IT Security News Daily Summary 2025-08-07

210 posts were published in the last hour

• 21:32 : Former New York Times Cyber Reporter Issues Chilling Warning at Black Hat
• 21:32 : WhatsApp Developers Under Attack From Weaponized npm Packages with Remote Kill Switch
• 21:32 : Guided Selling in 3D Product Configurators
• 21:32 : Hacker Extradited to US for Stealing Over $2.5 Million in Tax Fraud Attacks
• 21:32 : Reveal Security Unveils Preemptive Approach to Securing Applications and Cloud Services
• 21:3 : Credit Karma leader shares AI governance lessons learned
• 20:32 : Dashlane ends free subscriptions – you have one month to upgrade or switch
• 20:32 : Beware of promptware: How researchers broke into Google Home via Gemini
• 20:32 : 3 eye-catching vendor announcements from Black Hat
• 20:32 : German security researchers say ‘Windows Hell No’ to Microsoft biometrics for biz
• 20:32 : #BHUSA: 1000 DoD Contractors Now Covered by NSA’s Free Cyber Services Program
• 20:5 : IT Security News Hourly Summary 2025-08-07 21h : 17 posts
• 20:3 : 10 Best Red Teaming Companies for Advanced Attack Simulation in 2025
• 20:3 : Researchers used Gemini to break into Google Home – here’s how
• 20:3 : Finally, a Windows laptop that I wouldn’t mind putting away my MacBook Pro for
• 20:2 : Adult sites trick users into Liking Facebook posts using a clickjack Trojan
• 19:32 : How Machine Learning Detects Living off the Land (LotL) Attacks
• 19:32 : JWT Policy Enforcement, Rate Limiting, IP White Listing: Using Mulesoft, API Security, Cloudhub 2.0
• 19:32 : Compliance Automated Standard Solution (COMPASS), Part 9: Taking OSCAL-Compass to Industry Complexity Level
• 19:32 : These midrange Bose headphones are on sale for $130 off – act fast before the deal ends
• 19:32 : Survey: Many Organizations Hit by Ransomware Fall Victim Multiple Times
• 19:4 : AI wrote my code and all I got was this broken prototype
• 19:4 : CISA issues emergency directive requiring federal agencies to update systems to prevent Microsoft Exchange vulnerability
• 19:4 : Hackers Exploit SVG Files with Embedded JavaScript to Deploy Malware on Windows Systems
• 19:4 : Splunk Unveils PLoB Tool to Detect Compromised Credential Usage
• 19:3 : HashiCorp Vault 0-Day Flaws Enable Remote Code Execution Attacks
• 19:3 : Just installed iOS 18.6 on your iPhone? I’d change these 11 settings ASAP
• 19:3 : SonicWall Confirms No New SSLVPN 0-Day – Ransomware Attack Linked to Old Vulnerability
• 19:3 : SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
• 18:34 : Changing this Android setting instantly doubled my phone speed (Samsung and Google models included)
• 18:34 : Sign up for T-Mobile All-In home internet and get $300 back – here’s how
• 18:33 : ChatGPT can now talk nerdy to you – plus more personalities and other upgrades beyond GPT-5
• 18:33 : I took over 500 photos with the Samsung S25 Ultra and Oppo Find X8 Ultra – the winner is very clear
• 18:33 : What is integrated risk management (IRM)?
• 18:33 : Encryption Made for Police and Military Radios May Be Easily Cracked
• 18:33 : Mysterious Crime Spree Targeted National Guard Equipment Stashes
• 18:33 : Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’
• 18:32 : Dollar Tree Refutes Cyberattack Claim, Says Leaked Data Belongs to Another Company
• 18:2 : What GPT‑5 means for IT teams, devs, and the future of AI at work
• 17:33 : GPT-5 is finally here, and you can access it for free today – no subscription needed
• 17:32 : I swapped my Sonos soundbar for one with detachable rear speakers – genius or gimmick?
• 17:32 : SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability
• 17:32 : Google Breached — What We Know, What They’re Saying
• 17:5 : IT Security News Hourly Summary 2025-08-07 18h : 16 posts
• 17:4 : Wordfence Intelligence Weekly WordPress Vulnerability Report (July 28, 2025 to August 3, 2025)
• 17:3 : From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
• 17:3 : Hacker Extradited to U.S. for $2.5 Million Tax Fraud Scheme
• 17:3 : My top 5 favorite iOS 26 features so far – and how to try them all now
• 17:3 : This AirTag key organizer has survived the ultimate torture test – and I’d buy it again any time
• 17:3 : This $180 mini projector has no business being this good for the price
• 17:3 : Proton Launches New Authenticator App With Standalone Features
• 16:35 : The TSA-approved multitool myth: I tested it on a plane so you don’t have to
• 16:34 : I’ve owned every Google Pixel flagship phone since the first – here’s why 2025 will be different
• 16:34 : The latest from Black Hat USA 2025
• 16:34 : What is the Mitre ATT&CK framework?
• 16:34 : What is COMSEC (communications security)?
• 16:34 : Packet Power EMX and EG
• 16:34 : Data breach at French telecom giant Bouygues affects millions of customers
• 16:33 : CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786
• 16:33 : February 2025 Cyber Attacks Statistics
• 16:33 : WhatsApp Has Taken Down 6.8 Million Accounts Linked to Malicious Activities
• 16:33 : CISA Warns of ‘ToolShell’ Exploits Chain Attacks SharePoint Servers – Discloses IOCs and detection signatures
• 16:33 : New Ghost Calls Attack Abuses Web Conferencing for Covert Command & Control
• 16:33 : Microsoft 365 Direct Send Weaponized to Bypass Email Security Defenses
• 16:33 : ScarCruft Hacker Group Launched a New Malware Attack Using Rust and PubNub
• 16:33 : Risk Has Moved Beyond Your Inbox
• 16:32 : VMware Cracks the Code: VCF 9.0 Delivers Enterprise Security Without Operational Sacrifice
• 16:32 : Hackers Deploy Lookalike PyPI Platform to Lure Python Developers
• 16:32 : Announcing public preview: Phishing triage agent in Microsoft Defender
• 15:34 : Amazon Breaks Up Wondery Podcast Business
• 15:34 : French AI Start-Up Mistral In Talks For $1bn Funding Round
• 15:34 : Broadcom Upgrades Jericho Data Centre Chip For AI Age
• 15:34 : Google Confirms Salesforce Data Breach by ShinyHunters via Vishing Scam
• 15:34 : ScarCruft Hacker Group Launches New Rust-Based Malware Attack Leveraging PubNub
• 15:34 : You can get a new MacBook Air M1 for $599 at Walmart – here’s the deal
• 15:34 : 10 Linux features you should be using to get the best performance and functionality
• 15:34 : Can’t upgrade your Windows 10 PC? You have 5 options – and 2 months to decide
• 15:34 : Delta Electronics DIAView
• 15:33 : Johnson Controls FX80 and FX90
• 15:33 : CISA releases malware analysis for Sharepoint Server attack
• 15:33 : Black Hat’s network ops center brings rivals together for a common cause
• 15:33 : Securing Online Writing Platforms with Passwordless Authentication
• 15:33 : 8 Essential Questions for Your Workforce Identity Verification (IDV) Vendor
• 15:32 : Securing the AI Era: Sonatype Safeguards Open Source Software Supply Chains
• 15:32 : #BHUSA: Microsoft Debuts AI Agent Able to Reverse Engineer Malware
• 15:3 : Google Agrees To Cut AI Energy Use At Peak Times
• 14:34 : Weaponizing Microsoft 365 Direct Send to Bypass Email Security Defenses
• 14:34 : Weaponized npm Packages Target WhatsApp Developers with Remote Kill Switch
• 14:33 : Why I no longer recommend pre-built SSDs for Windows PCs – and what you should buy instead
• 14:33 : Instagram adds a Snapchat-style location map – how it works
• 14:33 : 7 common household devices to unplug to save money on your electricity bill
• 14:33 : Racing Ahead with AI, Companies Neglect Governance—Leading to Costly Breaches
• 14:33 : Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)
• 14:5 : Smart Contract Scams | Ethereum Drainers Pose as Trading Bots to Steal Crypto
• 14:5 : IT Security News Hourly Summary 2025-08-07 15h : 7 posts
• 14:4 : My favorite projector from Samsung doubles as a gaming hub, and it’s on sale
• 14:4 : Think Linux desktop market share isn’t over 6%? This 15 million-system scan says otherwise
• 14:4 : Why I recommend this Asus laptop for creatives over my MacBook Pro M4 (and it’s not just price)
• 14:4 : Ridgefield Public Schools Faces 2-day Deadline After Hackers Threaten to Leak 90 GB of Stolen Data
• 14:4 : New Microsoft Exchange Vulnerability Puts Hybrid Cloud Environments at Risk
• 13:35 : Gemini AI Exploited via Google Invite Prompt Injection to Steal Sensitive User Data
• 13:35 : IRGC-Linked Hackers Target Financial, Government, and Media Organizations
• 13:35 : CISA Warns of ‘ToolShell’ Exploitation Chain Targeting SharePoint Servers; IOCs and Detections Released
• 13:35 : Winning the Game You Didn’t Choose: The Case for External Cyber Defense in Government and Education
• 13:34 : Google’s Jules AI coding tool exits beta with serious upgrades – and more free tasks
• 13:34 : 3 charging mistakes slowly killing your tablet – and what to do instead
• 13:34 : 5 reasons I’m buying the Google Pixel 10 instead of the Pro this year (and won’t regret it)
• 13:34 : TeaOnHer, a rival Tea app for men, is leaking users’ personal data and driver’s licenses
• 13:34 : Complete Protection Guide for Cybersecurity in Energy and Utilities
• 13:34 : Unveiling a New Variant of the DarkCloud Campaign
• 13:34 : New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data
• 13:33 : Hackers Use Legitimate Drivers to Kill Antivirus Processes and Lower The System’s Defenses
• 13:33 : Retail Budgets at Risk: Price-Scraping and Fraudulent Bot Attacks Are on The Rise
• 13:33 : Facebook users targeted in ‘login’ phish
• 13:33 : KLM, Air France latest major organizations looted for customer data
• 13:33 : Black Hat USA 2025 – Summary of Vendor Announcements (Part 3)
• 13:33 : Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes
• 13:32 : Google Among Victims in Ongoing Salesforce Data Theft Campaign
• 13:32 : Dashlane Password Manager ends free option: here are your alternatives
• 13:3 : Meta training AI on social media posts? Only 7% in Europe think it’s OK
• 12:32 : New Scam Involving Fake Online Gaming Sites Flood Discord, Social Media
• 12:32 : WhatsApp Rolls Out Safety Overview As An Anti-Scam Feature
• 12:32 : 5 Places to Save Money on Secure Cloud Storage with iDrive Coupons
• 12:32 : Hackers Exploit Legitimate Drivers to Disable Antivirus and Weaken System Defenses
• 12:32 : Building a Cyber-Aware Workforce: Mexico’s Push for Security Training
• 12:32 : Air France, KLM Say Hackers Accessed Customer Data
• 12:4 : ShinyHunters Target Chanel in Salesforce Linked Data Breach
• 12:4 : Akamai Ghost Platform Flaw Allows Hidden Second Request Injection
• 12:4 : The best 85-inch TVs you can buy in 2025: Big-screens for big entertainment
• 12:3 : The best VPNs with antivirus of 2025: Expert tested and reviewed
• 12:3 : Microsoft unveils Project Ire: AI that autonomously detects malware
• 12:3 : TeaOnHer, the male version of Tea, is leaking personal information on its users too
• 12:3 : SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day
• 12:3 : The AI-Powered Security Shift: What 2025 Is Teaching Us About Cloud Defense
• 12:3 : Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups
• 11:34 : New Promptware Attack Hijacks User’s Gemini AI Via Google Calendar Invite
• 11:34 : AccuKnox partners with SecuVerse.ai to deliver Zero Trust CNAPP Security for National Gaming Infrastructure
• 11:33 : China Accuses Nvidia of Putting Backdoors into Their Chips
• 11:33 : SocGholish Leverages Parrot and Keitaro TDS Systems to Push Fake Updates and Deliver Malware
• 11:33 : Nvidia Says No Backdoors, No Kill Switches, and No Spyware in its Chips
• 11:33 : HeartCrypt-Packed EDR Killer Tools ‘AVKiller’ Actively Used in Ransomware Attacks
• 11:33 : 10 Best Data Loss Prevention Software in 2025
• 11:33 : Meta accessed women’s health data from Flo app without consent, says court
• 11:32 : How Google, Adidas, and more were breached in a Salesforce scam
• 11:32 : Organizations Warned of Vulnerability in Microsoft Exchange Hybrid Deployment
• 11:32 : SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls
• 11:5 : IT Security News Hourly Summary 2025-08-07 12h : 8 posts
• 10:33 : The best free VPNs of 2025: Secure, safe, and fast VPNs
• 10:33 : CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector
• 10:33 : Gemini Exploited via Prompt Injection in Google Calendar Invite to Steal Emails, and Control Smart Devices
• 10:32 : HTTP/1.1 Fatal Vulnerability Exposes Millions of Websites to Hostile Takeover
• 10:32 : 1.2 Million Healthcare Devices and Systems Data Leaked Online – Patient Records at Risk of Exposure
• 10:32 : HashiCorp Vault 0-Day Vulnerabilities Let Attackers Execute Remote Code
• 10:32 : Malwarebytes earns MRG Effitas Android 360° Certificate for mobile threat detection
• 10:32 : New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites
• 10:4 : New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer
• 10:4 : Why I’m considering the Google Pixel 10 over the Pro models this year (and I’m not alone)
• 10:4 : Best VPNs for YouTube in 2025: 5 providers for unblocking content
• 10:3 : Power bill surging? Why you should ‘electrify’ your home before 2026
• 10:3 : Multiple Ransomware Groups are Using Tool to Kill EDR Defenses: Sophos
• 10:3 : Experts Alarmed by UK Government’s Companies House ID Checks
• 9:32 : The best antivirus software 2025
• 9:32 : CISA, Coast Guard Hunt Engagement Offer Path to Protect Critical Infrastructure
• 9:3 : ‘Ghost Calls’ Attack Exploits Web Conferencing as Hidden Command-and-Control Channel
• 9:3 : How to disable ACR on your TV – and why it makes such a big difference doing so
• 9:3 : Amnesty slams Elon Musk’s X for ‘central role’ in fueling 2024 UK riots
• 9:2 : SonicWall: Attacks Linked to Legacy Bug and Password Use
• 8:35 : UK’s Online Safety Act Comes into force – and runs into problems immediately
• 8:35 : 1.2 Million Healthcare Devices and Systems Found Exposed Online – Patient Records at Risk of Exposure, Latest Research from Modat
• 8:35 : HTTP/1.1 Vulnerability Could Let Attackers Hijack Millions of Sites
• 8:35 : SocGholish Uses Parrot and Keitaro TDS to Spread Malware via Fake Updates
• 8:35 : Nvidia Denies Presence of Backdoors, Kill Switches, or Spyware in Its Chips
• 8:34 : HeartCrypt-Packed ‘AVKiller’ Tool Actively Deployed in Ransomware Attacks to Disable EDR
• 8:34 : This mini projector beats more expensive models (and took 5 minutes to set up)
• 8:34 : I switched my TV with a 4K UST projector – and it was a visual upgrade in several ways
• 8:34 : 5 back-to-school gadgets under $50 I recommend to every student (and how they come in handy)
• 8:34 : How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments
• 8:34 : Over 100 Dell models exposed to critical ControlVault3 firmware bugs
• 8:34 : Hackers Uses Social Engineering Attack to Gain Remote Access in 300 Seconds
• 8:34 : Could agentic AI save us from the cybercrisis?
• 8:33 : Everything You Need to Know About the California Consumer Privacy Act (CCPA) in 2025
• 8:33 : Photos: Black Hat USA 2025
• 8:33 : Top solutions to watch after Black Hat USA 2025
• 8:33 : Webinar: How to Stop Python Supply Chain Attacks—and the Expert Tools You Need
• 8:33 : Gemini AI hijacked, Nvidia rejects AI chip backdoors, phishers abuse Microsoft 365
• 6:32 : WhatsApp Removes 6.8 Million Accounts Over Malicious Activity Concerns
• 6:32 : Has Cyber Been Infected With the Economic Malaise?
• 6:3 : Hackers Exploit Social Engineering to Gain Remote Access in Just 5 Minutes
• 6:2 : News alert: SpyCloud’s AI-powered platform mimics veteran analysts, speeds threat detection
• 5:32 : New Microsoft Exchange Server Vulnerability Allows Unauthorized Admin Privilege Escalation
• 5:32 : Match or trap? Online dating scams and other dangers to know
• 5:32 : Beyond PQC: Building adaptive security programs for the unknown
• 5:3 : Google’s Salesforce Environment Compromised – User Information Exfiltrated
• 5:2 : AI can write your code, but nearly half of it may be insecure
• 5:2 : Elastic AI SOC Engine helps SOC teams expose hidden threats
• 5:2 : Cybercriminals are getting personal, and it’s working
• 4:32 : New Microsoft Exchange Server Vulnerability Enables Attackers to Gain Admin Privileges
• 4:32 : Energy companies are blind to thousands of exposed services
• 2:32 : How to upgrade your deadbolt with a smart lock – and the one I recommend most
• 2:5 : IT Security News Hourly Summary 2025-08-07 03h : 5 posts
• 2:3 : ISC Stormcast For Thursday, August 7th, 2025 https://isc.sans.edu/podcastdetail/9560, (Thu, Aug 7th)
• 2:2 : Windows has a secret recovery tool – here’s how to find it and use it
• 2:2 : I changed 17 iPhone settings to instantly extend my battery life – it takes seconds
• 1:2 : Why I stopped recommending pre-built SSDs for Windows PCs – and what to buy instead
• 0:32 : Mass Internet Scanning from ASN 43350 [Guest Diary], (Thu, Aug 7th)
• 0:32 : CVE-2025-32094: HTTP Request Smuggling Via OPTIONS + Obsolete Line Folding
• 0:32 : CISA Issues Alert on Vulnerability affecting Microsoft Exchange
• 0:32 : Secrets Management Fireside Chat: Doppler, Financial Times, BODi, and Secureframe
• 0:4 : Chinese Groups Stole 115 Million US Cards in 16-Month Smishing Campaign
• 0:4 : Gartner’s AI Hype Cycle reveals which AI tech is peaking – but will it last?