IT Security News Daily Summary 2025-05-07

168 posts were published in the last hour

• 21:31 : Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage
• 21:31 : Healthcare Sector Emerges as a Prime Target for Cyber Attacks in 2025
• 20:31 : 5 Chromecast features you’re not using enough on your TV (including a smart home hack)
• 20:31 : Breaking the Password Barrier: FIDO’s Path to Seamless Security
• 20:5 : IT Security News Hourly Summary 2025-05-07 21h : 6 posts
• 20:4 : Play ransomware affiliate leveraged zero-day to deploy malware
• 20:4 : Early 2025 DDoS Attacks Signal a Dangerous Trend in Cybersecurity
• 20:4 : Appeals Court Sidesteps The Big Questions on Geofence Warrants
• 20:4 : Microsoft Discontinues Authenticator Password Manager, Shift to Edge
• 20:4 : Pulumi Enhances Developer Experience with Improved IDP and Components
• 20:4 : Randall Munroe’s XKCD ‘About 20 Pounds’
• 19:32 : Apple Looks To Add AI Search To Safari – Report
• 19:32 : AWS Study: Generative AI Tops Corporate Budget Priorities, Surpassing Cybersecurity
• 19:31 : Critical Open Source Easyjson Library Under Full Control of Russian Company
• 19:4 : Public Wary of AI-Powered Data Use by National Security Agencies, Study Finds
• 19:4 : WhatsApp Reveals “Private Processing” Feature for Cloud Based AI Features
• 19:4 : Security Researcher Uncovers Critical RCE Flaw in API Due to Incomplete Input Validation
• 18:31 : The Trump Administration Sure Is Having Trouble Keeping Its Comms Private
• 18:31 : CISA Adds Two Known Exploited Vulnerabilities to Catalog
• 18:31 : Delta Air Lines class action cleared for takeoff over CrowdStrike chaos
• 18:4 : Jeff Bezos Fund Leads Investment In AI Firm Toloka
• 18:4 : You’ll never guess which mobile browser is the worst for data collection
• 17:32 : ClickFunnels Investigates Breach After Hackers Leak Business Data
• 17:31 : UK Government Sets Timeline to Replace Passwords With Passkeys
• 17:31 : Lampion Banking Malware Employs ClickFix Lures To Steal Banking Information
• 17:31 : DPRK’s Largest Cryptocurrency Heist via a Compromised macOS Developer and AWS Pivots – Researchers Emulated
• 17:5 : IT Security News Hourly Summary 2025-05-07 18h : 7 posts
• 17:3 : 10,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Eventin WordPress Plugin
• 17:3 : 10 leading open source application security testing tools
• 17:2 : How to use arpwatch to monitor network changes
• 17:2 : Cisco’s Quantum Bet: Linking Small Machines Into One Giant Quantum Computer
• 17:2 : Trump Proposes Cutting CISA Budget by $491 Million
• 16:32 : OpenAI To Cut Microsoft Revenue Share – Report
• 16:32 : Samsung MagicINFO Server Flaw Now Actively Exploited – Huntress Uncovers Real-World Attacks
• 16:32 : CodeAnt AI Raises $2 Million for Code Quality and Application Security Platform
• 16:32 : Ascension Faces New Security Incident Involving External Vendor
• 16:32 : Posture Management Emerges as Strategic Cybersecurity Priority Amid Cloud and Data Fragmentation
• 16:32 : Cybercriminals Stole Thousands of Australians’ Banking Details
• 16:32 : Commvault Confirms Cyberattack, Says Customer Backup Data Remains Secure
• 16:31 : Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 2
• 16:31 : Introducing the AWS User Guide to Governance, Risk and Compliance for Responsible AI Adoption within Financial Services Industries
• 16:7 : Cookies Revisited: A Networking Solution for Third-Party Cookies
• 16:7 : Enterprise risk management team: Roles and responsibilities
• 16:7 : DragonForce – The Rise of a Hybrid Cyber Threat in The Ransomware Landscape of 2025
• 16:7 : Top Cyber Attacks In April 2025 You Need to Aware
• 16:7 : PoC Tool Released for Max Severity Apache Parquet Vulnerability to Detect Affected Servers
• 16:7 : Europol Take Down DDoS-for-Hire Empire & Arrested 4 Admins
• 16:6 : Wormable Linux Rootkit Attack Multiple Systems to Steal SSH Keys and Privilege Escalation
• 16:6 : Ox Security Bags $60M Series B to Tackle Appsec Alert Fatigue
• 16:6 : CrowdStrike Plans Layoffs to Pursue $10B ARR Target
• 16:6 : Inferno Drainer Returns, Stealing Millions from Crypto Wallets
• 15:32 : Kubernetes IngressNightmare: Wake Up and Fight Back with Microsegmentation
• 15:32 : NSO group slapped with $168m penalty for spreading Pegasus Malware
• 15:32 : Openreach Names 163 ‘Stop Sell’ Locations To See Full Fibre Deployment
• 15:32 : Israeli NSO Group Fined $168M for Pegasus Spyware Attack on WhatsApp
• 15:32 : T-Mobile’s data breach settlement payments are finally rolling out – how to see if you qualify
• 15:31 : BSidesLV24 – Proving Ground – Threat Modeling At Scale: More Than Shifting Left
• 15:31 : “Nationally Significant” Cyber-Attacks Have Doubled, UK’s NCSC Reports
• 15:2 : Amazon Claims Breakthrough With Robots That Can ‘Feel’ Items
• 15:2 : Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER
• 15:2 : Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed
• 15:2 : Canary Exploit tool allows to find servers affected by Apache Parquet flaw
• 15:2 : DDoS-for-Hire Network Dismantled in International Operation
• 14:32 : CrowdStrike says it will lay off 500 workers
• 14:32 : New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA
• 14:32 : Spyware Maker NSO Ordered to Pay WhatsApp $168 Million for 2019 Hack
• 14:31 : OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
• 14:31 : Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks
• 14:6 : COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs
• 14:6 : FBI issues warning as scammers target victims of crime
• 14:6 : Searchlight Cyber adds AI capabilities to summarize dark web posts and threads
• 14:6 : Barracuda Networks strenghtens threat detection with multimodal AI
• 14:5 : IT Security News Hourly Summary 2025-05-07 15h : 15 posts
• 13:32 : Check Point Named Cloud Security Innovator of the Year by ITP.NET at GISEC 2025
• 13:32 : New Sophisticated Phishing Attack Abuses Discord & Attacked 30,000 Users Worldwide
• 13:32 : Windows 0-Day Vulnerability Exploited in the Wild to Deploy Play Ransomware
• 13:32 : CISA Warns of Hackers Attacking ICS/SCADA Systems in Oil and Natural Gas Companies
• 13:31 : Critical AWS Amplify Studio Vulnerability Let Attackers Execute Arbitrary Code
• 13:31 : New Chinese Smishing Kit Dubbed ‘Panda Shop’ Steal Google, Apple Pay & Credit Card Details
• 13:2 : SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks
• 13:2 : Using Blob URLs to Bypass SEGs and Evade Analysis
• 13:2 : Verosint Vera boosts identity threat detection and response
• 12:32 : Europol, Poland Bust Major DDoS-for-Hire Operation, Arrest 4
• 12:32 : Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025
• 12:32 : PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability
• 12:32 : Toll road scams are in overdrive: Here’s how to protect yourself
• 12:31 : US Sanctions Myanmar Militia Involved in Cyber Scams
• 12:31 : PoC exploit for SysAid pre-auth RCE released, upgrade quickly!
• 12:7 : NSO Group Ordered To Pay $167m For 2019 WhatApp Exploit
• 12:7 : SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution
• 12:7 : Unsophisticated cyber actors are targeting the U.S. Energy sector
• 12:7 : Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack
• 12:7 : Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection
• 12:7 : SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
• 11:32 : Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited, Warns CISA
• 11:32 : Russian Company Gains Full Control Over Critical Open Source Easyjson Library
• 11:32 : CISA Warns of Cyber Threats to Oil and Gas SCADA and ICS Networks
• 11:32 : Chinese AI Submersible
• 11:32 : Critical Kibana Vulnerability Let Attackers Execute Arbitrary Code
• 11:32 : NSO Group Hit with $168m Fine for WhatsApp Pegasus Spyware Abuse
• 11:32 : Passkeys Set to Protect GOV.UK Accounts Against Cyber-Attacks
• 11:5 : Microsoft to say NO to passwords and to shut down Authenticator App
• 11:5 : Top 10 Cloud Security Mitigation Tactics
• 11:5 : Ox Security lands a fresh $60M to scan for vulnerabilities in code
• 11:5 : Curl project founder snaps over deluge of time-sucking AI slop bug reports
• 11:5 : AppSignal Raises $22 Million for Application Monitoring Solution
• 11:5 : BlueVoyant introduces Continuous Optimization for Microsoft Security
• 11:5 : Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
• 11:5 : IT Security News Hourly Summary 2025-05-07 12h : 6 posts
• 10:32 : Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation
• 10:32 : DragonForce: Emerging Hybrid Cyber Threat in the 2025 Ransomware Landscape
• 10:32 : Lampion Banking Malware Uses ClickFix Lures to Steal Banking Credentials
• 10:32 : Researchers Simulate DPRK’s Largest Cryptocurrency Heist Through Compromised macOS Developer and AWS Pivoting
• 10:31 : State of ransomware in 2025
• 10:31 : UK Cyber Insurance Claims Second Highest on Record
• 10:31 : UK Government Warns Retail Attacks Must Serve as a “Wake-up Call”
• 10:2 : Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits
• 10:2 : NSO Group must pay WhatsApp over $167M in damages for attacks on its users
• 10:2 : Second Ransomware Group Caught Exploiting Windows Flaw as Zero-Day
• 10:2 : Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)
• 9:31 : Second OttoKit Vulnerability Exploited to Hack WordPress Sites
• 9:31 : Talent Shortages Bite as 80% of UK Firms Hit with AI Threats
• 9:3 : Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal
• 9:3 : IBM Cognos Analytics Security Vulnerability Allowed Unauthorized File Uploads
• 9:3 : Chrome Security Patch Addresses WebAudio Vulnerability Allowing Code Execution
• 9:3 : Mirai Botnet Actively Exploiting GeoVision IoT Devices Command Injection Vulnerabilities
• 9:3 : 160-Year-Old Haulage Firm Folds Following Cyber-Attack: Director Sounds Alarm
• 9:3 : Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
• 8:32 : Critical AWS Amplify Studio Flaw Allowed Attackers to Execute Arbitrary Code
• 8:31 : Essential Cybersecurity Controls (ECC-1:2018) – A Comprehensive Guide
• 8:31 : MIWIC25: Kiranjit Kaur Shergill, Developer at Barclays
• 8:31 : US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations
• 8:6 : Blue Shield health data of nearly 5 million Californians leaked to Google
• 8:6 : U.S. CISA adds FreeType flaw to its Known Exploited Vulnerabilities catalog
• 8:5 : IT Security News Hourly Summary 2025-05-07 09h : 6 posts
• 7:34 : Severe Kibana Flaw Allowed Attackers to Run Arbitrary Code
• 7:34 : Podcast Episode: Digital Autonomy for Bodily Autonomy
• 7:33 : 41 Countries Taking Part in NATO’s Locked Shields 2025 Cyber Defense Exercise
• 7:33 : Congress challenges CISA cuts, Texas school breached, NSO pays WhatsApp
• 7:2 : IT Guy Let Girlfriend Enter into Highly Restricted Server Rooms
• 7:2 : Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable
• 7:2 : NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware
• 6:32 : IT Worker from Computacenter Let Girlfriend Into Deutsche Bank’s Restricted Areas
• 6:7 : Example of “Modular” Malware, (Wed, May 7th)
• 6:6 : Rethinking AppSec: How DevOps, containers, and serverless are changing the rules
• 5:31 : NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict
• 5:31 : Autorize: Burp Suite extension for automatic authorization enforcement detection
• 5:31 : 6 Year Old Sleeper Attack Uncovered, Fake Bank Draft Scam, and Signal Tool Breach
• 5:5 : IT Security News Hourly Summary 2025-05-07 06h : 2 posts
• 5:3 : 1 in 3 workers keep AI use a secret
• 4:31 : New Zealand kind-of moves to ban social media for under-16s, require age checks for new accounts
• 4:4 : Personal data of top executives easily found online
• 3:36 : ISC Stormcast For Wednesday, May 7th, 2025 https://isc.sans.edu/podcastdetail/9440, (Wed, May 7th)
• 2:31 : US Jury Orders NSO Group to Pay $168 Million to WhatsApp in Landmark Spyware Case
• 2:5 : IT Security News Hourly Summary 2025-05-07 03h : 1 posts
• 1:33 : Your NHI Management Is Getting Better
• 1:33 : Can NHIs Handle My Enterprise Needs?
• 1:33 : Smart Strategies for NHI Deployment
• 1:6 : Super spyware maker NSO must pay Meta $168M in WhatsApp court battle
• 0:6 : Super spyware maker NSO must pay Meta $168M in WhatsApp snoop drama
• 23:5 : IT Security News Hourly Summary 2025-05-07 00h : 8 posts
• 23:2 : It’s Not About Control — It’s About Collaboration Between Architecture and Security
• 23:2 : Urgent Warning for Gmail Users: 1.8 Billion Accounts at Risk
• 22:55 : IT Security News Daily Summary 2025-05-06
• 22:4 : Fake SSA Emails Trick Users into Installing ScreenConnect RAT
• 22:4 : AWS report: Generative AI overtakes security in global tech budgets for 2025
• 22:4 : UNC3944 Hackers Evolves from SIM Swap to Ransomware and Data Extortion
• 22:4 : The Hidden Security Risks of Data Exposure in AI-Driven Tools Like Snowflake’s CORTEX