A critical remote code execution vulnerability has been discovered in Lighthouse Studio, one of the most widely deployed yet relatively unknown survey software platforms developed by Sawtooth Software. The flaw, designated CVE-2025-34300, affects the Perl CGI scripts that power web-based…
Author: IT Security News Bot
Marketing, Law Firms Say Data Breaches Impact Over 200,000 People
Cierant Corporation and Zumpano Patricios independently disclosed data breaches, each impacting more than 200,000 individuals. The post Marketing, Law Firms Say Data Breaches Impact Over 200,000 People appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Assessing the Role of AI in Zero Trust
By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it’s now a requirement that organizations must adopt. A robust, defensible architecture built on Zero Trust principles does more…
⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More
Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on zero-days. They work by staying unnoticed—slipping through the cracks…
Microsoft Confirms Hackers Exploiting SharePoint Flaws, Patch Now
Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Microsoft Confirms…
Surveillance Firm Exploits SS7 Flaw to Track User Locations
A sophisticated surveillance operation has been discovered exploiting critical vulnerabilities in the global telecommunications infrastructure to track mobile phone users’ locations without authorization, security researchers have revealed. The attack leverages weaknesses in the decades-old SS7 (Signaling System No. 7) protocol…
Microsoft issues emergency patches for SharePoint zero-days exploited in “ToolShell” attacks
Microsoft patched an exploited SharePoint flaw (CVE-2025-53770) and disclosed a new one, warning of ongoing attacks on on-prem servers. Microsoft released emergency SharePoint updates for two zero-day flaws, tracked as CVE-2025-53770 and CVE-2025-53771, exploited since July 18 in attacks dubbed…
Another Supply Chain Vulnerability
ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation…
The Overlooked Risk in AI Infrastructure: Physical Security
As artificial intelligence (AI) accelerates across industries from financial modeling and autonomous vehicles to medical imaging and logistics optimization, one issue consistently flies under the radar: Physical security. The post The Overlooked Risk in AI Infrastructure: Physical Security appeared first…
How quickly do we patch? A quick look from the global viewpoint, (Mon, Jul 21st)
Since the ongoing “ToolShell†exploitation campaign, in which threat actors attack on-premise Sharpoint servers using a chain of two recently published vulnerabilities[1,2,3], is still on top of the cyber security news[4,5,6,7], I thought it might be a good time to…
Google Patched A Chrome Zero-Day That Allowed Sandbox Escape
Google recently addressed a serious zero-day vulnerability in its Chrome browser that allowed sandbox escape.… Google Patched A Chrome Zero-Day That Allowed Sandbox Escape on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article…
GameForge AI Hackathon 2025: Building the Bridge Between Natural Language and Game Creation
A 72-hour sprint that produced working solutions for one of game development’s hardest problems: making it accessible to non-programmers. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: GameForge…
CoinDCX Hack Leads to $44.2 Million Loss
Major Indian cryptocurrency exchange CoinDCX has confirmed a significant security breach that resulted in approximately $44 million in losses, though company executives maintain that customer funds remain completely secure and unaffected by the incident. CoinDCX co-founder Sumit Gupta publicly confirmed…
IT Security News Hourly Summary 2025-07-21 12h : 7 posts
7 posts were published in the last hour 9:32 : UBTech Humanoid Robot Changes Own Battery 9:32 : The SOC files: Rumble in the jungle or APT41’s new target in Africa 9:5 : Microsoft AppLocker Flaw Lets Malicious Apps Bypass…
Microsoft Bars China Tech Support From US Military After Critical Report
Microsoft changes US government practices after report details use of China-based engineers to service US military computer systems This article has been indexed from Silicon UK Read the original article: Microsoft Bars China Tech Support From US Military After Critical…
New GhostContainer Malware Hits High-Value MS Exchange Servers in Asia
Kaspersky’s SecureList reveals GhostContainer, a new, highly customized backdoor targeting government and high-tech organizations in Asia via Exchange server vulnerabilities. Learn how this APT malware operates and how to stay protected. This article has been indexed from Hackread – Latest…
Why Agentic Security Doesn’t Mean Letting Go of Control
Autonomous agents are changing the way we think about security. Not in the distant future, right now. These systems (intelligent, self-directed, and capable of making decisions) are starting to play an active role in the SOC. They’re not only collecting…
HPE Warns of Aruba Hardcoded Credentials Allowing Attackers to Bypass Device Authentication
A critical vulnerability in Hewlett Packard Enterprise (HPE) Aruba Networking Instant On Access Points could allow attackers to bypass device authentication mechanisms completely. The vulnerability, tracked as CVE-2025-37103, stems from hardcoded login credentials embedded within the devices’ software, presenting a…
CoinDCX Hacked – $44.2 million Wiped off From the Platform
India’s second-largest cryptocurrency exchange, CoinDCX, confirmed a sophisticated security breach on July 19, 2025, resulting in approximately $44.2 million being stolen from the platform. This incident marks another significant cyberattack on India’s crypto infrastructure, coming exactly one year after the…
Securing Revenue Data in the Cloud: Compliance and Trust in a Digital Age
With cyberthreats intensifying and regulatory bodies tightening oversight, securing revenue data in the cloud is essential. The post Securing Revenue Data in the Cloud: Compliance and Trust in a Digital Age appeared first on Security Boulevard. This article has been…