A vulnerability in Microsoft Windows’ Remote Procedure Call (RPC) protocol has been discovered that allows attackers to manipulate core system communications and launch sophisticated server spoofing attacks. The flaw, designated CVE-2025-49760, enables unprivileged users to masquerade as legitimate system services…
Category: EN
BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats
Eclypsium researchers have demonstrated a BadCam attack against Lenovo cameras, but others may be impacted as well. The post BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
INE Named to Training Industry’s 2025 Top 20 Online Learning Library List
Cary, United States, 11th August 2025, CyberNewsWire This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: INE Named to Training Industry’s 2025 Top 20 Online Learning Library List
AI Coding Assistant: Creating the Perfect Blueprint for Attackers
AI coding tools like Claude CLI are unintentionally changing the attack surface for developers and businesses in the rapidly changing cybersecurity landscape. Gone are the days when adversaries required weeks or months of meticulous infrastructure mapping, credential probing, and tech…
Cyber Attacks, Jailbreaking GPT-5, and Hacker Summer Camp 2025 Highlights
In today’s episode of Cybersecurity Today, host David Shipley covers critical updates on recent cyber attacks and breaches impacting the US Federal judiciary’s case management systems, and SonicWall firewall compromises. He also discusses researchers’ new jailbreak method against GPT-5, which…
SSHamble: New Open-Source Tool Targets SSH Protocol Flaws
Security researchers have unveiled SSHamble, a powerful new open-source tool designed to identify vulnerabilities and misconfigurations in SSH implementations across networks. Developed by HD Moore and Rob King, the tool represents a significant advancement in SSH security testing capabilities, addressing…
MedusaLocker ransomware group is looking for pentesters
MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters. MedusaLocker is a ransomware strain that was first observed in late 2019, it encrypts files on infected systems and demands a ransom, usually…
A week in security (August 4 – August 10)
A list of topics we covered in the week of August 4 to August 10 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (August 4 – August 10)
DARPA code prize, ScarCruft adds ransomware, Columbia breach tally
DARPA awards $4 million prize for AI code review at DEF CON North Korea ScarCruft group adds ransomware to its activities Columbia University hack affects over 860,000 Huge thanks to our sponsor, Vanta Do you know the status of your…
Efimer Trojan Targets Crypto Wallets Using Phony Legal Notices and Booby-Trapped Torrents
The Efimer Trojan has emerged as a potent ClipBanker-type malware, primarily designed to steal cryptocurrency by intercepting and swapping wallet addresses in victims’ clipboards. First detected in October 2024, Efimer named after a comment in its decrypted script has evolved…
WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately
The maintainers of the WinRAR file archiving utility have released an update to address an actively exploited zero-day vulnerability. Tracked as CVE-2025-8088 (CVSS score: 8.8), the issue has been described as a case of path traversal affecting the Windows version…
Xerox FreeFlow Flaws Enable SSRF and Remote Code Execution
Xerox Corporation has released critical security updates for its FreeFlow Core software, addressing two significant vulnerabilities that could allow attackers to perform server-side request forgery (SSRF) attacks and achieve remote code execution on affected systems. The security flaws, identified as…
7-Zip Arbitrary File Write Vulnerability Allows Attackers to Execute Code
A newly disclosed security vulnerability in the popular 7-Zip file compression software has raised significant concerns in the cybersecurity community. CVE-2025-55188, discovered and reported by security researcher Landon on August 9, 2025, allows attackers to perform arbitrary file writes during…
GPT-5 Jailbreaked With Echo Chamber and Storytelling Attacks
Researchers have compromised OpenAI’s latest GPT-5 model using sophisticated echo chamber and storytelling attack vectors, revealing critical vulnerabilities in the company’s most advanced AI system. The breakthrough demonstrates how adversarial prompt engineering can bypass even the most robust safety mechanisms,…
Ghanaian fraudsters arrested for BEC/Sakawa
In Nigeria, scammers who specialize in Romance Scams and BEC are called “Yahoo Boys.” In Ghana, the term for the same activity is “Sakawa.” Several Ghanaian headlines are talking about this case with headlines such as “Multimillion dollar Sakawa” or…
How Brandolini’s law informs our everyday infosec reality
Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.” While it’s often thrown around in political debates and…
7-Zip Vulnerability Lets Hackers Write Files and Run Malicious Code
A security vulnerability has been discovered in the popular 7-Zip file compression utility that could allow attackers to write arbitrary files to victim systems and potentially execute malicious code. The flaw, tracked as CVE-2025-55188, affects all versions of 7-Zip prior…
GPT-5 Compromised Using Echo Chamber and Storytelling Exploits
Cybersecurity researchers have successfully demonstrated a new jailbreaking technique that compromises OpenAI’s GPT-5 model by combining “Echo Chamber” algorithms with narrative-driven manipulation, raising fresh concerns about the vulnerability of advanced AI systems to sophisticated exploitation methods. Novel Attack Vector Emerges…
Review: From Day Zero to Zero Day
From Day Zero to Zero Day is a practical guide for cybersecurity pros who want to move beyond reading about vulnerabilities and start finding them. It gives a methodical look at how real vulnerability research is done. About the author…
From legacy to SaaS: Why complexity is the enemy of enterprise security
In this Help Net Security interview, Robert Buljevic, Technology Consultant at Bridge IT, discusses how the coexistence of legacy systems and SaaS applications is changing the way organizations approach security. He explains why finding the right balance between old and…