For the first time in 2025, Microsoft’s Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other…
Category: EN
Congratulations to the top MSRC 2025 Q2 security researchers!
Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2025 Q2 Security Researcher Leaderboard are…
Red Team Tool Developer Shellter Admits ‘Misuse’ by Adversaries
The company behind AV/EDR evasion tool Shellter has confirmed the product is being used by threat actors This article has been indexed from www.infosecurity-magazine.com Read the original article: Red Team Tool Developer Shellter Admits ‘Misuse’ by Adversaries
Malicious Open Source Packages Surge 188% Annually
Sonatype’s latest Open Source Malware Index report has identified more than 16,000 malicious open source packages, representing a 188% annual increase This article has been indexed from www.infosecurity-magazine.com Read the original article: Malicious Open Source Packages Surge 188% Annually
Over 500 Scattered Spider Phishing Domains Poised to Target Multiple Industries
Check Point discovered around 500 suspected Scattered Spider phishing domains, suggesting the group is preparing to expand its targeting This article has been indexed from www.infosecurity-magazine.com Read the original article: Over 500 Scattered Spider Phishing Domains Poised to Target Multiple…
Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools
Researchers from Koi Security have detected 18 malicious Chrome and Edge extensions masquerading as benign productivity and entertainment tools This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as…
M&S Chair Details Ransomware Attack, Declines to Confirm if Payment Was Made
M&S chairman Archie Norman provided more insights into the April ransomware attack, but did not confirm whether a payment was made to the attackers This article has been indexed from www.infosecurity-magazine.com Read the original article: M&S Chair Details Ransomware Attack,…
Ingram Micro cyberattack, Telefonica possible breach, LLM URL recommendation problem
Ingram Micro suffers ransomware attack Hacker leaks Telefónica data allegedly from new breach ChatGPT prone to recommending wrong URLs, creating a new phishing opportunity Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right…
Call of Duty game pulled, U.S. military gets cybersecurity boost, Bank employee helped hackers
Call of Duty game pulled from PC store after reported exploit U.S. military gets cybersecurity boost Bank employee helped hackers steal $100M Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like…right…
Rubio Spoofed, RondoDox Botnet, Batavia Spyware
Four members of President Trump’s cabinet impersonated Is this some kind of a game? Batavia attacks Russian industrial companies Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know…
Ingram Micro Ransomware Attack and the Rise of Linux SSH Server Compromises
In this episode of Cybersecurity Today, host David Shipley discusses the recent Safe Play ransomware attack on technology distributor Ingram Micro, exploring its impact and ongoing recovery efforts. The script also examines a new campaign targeting misconfigured Linux servers to…
AI Threats, Enterprise Security, and Google’s Confusing Gemini Release: Cybersecurity Today
In this episode of ‘Cybersecurity Today,’ host Jim Love discusses the recent deep fake attack on high-ranking US government officials using AI voice cloning technology. The conversation highlights the growing ease and risks of AI-generated impersonations. The episode also…
2025 CyberVadis report now available for due diligence on third-party suppliers
We’re excited to announce that AWS has completed the CyberVadis assessment of its security posture with the highest score (Mature) in all assessed areas. This demonstrates our continued commitment to meet the heightened expectations for cloud service providers. Customers can now…
Spring 2025 PCI DSS compliance package available now
Amazon Web Services (AWS) is pleased to announce that three new AWS services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Amazon Verified Permissions AWS B2B Data Interchange AWS Resource Explorer…
Verizon and T-Mobile Deny Data Breaches as Millions of User Records Sold Online
User claims to sell stolen Verizon and T-Mobile data for 116 million users online Verizon says data is old T-Mobile denies any breach and links to it. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech,…
International Criminal Court Hacked via Sophisticated Cyber Campaign
The International Criminal Court (ICC), the global tribunal responsible for prosecuting serious international crimes, has been targeted by a sophisticated and highly focused cyberattack late last week. The Court confirmed that the incident, which marks the second such breach in…
Ubuntu Disables Spectre/Meltdown Protections
A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. Speculative execution was a way to speed up CPUs, and removing those enhancements resulted…
Qantas data breach could affect 6 million customers
Qantas has suffered a cyber incident that has lead to a data breach. “The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform,” the Australian airline announced today, but said…
Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign
The French cybersecurity agency identified Houken, a new Chinese intrusion campaign targeting various industries in France This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign
DCRat Targets Windows Systems for Remote Control, Keylogging, Screen Capture, and Data Theft
A sophisticated email-based attack distributing a Remote Access Trojan (RAT) known as DCRat has been recently identified by the FortiMail IR team, specifically targeting organizations in Colombia. The campaign, impersonating a Colombian government entity, leverages advanced evasion techniques to compromise…