IT Security News Daily Summary 2025-07-08

147 posts were published in the last hour

• 21:34 : 11 Google-Verified Chrome Extensions Infected Over 1.7 Million Users
• 21:34 : Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day
• 21:34 : Microsoft Patches 130 Vulnerabilities for July 2025 Patch Tuesday
• 21:34 : Adobe Patches Critical Code Execution Bugs
• 21:4 : New Report Finds Billions of Leaked Credentials and ULP Files on Dark Web Are Outdated
• 21:4 : US government confirms arrest of Chinese national accused of stealing COVID research and mass-hacking email servers
• 21:4 : Enhancing Microsoft 365 security by eliminating high-privilege access
• 20:36 : Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities
• 20:36 : China-Linked VELETRIX Loader Used in Attacks on Telecommunications Infrastructure
• 20:7 : XMRig Malware Disables Windows Updates and Scheduled Tasks to Maintain Persistence
• 20:5 : IT Security News Hourly Summary 2025-07-08 21h : 10 posts
• 19:38 : Hackers Manipulate Search Results to Target IT Pros with Trojanized PuTTY and WinSCP
• 19:38 : BERT Ransomware Can Force Shutdown of ESXi Virtual Machines to Hinder Recovery
• 19:38 : Advancing Protection in Chrome on Android
• 19:37 : Massive browser hijacking campaign infects 2.3M Chrome, Edge users
• 19:37 : Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials
• 19:3 : Researchers Reveal Scatter Spider’s Tools, Tactics, and Key Indicators
• 19:3 : Activision took down Call of Duty game after PC players hacked, says source
• 19:3 : MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets
• 19:3 : Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed Including 41 RCE
• 19:2 : Zoom Clients for Windows Vulnerability Exposes Users to DoS Attacks
• 19:2 : Nippon Steel Solutions 0-Day Network Vulnerability Exposes Users Personal Information
• 19:2 : KB5062554 – Microsoft Releases Cumulative Update for Windows 10 With July 2025 Patch Tuesday
• 18:32 : Microsoft Patch Tuesday, July 2025, (Tue, Jul 8th)
• 18:31 : New LogoKit Phishing Campaign Exploits Cloudflare Turnstile and Amazon S3 for Higher Success Rates
• 18:31 : Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware
• 18:2 : NetSupport RAT Spreads Through Compromised WordPress Sites Using ClickFix Technique
• 18:2 : Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Patched, Including 1 Zero-Day and 41 RCE Flaws
• 18:2 : What is the domain name system (DNS)?
• 18:2 : Phishing prevention: How to spot, stop and respond to scams
• 17:34 : Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant
• 17:34 : CISA Warns of Rails Ruby on Rails Path Traversal Vulnerability Exploited in Attacks
• 17:34 : Ivanti Endpoint Manager Mobile Vulnerabilities Allow Attackers to Decrypt Other Users’ Passwords
• 17:34 : Legitimate Shellter Pen-Testing Tool Used in Malware Attacks
• 17:34 : Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play
• 16:37 : Emerson ValveLink Products
• 16:37 : CISA Releases One Industrial Control Systems Advisory
• 16:36 : Behind the Booking: How Bots Are Undermining Airline Revenue
• 16:36 : US Government Secretly Builds Enormous Database Tracking Citizens
• 16:36 : Qantas Hit by Cyberattack Days After FBI Warning on Airline 2FA Bypass Threat
• 16:3 : Revolutionizing Responsible Disclosure: Introducing the Wordfence Vulnerability Management Portal for WordPress Vendors
• 16:3 : Ivanti Products Connect Secure and Policy Secure Hit by Denial-of-Service Vulnerabilities
• 16:3 : FortiOS Buffer Overflow vulnerability Enables Remote Code Execution by Attackers
• 16:3 : Modernizing Cybersecurity for State and Local Government
• 16:3 : New Bert Ransomware Evolves With Multiple Variants
• 16:2 : Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)
• 16:2 : Spring 2025 PCI DSS compliance package available now
• 15:32 : The Wild Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore
• 15:32 : Parking Meter QR Code Scam Grows Nationwide as “Quishing” Threatens Drivers
• 15:5 : Family first: fighting scams together
• 15:5 : The cloud-native imperative for effective cyber resilience
• 15:5 : IBM Power11 debuts with uptime, security, and energy efficiency upgrades
• 15:4 : Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools
• 14:35 : Protect Client-Side Code and Certify the Authenticity of Data Collection
• 14:35 : MediaTek July 2025 Security Update Addresses Multiple Chipset Vulnerabilities
• 14:34 : Marks & Spencer chair refuses to say if retailer paid hackers after ransomware attack
• 14:34 : U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog
• 14:34 : TosiANTA delivers anomaly detection for OT environments
• 14:34 : Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
• 14:7 : PoC Exploits Released for CitrixBleed2: 127 Bytes Exfiltrated Per Request
• 14:7 : CISA Alerts on Active Exploit of Ruby on Rails Path Traversal Flaw
• 14:7 : How a Hybrid Mesh Architecture Disrupts the Attack Chain (Part Two)
• 14:7 : How to turn off ACR on your TV (and why it makes such a big difference)
• 14:7 : Now available: Red Hat Enterprise Linux Security Select Add-On
• 14:7 : No thanks: Google lets its Gemini AI access your apps, including messages
• 14:5 : IT Security News Hourly Summary 2025-07-08 15h : 6 posts
• 13:34 : SAP July 2025 Patch Day – Patch for 27 Vulnerabilities Including 7 Critical One’s
• 13:34 : Hackers Use ClickFix Technique to Deploy NetSupport RAT via Compromised WordPress Sites
• 13:34 : Weaponized Chrome Extension Affects 1.7 Million Users Despite Google’s Verified Badges
• 13:34 : PoC Exploits for CitrixBleed2 Flaw Released – Attackers Can Exfiltrate 127 Bytes Per Request
• 13:34 : SUSE launching region-locked support for the sovereignty-conscious
• 13:2 : SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover
• 13:2 : Over 500 Scattered Spider Phishing Domains Poised to Target Multiple Industries
• 12:32 : How to implement zero trust: 7 expert steps
• 12:32 : Exploits, Technical Details Released for CitrixBleed2 Vulnerability
• 12:32 : Aviatrix to Build Security Fabric to Secure Cloud Computing Environments
• 12:5 : Infostealers-as-a-Service Push Identity Hacks to Record Highs
• 12:4 : Zero-Trace Paradigm: Emerging Technologies in Personal Data Anonymization
• 12:4 : Suspected Chinese cybersnoop grounded in Italy after US tipoff
• 12:4 : Qantas Hit with Extortion Demand After Data Breach
• 12:4 : Closing the Telecom Security Gap: Proactive AI is the Future
• 11:32 : BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally
• 11:32 : RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
• 11:31 : 5 Ways Identity-based Attacks Are Breaching Retail
• 11:5 : IT Security News Hourly Summary 2025-07-08 12h : 12 posts
• 11:3 : CISA Warns of Zimbra Collaboration Suite (ZCS) Vulnerability Exploited in Attacks
• 11:3 : macOS SMBClient Vulnerability Allows Remote Code Execution and Kernel Crash
• 11:3 : 25 Best Managed Security Service Providers (MSSP) In 2025
• 11:3 : Atomic macOS Info-Stealer Upgraded With New Backdoor to Maintain Persistence
• 11:2 : CISA Warns of PHPMailer Command Injection Vulnerability Exploited in Attacks
• 10:36 : GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed
• 10:36 : Samsung Chip Profit Drops Amidst AI Memory Delays
• 10:36 : Atomic macOS Info-Stealer Updated with New Backdoor for Persistent Access
• 10:36 : Approach to mainframe penetration testing on z/OS. Deep dive into RACF
• 10:5 : Tesla Shares Drop After Musk Starts Political Party
• 10:5 : Epic Settles Samsung App Store Antitrust Claims
• 10:4 : AI Cloud Firm CoreWeave Buys Crypto Miner Core Scientific
• 10:4 : From Call Centres to Conversational Journeys: The Evolution of CX in the Digital Age
• 10:4 : From Call Centres to Conversational Journeys: Head-to Head Interview
• 10:4 : The Q-Day Countdown: What It Is and Why You Should Care
• 10:4 : Malicious Open Source Packages Surge 188% Annually
• 9:34 : Pakistan’s Transparent Tribe Hits Indian Defence with Linux Malware
• 9:34 : Ransomware negotiator investigated over criminal gang kickbacks
• 9:34 : Ahold Delhaize USA Faces Data Breach Exposing Sensitive Information
• 9:34 : Red Team Tool Developer Shellter Admits ‘Misuse’ by Adversaries
• 9:5 : SAP July 2025 Patch Day: Fixes for 27 Flaws, Including 7 Critical
• 9:5 : DNN Vulnerability Exposes NTLM Credentials via Unicode Normalization Bypass
• 9:4 : Researchers Expose Scattered Spider’s Tools, Techniques and Key Indicators
• 9:4 : 10 Best ZTNA Solutions (Zero Trust Network Access) In 2025
• 9:4 : Strengthening Compliance: The Role of WAFs in PCI DSS 4.0.1
• 9:4 : BEC Frauds – The Missing Link – Your Friendly Neighborhood Bank
• 9:4 : Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms
• 9:4 : Chinese Video Surveillance Vendor Hikvision to Fight Canadian Ban
• 8:35 : Apple Appeals ‘Unprecedented’ 500m Euro EU Fine
• 8:34 : Alibaba Instant Commerce Reaches 200 Million Daily Users
• 8:34 : NordDragonScan Targets Windows Users to Steal Login Credentials
• 8:34 : IT Worker arrested for selling access in $100M PIX cyber heist
• 8:34 : ParrotOS 6.4 lands with key tool updates and kernel upgrade
• 8:5 : IT Security News Hourly Summary 2025-07-08 09h : 2 posts
• 8:4 : macOS SMBClient Flaw Enables Remote Code Execution and Kernel Crashes
• 8:4 : Is your password ecosystem ready for the regulators?
• 8:4 : New Bert Ransomware Group Strikes Globally with Multiple Variants
• 7:37 : Microsoft Producer Suggests Using AI To Ease Layoff Pain
• 7:36 : CISA Alerts on Active Exploitation of PHPMailer Command Injection Flaw
• 7:36 : Call of Duty game pulled, U.S. military gets cybersecurity boost, Bank employee helped hackers
• 7:5 : CISA Issues Alert Over Actively Exploited Flaw in Zimbra Collaboration Suite
• 7:5 : Critical Vulnerabilities in KIA Infotainment Let Attackers Inject Code with PNG Files
• 7:5 : PayPal’s AI-powered scam alert system might intercept your transactions now – here’s why
• 7:5 : BERT Ransomware Forcibly Shut Down ESXi Virtual Machines to Disrupt Recovery
• 6:32 : Suspected Scattered Spider domains target everyone from manufacturers to Chipotle
• 6:4 : Exposure management is the answer to: “Am I working on the right things?”
• 5:36 : Cyberattacks are changing the game for major sports events
• 5:36 : CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
• 5:6 : Empowered employees strengthen financial sector digital resilience
• 5:6 : Qantas Investigates Cyber Attack That May Have Affected Millions of Customers
• 5:6 : CISOs urged to fix API risk before regulation forces their hand
• 5:6 : Can your security stack handle AI that thinks for itself?
• 5:5 : IT Security News Hourly Summary 2025-07-08 06h : 1 posts
• 4:34 : Cybersecurity jobs available right now: July 8, 2025
• 3:32 : Weaponized Versions of PuTTY and WinSCP Attacking IT Admins Via Search Results
• 3:2 : Congratulations to the top MSRC 2025 Q2 security researchers!
• 2:33 : ISC Stormcast For Tuesday, July 8th, 2025 https://isc.sans.edu/podcastdetail/9516, (Tue, Jul 8th)
• 23:33 : Why CISOs are making the SASE switch: Fewer vendors, smarter security, better AI guardrails
• 23:5 : IT Security News Hourly Summary 2025-07-08 00h : 3 posts
• 23:4 : North Korean Hackers Deploy Rare Nim-Based Malware on macOS to Target Web3 Startups
• 22:55 : IT Security News Daily Summary 2025-07-07
• 22:2 : Applying Agentic AI to Legacy Systems? Prepare For These 4 Challenges