IT Security News Daily Summary 2025-05-20

180 posts were published in the last hour

• 21:31 : Fitting Cybersecurity Investments into Your Budget
• 21:31 : Free to Choose the Right Security for Your Cloud
• 20:8 : Why Your MTTR Is Too Slow — And How to Fix It Fast
• 20:5 : IT Security News Hourly Summary 2025-05-20 21h : 4 posts
• 19:31 : New RedisRaider Campaign Attacking Linux Servers by Abusing Redis Configuration
• 19:6 : New Go-Based Malware ‘RedisRaider’ Exploits Redis Servers to Mine Cryptocurrency
• 19:6 : 4G Calling (VoLTE) flaw allowed to locate any O2 customer with a phone call
• 18:32 : Securing iCloud Accounts – Best Practices for iPhone Users
• 18:32 : Hackers Exploit TikTok & Instagram APIs to Validate Stolen Accounts
• 18:32 : Preventing App-Based Threats on Android Devices – 2025’s Security Landscape
• 18:31 : Randall Munroe’s XKCD ‘Renormalization’
• 18:2 : The best VPN services for iPhone in 2025: Expert tested and reviewed
• 17:31 : The people in Elon Musk’s DOGE universe
• 17:31 : The State of AI in Cybersecurity 2025: What’s Working, What’s Lagging, and Why It Matters Now More Than Ever
• 17:5 : IT Security News Hourly Summary 2025-05-20 18h : 25 posts
• 17:4 : How to Enable iOS Lockdown Mode for Enhanced Protection Against Sophisticated Cyber Threats
• 17:4 : OneDrive New Feature of Syncing Personal & Corporate Account is Rolling Out
• 17:4 : Best Android Security Apps for Enterprise and Personal Use
• 17:4 : Hackers Attacking Organizations with Weaponized RAR Archive to Deliver Pure Malware
• 17:4 : Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery
• 17:4 : How to automate incident response for Amazon EKS on Amazon EC2
• 16:32 : AI agent adoption is driving increases in opportunities, threats, and IT budgets
• 16:32 : Danfoss AK-SM 8xxA Series
• 16:32 : Please Drone Responsibly: C-UAS Legislation Needs Civil Liberties Safeguards
• 16:32 : Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
• 16:31 : Application Security Testing: Security Scanning and Runtime Protection Tools
• 16:4 : Ransomware attack on UK Food Distributor to supermarkets
• 16:4 : ABUP IoT Cloud Platform
• 16:4 : National Instruments Circuit Design Suite
• 16:4 : Safeguarding Personal Privacy in the Age of AI Image Generators
• 16:4 : Understanding Cybersquatting: How Malicious Domains Threaten Brands and Individuals
• 16:4 : Here’s Why Websites Are Offering “Ad-Lite” Premium Subscriptions
• 16:4 : Uncensored AI Tool Raises Cybersecurity Alarms
• 15:36 : Accenture Files Leak – New Research Reveals Projects Controlling Billions of User Data
• 15:35 : INDIA Launches e-Zero FIR To Bolster Cybercrime Crackdown
• 15:35 : Stopping Chargeback Abuse: How Device Identification Protects Your Bottom Line
• 15:35 : Standards for a Machine‑First Future: SPICE, WIMSE, and SCITT
• 15:35 : Scripting Outside the Box: API Client Security Risks (2/2)
• 15:35 : 100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
• 15:7 : The End of VPNs — Part 2: Beyond the Buzz of Zero Trust
• 15:7 : Hazy Hawk Attack Spotted Targeting Abandoned Cloud Assets Since 2023
• 15:7 : More_Eggs Malware Uses Job Application Emails to Distribute Malicious Payloads
• 15:7 : Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT
• 15:7 : A security key for every employee? YubiKey-as-a-Service goes global
• 15:7 : GitHub Copilot’s New AI Coding Agent Saves Developers Time – And Requires Their Oversight
• 15:7 : Android Security Guide – Safeguarding Against Malware in 2025
• 15:7 : Serviceaide Cyber Attack Exposes 480,000 Catholic Health Patients’ Data
• 15:7 : 5 Ways to Connect IOCs to Real-World Threats for SOC Teams
• 15:6 : CISA Adds MDaemon Email Server XSS Vulnerability to KEV Catalog Following Exploitation
• 15:6 : VMware ESXi & vCenter Vulnerability Let Attackers Run Arbitrary Commands
• 15:6 : Debt Collector Data Breach Affects 200,000 Harbin Clinic Patients
• 14:32 : RedisRaider Campaign Targets Linux Servers by Exploiting Misconfigured Redis Instances
• 14:31 : Russian APT Groups Intensify Attacks in Europe with Zero-Day Exploits and Wipers
• 14:5 : IT Security News Hourly Summary 2025-05-20 15h : 19 posts
• 14:3 : Researchers Scanning the Internet, (Tue, May 20th)
• 14:3 : Regeneron to Buy 23andMe for $256M Amid Growing Data Privacy Concerns
• 14:3 : Hackers Abuse TikTok and Instagram APIs to Verify Stolen Account Credentials
• 14:3 : iPhone Security 101 – Protecting Your Device from Phishing Scams
• 14:2 : Microsoft to Integrate AI With Windows 11 File Explorer
• 14:2 : WordPress Plugin Vulnerability Exposes 22,000 Sites to Cyber Attacks
• 14:2 : NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
• 14:2 : The OpenSSL Corporation and the OpenSSL Foundation Launch Distinguished Contributor Awards with OpenSSL 3.5 Honorees
• 13:32 : LockBit Leak Shows Affiliates Use Pressure Tactics, Rarely Get Paid
• 13:32 : Hackers Use Weaponized RAR Archives to Deliver Pure Malware in Targeted Attacks
• 13:32 : CISA Includes MDaemon Email Server XSS Flaw in KEV Catalog
• 13:32 : Exploiting the AI Boom: How Threat Actors Are Targeting Trust in Generative Platforms like Kling AI
• 13:32 : Cynet boosts AI-powered threat detection accuracy
• 13:31 : AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
• 13:31 : South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
• 13:5 : Cyberattack on Serviceaide Compromises Data of 480,000 Catholic Health Patients
• 13:5 : A security key for every employee? Yubikey-as-a-Service goes global
• 13:4 : China-linked UnsolicitedBooker APT used new backdoor MarsSnake in recent attacks
• 13:4 : 23andMe and its customers’ genetic data bought by a pharmaceutical org
• 13:4 : Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers
• 13:4 : Red Hat Enterprise Linux 10 helps mitigate future quantum-based threats
• 13:4 : Product showcase: Secure digital and physical access with the Swissbit iShield Key 2
• 12:32 : Security Flaw in WordPress Plugin Puts 22,000 Websites at Risk of Cyber Attacks
• 12:32 : Threat Actors Deploy Bumblebee Malware via Poisoned Bing SEO Results
• 12:32 : Cloud Security and Privacy: Best Practices to Mitigate the Risks
• 12:32 : How to create a remote access policy, with template
• 12:32 : DPRK IT Workers Pose as Polish & US Nationals to Obtain Full-Stack Developer Roles
• 12:32 : Phishing Attack Prevention – Best Practices for 2025
• 12:32 : Adidas Data Breach – Customers’ Personal Information Exposed
• 12:32 : Threat Actors Deliver Bumblebee Malware Poisoning Bing SEO
• 12:32 : Ransomware attack on food distributor spells more pain for UK supermarkets
• 12:32 : TrustCloud Raises $15 Million for Security Assurance Platform
• 12:31 : Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit
• 12:5 : Compromised RVTools Installer Spreading Bumblebee Malware
• 12:5 : Qilin Exploits SAP Zero-Day Vulnerability Weeks Ahead of Public Disclosure
• 12:4 : Critical VMware Cloud Foundation Vulnerability Exposes Sensitive Data
• 12:4 : Your Data, Your Responsibility: Securing Your Organization’s Future in the Cloud
• 12:4 : Ransomware Simulation Playbook- Build Real-World Cyber Resilience Without Paying the Price
• 12:4 : The Crowded Battle: Key Insights from the 2025 State of Pentesting Report
• 12:4 : Mounting GenAI Cyber Risks Spur Investment in AI Security
• 11:32 : WordPress Plugin Flaw Puts 22,000 Websites at Risk of Cyber Attacks
• 11:32 : DoorDash Hack
• 11:32 : Tor Browser 14.5.2 Released With Bug Fixes & New Capabilities
• 11:32 : Malicious npm Package in Koishi Chatbots Silently Exfiltrate Sensitive Data in Real Time
• 11:32 : O2 VoLTE Vulnerability Exposes Location of Any Customer With a Phone Call
• 11:32 : Telecommunications Companies in Spain Experiencing Downtime
• 11:32 : Malware-infected printer delivered something extra to Windows users
• 11:31 : Trojanized KeePass opens doors for ransomware attackers
• 11:31 : Outpost24 simplifies threat analysis with AI-enhanced summaries
• 11:7 : UAE Recruiting US Personnel Displaced by DOGE to Work on AI for its Military
• 11:7 : DPRK IT Workers Impersonate Polish and US Nationals to Secure Full-Stack Developer Positions
• 11:5 : IT Security News Hourly Summary 2025-05-20 12h : 9 posts
• 10:32 : Spain Orders Airbnb To Shut Down Listings
• 10:32 : Court Rules Delta Can Pursue CrowdStrike Over Mass Outage
• 10:32 : Critical Multer Vulnerability Puts Millions of Node.js Apps at Risk
• 10:31 : What to Expect When You’re Convicted
• 10:31 : O2 Service Vulnerability Exposed User Location
• 10:31 : CloudSEK Raises $19 Million for Threat Intelligence Platform
• 10:8 : Duping Cloud Functions: An emerging serverless attack vector
• 10:7 : New Nitrogen Ransomware Targets Financial Firms in the US, UK and Canada
• 10:7 : Windows 11 Privilege Escalation Vulnerability Let Attackers Gain Admin Access in Under 300 Milliseconds
• 10:7 : Government Organizations Lose Nearly a Month in Downtime for Every Ransomware Attack
• 10:7 : UK’s Legal Aid Agency discloses a data breach following April cyber attack
• 10:7 : Intruder vs. Pentest Tools vs. Attaxion: Selecting The Right Security Tool
• 10:7 : Microsoft Releases Emergency Fix for BitLocker Recovery Issue
• 10:7 : Madhu Gottumukkala Officially Announced as CISA Deputy Director
• 10:6 : The Windows Subsystem for Linux goes open source
• 10:6 : Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization
• 9:32 : Italy Fines Replika AI Maker £4m Over Child Safety
• 9:32 : AMD Sells ZT’s AI Server Manufacturing Unit To Sanmina
• 9:32 : Microsoft Issues Urgent Patch to Resolve BitLocker Recovery Problem
• 9:32 : O2 VoLTE Flaw Allows Tracking of Customers’ Locations Through Phone Calls
• 9:31 : Half of Consumers Targeted by Social Media Fraud Ads
• 9:6 : Malicious npm Package in Koishi Chatbots Steals Sensitive Data in Real Time
• 9:6 : Virgin Media O2 patches hole that let callers snoop on your coordinates
• 9:6 : Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse
• 9:6 : New 23andMe Buyer Regeneron Promises to Prioritize Security
• 8:32 : Dell Taps Nvidia Blackwell Ultra For Latest AI Servers
• 8:32 : Microsoft’s GitHub Offers AI Coding Agent
• 8:32 : Tycoon2FA Linked Phishing Attack Targeting Microsoft 365 Users to Steal Logins
• 8:32 : W3LL Phishing Kit Actively Attacking Users to Steal Outlook Login Credentials
• 8:31 : CISA Adds Ivanti EPMM 0-day to KEV Catalog Following Active Exploitation
• 8:31 : Multiple pfSense Firewall Vulnerabilities Let Attackers Inject Malicious Codes
• 8:9 : Engineering Calm in Crisis: Lessons from the Frontlines of Security
• 8:9 : W3LL Phishing Kit Launches Active Campaign to Steal Outlook Login Credentials
• 8:9 : Tor Browser 14.5.2 Released: Bug Fixes and Enhanced Features
• 8:9 : Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang
• 8:8 : CampusGuard ScriptSafe prevents unauthorized script execution
• 8:8 : Absolute Extreme Resilience accelerates recovery following cyberattacks and IT incidents
• 8:5 : IT Security News Hourly Summary 2025-05-20 09h : 9 posts
• 7:32 : The Rise of Shadow Apps: How Rogue Spreadsheets Are Undermining Your Business
• 7:32 : Huawei Debuts HarmonyOS Laptop With 18-Inch Folding Display
• 7:31 : Commvault enhances cyber resilience for Red Hat OpenShift Virtualization workloads
• 7:31 : Legal Aid breached, patients at risk from cyberattacks, 23andMe buyer
• 7:2 : Critical pfSense Firewall Flaws Enable Attackers to Inject Malicious Code
• 7:2 : CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog
• 7:2 : Accenture Files Leaked – New Investigation Exposed Dark Side of Accenture Projects Controlling Billion of Users Data
• 7:2 : New Phishing Attack Mimic as Zoom Meeting Invites to Steal Login Details
• 7:2 : Malware Evasion Techniques – What Defenders Need to Know
• 7:2 : Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
• 6:32 : Honeypots become a strategic layer in cyber defence
• 6:32 : Microsoft 365 Users Targeted by Tycoon2FA Linked Phishing Attack to Steal Credentials
• 6:32 : Closing security gaps in multi-cloud and SaaS environments
• 6:4 : UK Cyber Crime takes a new turn towards TV show the Blacklist
• 6:4 : How a Turing Test Can Curb AI-Based Cyber Attacks
• 6:4 : Chinese APT Hackers Attacking Orgs via Korplug Loaders and Malicious USB Drives
• 6:4 : Containers are just processes: The illusion of namespace security
• 5:5 : IT Security News Hourly Summary 2025-05-20 06h : 1 posts
• 5:4 : New Hannibal Stealer With Stealth & Obfuscation Evades Detection
• 5:4 : AI voice hijacking: How well can you trust your ears?
• 5:4 : Why legal must lead on AI governance before it’s too late
• 4:9 : Protecting Against Info-Stealers – A Practical Resource
• 4:9 : ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs & Images in Shared Chats
• 4:9 : Cybersecurity jobs available right now: May 20, 2025
• 3:7 : Recent Evolution of Browser-based Cyber Threats, and What to Expect Next
• 2:32 : Ransomware’s Next Target: Strengthening Critical Infrastructure Against Emerging Cyber Threats
• 2:32 : Cybercrime-as-a-Service – Countering Accessible Hacking Tools
• 2:4 : ISC Stormcast For Tuesday, May 20th, 2025 https://isc.sans.edu/podcastdetail/9458, (Tue, May 20th)
• 0:2 : CISA has a new No. 2 … but still no official top dog
• 23:5 : IT Security News Hourly Summary 2025-05-20 00h : 3 posts
• 23:2 : CISA has a new No. 2 – but still no official top dog
• 23:2 : Adapting to New Security Challenges in the Cloud
• 23:2 : Feeling Relieved with Solid Secrets Management
• 23:2 : Getting Better at Preventing Identity Theft
• 23:2 : Relaxing the Burden of Compliance with Automation
• 22:55 : IT Security News Daily Summary 2025-05-19