IT Security News Daily Summary 2025-05-28

167 posts were published in the last hour

• 20:36 : Microsoft Entra Design Lets Guest Users Gain Azure Control, Researchers Say
• 20:35 : Victoria’s Secret hit by outages as it battles security incident
• 20:35 : What Your Traffic Logs Aren’t Telling You About Cloud Security
• 20:6 : MATLAB Maker MathWorks Recovering From Ransomware Attack
• 20:5 : IT Security News Hourly Summary 2025-05-28 21h : 5 posts
• 19:33 : Less is more: Meta study shows shorter reasoning improves AI accuracy by 34%
• 19:33 : Instagram Boss Warns of ‘Sophisticated’ Google Phishing Scam
• 19:33 : Randall Munroe’s XKCD ‘Mass Spec’
• 19:33 : BSidesLV24 – PasswordsCon – CVE Hunting: Wi-Fi Routers, OSINT & ‘The Tyranny Of The Default’
• 19:2 : Attack on LexisNexis Risk Solutions exposes data on 300k +
• 18:31 : FTC Orders GoDaddy to Bolster its Security After Years of Attacks
• 18:5 : xAI Pays Telegram $300m To Deploy Its Grok AI Chatbot
• 18:5 : Zanubis Android Malware Harvests Banking Credentials and Executes Remote Commands
• 18:5 : Deepfake-posting man faces huge $450,000 fine
• 18:4 : Pakistan Arrests 21 in ‘Heartsender’ Malware Service
• 18:4 : Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry
• 18:4 : Check Point to Acquire Veriti to Transform Threat Exposure Management
• 18:4 : The Insidious Effort to Privatize Public Airwaves | EFFector 37.5
• 18:4 : Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware
• 18:4 : Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack
• 18:4 : Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore
• 17:32 : Fake AI Video Tool Ads on Facebook, LinkedIn Spread Infostealers
• 17:32 : Worldwide Operation Shuts Down Hundreds of Ransomware Servers and Domains, Ending Key Attack Infrastructure
• 17:31 : Cybercriminals Are Turning Ordinary Citizens Into Money Mules in a New ‘Rent-a-Bank-Account’ Scam
• 17:31 : Cortex XDR Named 2025 Gartner Customers’ Choice for Endpoint Security
• 17:31 : 3 SOC Metrics Improved With Sandbox Analysis
• 17:7 : The Future of Cybersecurity – Trends Shaping the Industry
• 17:7 : 364,000 Impacted by Data Breach at LexisNexis Risk Solutions
• 17:7 : How HealthTech Startups Can Build Scalable Data Governance Frameworks from Day One
• 17:6 : Your Mobile Apps May Not Be as Secure as You Think… – FireTail Blog
• 17:6 : FTC Orders GoDaddy to Bolster Its Security After Years of Attacks
• 17:6 : Malware Discovered in Procolored Printer Software, Users Advised to Update Immediately
• 17:5 : IT Security News Hourly Summary 2025-05-28 18h : 7 posts
• 16:31 : Amazon Software Deal With Stellantis ‘Winding Down’ – Report
• 16:31 : Apple Blocked 2 million Malicious App & $9 Billion in Fraudulent Transactions
• 16:9 : Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users
• 16:9 : DragonForce Ransomware Actors Exploits RMM Tools to Gain Access to Organizations
• 16:9 : Czech Government Condemns Chinese Hack on Critical Infrastructure
• 16:8 : Crypto Crime Shocker: DOJ Charges 27 In $263 Million Crypto Theft
• 15:32 : Tesla Sales In Europe Continue To Plummet
• 15:32 : Earth Lamia Hackers Exploits Vulnerabilities in Web Applications to Attack Multiple Industries
• 15:32 : Guide for delivering frequently software features that matter (series)
• 15:32 : BSidesLV24 – PasswordsCon – Zero Downtime Credential Rotation
• 15:32 : Klarna Scales Back AI-Led Customer Service Strategy, Resumes Human Support Hiring
• 15:31 : Surge in Skitnet Usage Highlights Evolving Ransomware Tactics
• 15:31 : Ivanti Vulnerability Exploit Could Expose UK NHS Data
• 15:3 : XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code
• 15:3 : Russian APT28 Hackers Attacking NATO-aligned Organizations to Steal Sensitive Data
• 15:3 : Evertz SDN Vulnerabilities Enable Unauthenticated Arbitrary Command Execution
• 15:3 : Is that extension safe? This free tool lets you know before you install
• 15:3 : Comparing Windows Hello vs. Windows Hello for Business
• 15:3 : New PumaBot targets Linux IoT surveillance devices
• 15:2 : WordPress TI WooCommerce Wishlist Plugin Vulnerability Exposes 100,000+ Websites To Cyberattack
• 15:2 : 93+ Billion Stolen Users’ Cookies Flooded by Hackers on the Dark Web
• 15:2 : Incident Response Planning – Preparing for Data Breaches
• 15:2 : Threat Actors Impersonate Fake Docusign Notifications To Steal Corporate Data
• 15:2 : 251 Malicious IPs Attacking Cloud-Based Devices Leveraging 75 Exposure Points
• 15:2 : Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File
• 15:2 : Fake Bitdefender Site Spreads Trio of Malware Tools
• 14:32 : Texas Signs Online Safety Law Opposed By Apple, Google
• 14:32 : Zscaler to Acquire Red Canary, Enhancing AI-Powered Security Operations
• 14:32 : Threat Actors Weaponize Fake AI-Themed Websites to Deliver Python-based infostealers
• 14:31 : Data broker giant LexisNexis says breach exposed personal information of over 364,000 people
• 14:5 : IT Security News Hourly Summary 2025-05-28 15h : 8 posts
• 14:4 : [Guest Diary] Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack, (Wed, May 28th)
• 14:4 : Mark Your Calendar: APT41 Innovative Tactics
• 14:4 : 251 Malicious IPs Target Cloud-Based Device Exploiting 75 Exposure Points
• 14:4 : App Store Security: Apple stops $2B in fraud in 2024 alone, $9B over 5 years
• 14:4 : New warning issued over toll fee scams
• 14:4 : Czech Republic Accuses China of Government Hack
• 13:32 : SpaceX Starship Test Flight Ends After Breaking Apart
• 13:32 : Accelerate your Operations with AI Powered Security Management and Quantum Smart-1 Management 700/7000 Series Appliances
• 13:32 : Quantum Force Firewalls Bring Lightning-Fast Cyber Security to the Branch Office
• 13:32 : Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience
• 13:32 : Hackers Allegedly Claim AT&T Data Leak – 31M Records Exposed
• 13:32 : Cybersecurity Budgeting – Prioritizing Investments in 2025
• 13:32 : Hackers Exploiting Craft CMS Vulnerability To Inject Crypto Miner Malware
• 13:32 : Zscaler Expands AI-Driven Security Operations with Red Canary Acquisition
• 13:32 : Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites
• 13:31 : Cerby Raises $40 Million for Identity Automation Platform
• 13:31 : PlainID announces Policy Management for Agentic AI
• 13:31 : Microsoft OneDrive Flaw Exposes Users to Data Overreach Risks
• 13:7 : SilentWerewolf Attack Combines Legitimate Tools with Code Obfuscation for Stealthy Infiltration
• 13:7 : VenomRAT Malware Introduces New Tools for Password Theft and Stealthy Access
• 13:7 : Threat Actors Weaponizing DCOM to Harvest Credentials on Windows Systems
• 13:7 : The latest in phishing scams: stealing your information through fake online forms
• 13:7 : How crypto is changing the game for financial scammers
• 13:7 : Bitdefender vs McAfee: Which Antivirus Is Right for You?
• 13:7 : Working with INTERPOL and the World Economic Forum to Continue Driving Cyber Resilience in Latin America
• 13:7 : RadiantOne platform enhancements prevent identity-based attacks
• 13:7 : From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign
• 13:7 : New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
• 12:32 : Emerging FormBook Malware Threatens Windows Users with Complete System Takeover
• 12:32 : MATLAB With Over 5 Million Customers Suffers Ransomware Attack
• 12:32 : Robinhood Ransomware Operator Charged for Attacking Government and Private Networks
• 12:32 : APT36 & Sidecopy Hackers Attacks India’s Critical Infrastructure To Deploy Malware
• 12:32 : Securing Supply Chains – Mitigating Third-Party Risks
• 12:32 : Hackers Mimic Popular Antivirus Site to Deliver VenomRAT & Steal Finance Data
• 12:31 : Russian IT pro sentenced to 14 years forced labor for sharing medical data with Ukraine
• 12:31 : BalkanID IGA Lite reduces identity risk and ensures compliance
• 12:4 : Regulatory Compliance – Navigating Cybersecurity Laws
• 12:4 : Iranian Cyber Toufan Hackers Targeting Organizations To Steal Login Credentials
• 12:4 : Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities
• 12:4 : OneDrive Gives Web Apps Full Read Access to All Files
• 11:32 : Hackers Circulate Over 93 Billion Stolen User Cookies on the Dark Web
• 11:32 : Location Tracking App for Foreigners in Moscow
• 11:32 : Mental Denial of Service: Narrative Malware and the Future of Resilience
• 11:31 : Attackers hit MSP, use its RMM software to deliver ransomware to clients
• 11:31 : Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
• 11:5 : IT Security News Hourly Summary 2025-05-28 12h : 12 posts
• 11:4 : Robinhood Ransomware Operator Arrested for Attacks on Government and Private Networks
• 11:4 : Proposed HIPAA Update Makes Yearly Pen Testing Mandatory
• 10:32 : CISA Releases Executive Guide on SIEM and SOAR Platforms for Rapid Threat Detection
• 10:32 : Cybersecurity Skills Gap – Training the Next Generation
• 10:31 : CISA Releases ICS Advisories Covering Vulnerabilities & Exploits
• 10:31 : 251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
• 10:31 : How ‘Browser-in-the-Middle’ Attacks Steal Sessions in Seconds
• 10:5 : Salesforce Acquires Informatica For $8 Billion
• 10:5 : How to disable ACR on your TV (and why you shouldn’t wait to do it)
• 10:4 : The cost of compromise: Why password attacks are still winning in 2025
• 10:4 : Crooks use a fake antivirus site to spread Venom RAT and a mix of malware
• 10:4 : Zanubis in motion: Tracing the active evolution of the Android banking malware
• 10:4 : The Root of AI Hallucinations: Physics Theory Digs Into the ‘Attention’ Flaw
• 10:4 : Vulnerabilities in CISA KEV Are Not Equally Critical: Report
• 10:4 : Adidas Customer Data Stolen in Third-Party Attack
• 9:32 : New Phishing Campaign Uses DBatLoader to Drop Remcos RAT: What Analysts Need to Know
• 9:32 : $223 Million Stolen in Cetus Protocol Hack
• 9:5 : MATLAB, Serving Over 5 Million Users, Hit by Ransomware Attack
• 9:5 : Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks
• 9:5 : INE Security Partners with RedTeam Hacker Academy to Elevate Cybersecurity Expertise in the Middle East
• 9:4 : CISA Publishes SIEM & SOAR Implementation Guide Exclusively for Cybersecurity Executives
• 9:4 : Top Tools for Enterprise Security Monitoring
• 9:4 : Critical Firefox 0-Interaction libvpx Vulnerability Let Attackers Execute Arbitrary Code
• 9:4 : Uber’s Secret Management Platform – Scaling Secrets Security Across Multi-Cloud
• 9:4 : Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generator Websites
• 8:31 : CISA Publishes ICS Advisories Highlighting New Vulnerabilities and Exploits
• 8:31 : New Russian State Hacking Group Hits Europe and North America
• 8:5 : IT Security News Hourly Summary 2025-05-28 09h : 6 posts
• 8:2 : Chrome Security Patch Addresses High-Severity Vulnerabilities Enabling Code Execution
• 8:2 : Velvet Chollima APT Hackers Attacking Government Officials With Weaponized PDF
• 8:2 : INE Security and RedTeam Hacker Academy Announce Partnership to Advance Cybersecurity Skills in the Middle East
• 7:31 : MathWorks confirms ransomware attack, Adidas has data breach, Dutch intelligence warns of cyberattack
• 7:2 : Zero-Interaction libvpx Flaw in Firefox Allows Attackers to Run Arbitrary Code
• 7:2 : DragonForce double-whammy: First hit an MSP, then use RMM software to push ransomware
• 7:2 : Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
• 7:2 : Phishing Scams, DNS Hijacking, and Cybersecurity Leadership Shakeup
• 6:32 : Silver RAT Malware With New Anti-virus Bypass Techniques Executes Malicious Activities
• 6:31 : LogicGate brings risk management to individual business units
• 6:4 : Why data provenance must anchor every CISO’s AI governance strategy
• 5:31 : Security Trends Analysis – Emerging Risks for 2025
• 5:5 : IT Security News Hourly Summary 2025-05-28 06h : 2 posts
• 5:2 : GitHub becomes go-to platform for malware delivery across Europe
• 5:2 : Woodpecker: Open-source red teaming for AI, Kubernetes, APIs
• 4:32 : Hottest cybersecurity open-source tools of the month: May 2025
• 4:4 : Chrome Security Update – High-Severity Vulnerabilities Leads to Code Execution
• 4:4 : Cybercriminals Are Dividing Tasks — Why That’s a Big Problem for Cybersecurity Teams
• 2:31 : ASUS to chase business PC market with free AI, or no AI – because nobody knows what to do with it
• 2:2 : ISC Stormcast For Wednesday, May 28th, 2025 https://isc.sans.edu/podcastdetail/9468, (Wed, May 28th)
• 0:4 : Don’t click on that Facebook ad for a text-to-AI-video tool
• 23:5 : IT Security News Hourly Summary 2025-05-28 00h : 3 posts
• 23:4 : Anthropic Future-Proofs New AI Model With Rigorous Safety Rules
• 23:4 : Understanding the Cookie-Bite MFA Bypass Risk
• 22:55 : IT Security News Daily Summary 2025-05-27
• 22:31 : Security leaders lose visibility as consultants deploy shadow AI copilots to stay employed
• 22:31 : Introducing new regional implementations of Landing Zone Accelerator on AWS to support digital sovereignty
• 22:6 : DragonForce operator chained SimpleHelp flaws to target an MSP and its customers
• 22:6 : Zscaler to Acquire MDR Specialist Red Canary