IT Security News Daily Summary 2025-05-12

151 posts were published in the last hour

• 21:2 : Apple Updates Everything: May 2025 Edition, (Mon, May 12th)
• 21:2 : Backdoored Magento Extensions Impact Multiple Online Stores
• 21:2 : OpenAI just fixed ChatGPT’s most annoying business problem: meet the PDF export that changes everything
• 21:2 : U.S. CISA adds TeleMessage TM SGNL to its Known Exploited Vulnerabilities catalog
• 20:5 : IT Security News Hourly Summary 2025-05-12 21h : 11 posts
• 19:33 : China, US Reach Deal To Pause Punitive Tariffs
• 19:33 : New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms
• 19:32 : Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques
• 19:32 : Your old router could be a security threat – here’s why and what to do
• 19:32 : Forrester’s Top 10 Emerging Tech for 2025: Which 3 are Standouts?
• 19:32 : CISA mutes own website, shifts routine cyber alerts to Musk’s X, RSS, email
• 19:32 : Apple Patches Major Security Flaws in iOS, macOS Platforms
• 19:32 : What CIOs and CISOs Are Saying About Fake IT Workers: 4 Key Takeaways
• 19:32 : Monitoring and optimizing the cost of the unused access analyzer in IAM Access Analyzer
• 19:2 : APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations
• 19:2 : Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns
• 19:2 : AI-Based Threat Detection in Cloud Security
• 19:2 : Researchers found one-click RCE in ASUS’s pre-installed software DriverHub
• 19:2 : Why aggregating your asset inventory leads to better security
• 18:32 : 82,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in TheGem WordPress Theme
• 18:32 : The default TV setting you should turn off ASAP – and why experts recommend it
• 18:32 : Nitrogen Ransomware Exploits Antirootkit Driver File to Disable AV & EDR Tools
• 18:31 : Hackers Arrested for Ransomware Attacks on Dutch Firms, Causing €4.5 Million in Damages
• 18:31 : Marbled Dust leverages zero-day in Output Messenger for regional espionage
• 18:31 : Law enforcement takes down proxy botnets used by criminals
• 17:31 : Attackers pwn charter airline helping Trump’s deportation campaign
• 17:31 : Technical Advisory Committees Election Results
• 17:7 : FakeUpdates, Remcos, AgentTesla Top Malware Charts in Stealth Attack Surge
• 17:7 : You could get $10K from 23andMe’s data breach – how to file a claim today
• 17:7 : Horabot Unleashed: A Stealthy Phishing Threat
• 17:7 : Lumma Stealer Evolves with New PowerShell Tools & Advanced Techniques
• 17:6 : Linux Firewall IPFire 2.29 Core Update 194 Released with Security Enhancements
• 17:6 : Implementing safety guardrails for applications using Amazon SageMaker
• 17:5 : IT Security News Hourly Summary 2025-05-12 18h : 20 posts
• 16:31 : India Issues Alert On Pakistan-Based Malware “Dance of the Hillary”
• 16:31 : How to disable ACR on your TV (and why you shouldn’t wait to do it)
• 16:31 : Encrypt AI, Protect Your IP: DataKrypto Tackles the LLM Security Crisis While Redefining What Encryption Should Be!
• 16:4 : What should we learn from International Anti Ransomware Day
• 16:4 : Update to How CISA Shares Cyber-Related Alerts and Notifications
• 16:4 : Vulnerability Summary for the Week of May 5, 2025
• 16:4 : Hacktivist Attacks on India Overstated Amid APT36 Espionage Threat
• 15:32 : Open Source Linux Firewall IPFire 2.29 – Core Update 194 Released: What’s New!
• 15:32 : Kimsuky Hacker Group Employs New Phishing Tactics & Malware Infections
• 15:32 : BSidesLV24 – Proving Ground – Demystifying SBOMs: Strengthening Cybersecurity Defenses
• 15:32 : ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
• 15:31 : ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files
• 15:7 : 20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week
• 15:7 : Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft
• 15:7 : How Trustworthy Is Big Data?
• 15:7 : Your password manager is under attack: How to defend yourself against a new threat
• 15:7 : The Ongoing Risks of Hardcoded JWT Keys
• 15:7 : Cybersecurity Agencies on High Alert as Attacks Spike After Pahalgam Incident
• 15:7 : SentinelOne EDR Exploit Allows Babuk Ransomware Deployment Through Installer Abuse
• 15:7 : Kelly Benefits Data Leak Affects 260,000 People
• 15:7 : ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
• 15:6 : #Infosec2025: Experts to Shine Light on Vendor Supply Chain Resilience Against Third-Party Risks
• 15:6 : Criminal Proxy Network Infects Thousands of IoT Devices
• 14:33 : Phishing Campaign Uses Blob URLs to Bypass Email Security and Avoid Detection
• 14:33 : “PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram
• 14:33 : Security Firm Andy Frain Says 100,000 People Impacted by Ransomware Attack
• 14:5 : It Is 2025, And We Are Still Dealing With Default IoT Passwords And Stupid 2013 Router Vulnerabilities, (Mon, May 12th)
• 14:5 : IT Security News Hourly Summary 2025-05-12 15h : 11 posts
• 14:4 : Is your Microsoft account passwordless yet? Why it (probably) should be and how to do it right
• 14:4 : 100 leading AI scientists map route to more ‘trustworthy, reliable, secure’ AI
• 14:4 : Threat actors use fake AI tools to deliver the information stealer Noodlophile
• 14:4 : Google Researchers Leverage Mach IPC Messages to Find and Exploit Sandbox Escapes
• 14:4 : VMware Tools Vulnerability Let Attackers Tamper Files to Trigger Malicious Operations
• 14:4 : ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
• 13:31 : AI, Agents, and the Future of Cyber Security
• 13:31 : Ransomware Reloaded: Why 2025 Is the Most Dangerous Year Yet
• 13:31 : ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
• 13:5 : Google Agrees to $1.3 Billion Settlement in Texas Privacy Lawsuits
• 13:5 : Hunted Labs Entercept combats software supply chain attacks
• 13:4 : Compromised SAP NetWeaver instances are ushering in opportunistic threat actors
• 13:4 : ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
• 13:4 : EU Launches Free Entry-Level Cyber Training Program
• 12:33 : VMware Tools Vulnerability Allows Attackers to Modify Files and Launch Malicious Operations
• 12:33 : SAP NetWeaver Vulnerability Exploited in Wild by Chinese Hackers
• 12:33 : Hackers Leverage JPG Images to Execute Fully Undetectable Ransomware
• 12:33 : 437,000 Impacted by Ascension Health Data Breach
• 12:32 : Security Gamechangers: CrowdStrike’s AI-Native SOC & Next Gen SIEM Take Center Stage at RSAC 2025
• 12:6 : Zero Trust in the Age of Digital Transformation: The New Cybersecurity Paradigm
• 12:6 : The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That
• 11:32 : Florida Backdoor Bill Fails
• 11:31 : US Deportation Airline GlobalX Confirms Hack
• 11:31 : Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks
• 11:31 : FreeDrain Phishing Scam Drains Crypto Hobbyists’ Wallets
• 11:5 : CoreWeave ‘Seeking $1.5bn In Debt’ After IPO Disappointment
• 11:5 : Deepfakes, Scams, and the Age of Paranoia
• 11:5 : Hackers Exploit Copilot AI for SharePoint to Access Passwords & Other Sensitive Data
• 11:5 : Cybercrime Escalates in 2025 as Hackers Target Everyday Devices with Sophisticated Attacks
• 11:5 : Microsoft Releases Detailed Guide to Fix Windows Blue Screen Errors
• 11:5 : IT Security News Hourly Summary 2025-05-12 12h : 6 posts
• 11:4 : Hackers Exploiting Legacy Protocols in Microsoft Entra ID to Bypass MFA & Conditional Access
• 11:4 : Major Retail Chains Suffer Data Breaches Amid Rising Cyber Threats to Consumer Trust
• 11:4 : A week in security (May 4 – May 10)
• 11:4 : Cybersecurity’s Early Warning System: How Live Network Traffic Analysis Detects The ‘Shock Wave’ Before the Breach ‘Tsunami’
• 11:4 : Firewall Rule Bloat: The Problem and How AI can Solve it
• 10:7 : UK Government Backs AESC EV Battery Plant In £1bn Deal
• 10:7 : Huawei Shows First HarmonyOS Laptop
• 10:7 : Murdered Man Addresses Arizona Court In AI Video
• 10:7 : Google Settles Race Discrimination Lawsuit For $50m
• 10:7 : Anthropic Says DOJ Plan Would Harm AI Investment
• 10:7 : New SEO Poisoning Campaign Targeting IT Admins With Malware
• 10:6 : Metasploit Update Adds Erlang/OTP SSH Exploit and OPNSense Scanner
• 10:6 : Britain’s cyber agents and industry clash over how to tackle shoddy software
• 10:6 : German Authorities Take Down Crypto Swapping Service eXch
• 10:6 : Ensuring High Availability and Resilience in the ‘Everything App’ Era
• 10:6 : Resecurity One simplifies cybersecurity operations
• 9:33 : Google Researchers Use Mach IPC to Uncover Sandbox Escape Vulnerabilities
• 9:33 : A Subtle Form of Siege: DDoS Smokescreens as a Cover for Quiet Data Breaches
• 9:33 : Assessment Frameworks for NIS Directive Compliance
• 9:33 : PoC Exploit Released For Linux Kernel’s nftables Subsystem Vulnerability
• 9:32 : New Phishing Attack Abusing Blob URLs to Bypass SEGs and Evade Analysis
• 9:32 : Japanese Account Hijackers Make $2bn+ of Illegal Trades
• 9:4 : US Announces Botnet Takedown, Charges Against Russian Administrators
• 8:34 : Hackers Exploit Legacy Protocols in Microsoft Entra ID to Bypass MFA and Conditional Access
• 8:34 : Cybercriminals Hide Undetectable Ransomware Inside JPG Images
• 8:33 : Unending ransomware attacks are a symptom, not the sickness
• 8:33 : Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures
• 8:33 : German Police Shutter “eXch” Money Laundering Service
• 8:5 : IT Security News Hourly Summary 2025-05-12 09h : 5 posts
• 8:4 : Mitel SIP Phone Flaws Allow Attackers to Inject Malicious Commands
• 8:4 : Defendnot: A Tool That Disables Windows Defender by Registering as Antivirus
• 8:4 : Hackers Abuse Copilot AI in SharePoint to Steal Passwords and Sensitive Data
• 7:32 : Nvidia ‘Downgrading’ H20 AI Chip For China
• 7:32 : Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution
• 7:31 : Critical Vulnerabilities in Mitel SIP Phones Let Attackers Inject Malicious Commands
• 7:31 : Japan finance hacks, Pearson suffers cyberattack, Teams blocks screen captures
• 7:4 : Microsoft Teams to Safeguard Meetings by Blocking Screen Snaps
• 7:4 : German police seized eXch crypto exchange
• 7:4 : When Visibility Meets Action in NHS Cybersecurity
• 7:4 : Bluetooth 6.1 released, enhances privacy and power efficiency
• 6:32 : Cyber Threats Target HR, AI Tools, and Critical Infrastructure: A Comprehensive Update
• 6:2 : DragonForce Ransomware targeting M&S vows not to target Russia or Soviet Union
• 6:2 : Can Your Photos Stored Online Cause Privacy Concerns
• 6:2 : New Exploit Method Extracts Microsoft Entra Tokens Through Beacon
• 6:2 : How to give better cybersecurity presentations (without sounding like a robot)
• 6:2 : Why security teams cannot rely solely on AI guardrails
• 5:31 : PoC Code Published for Linux nftables Security Vulnerability
• 5:31 : SPIRE: Toolchain of APIs for establishing trust between software systems
• 5:2 : DOGE worker’s old creds found exposed in infostealer malware dumps
• 5:2 : Facebook Flaws and Privacy Laws: A Journey into Early Social Media Security from 2009
• 5:2 : Layoffs pose a cybersecurity risk: Here’s why offboarding matters
• 4:31 : Despite drop in cyber claims, BEC keeps going strong
• 2:8 : ISC Stormcast For Monday, May 12th, 2025 https://isc.sans.edu/podcastdetail/9446, (Mon, May 12th)
• 23:5 : IT Security News Hourly Summary 2025-05-12 00h : 2 posts
• 23:4 : Justify Your Investment in Cloud-Native NHIs
• 23:4 : Achieve Stability with Streamlined Secrets Management
• 22:58 : IT Security News Weekly Summary 19
• 22:55 : IT Security News Daily Summary 2025-05-11