs Management
• 23:5 : IT Security News Hourly Summary 2025-05-15 00h : 4 posts
• 22:55 : IT Security News Daily Summary 2025-05-14
• 22:31 : The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge
• 22:2 : Android users bombarded with unskippable ads
• 22:2 : Google to pay $1.38 billion over privacy violations