IT Security News Daily Summary 2025-06-24

172 posts were published in the last hour

• 21:34 : Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025​​
• 21:7 : Don’t panic, but it’s only a matter of time before critical ‘CitrixBleed 2’ is under attack
• 21:7 : Thousands of private camera feeds found online. Make sure yours isn’t one of them
• 21:7 : Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025​​
• 20:39 : Anthropic Did Not Violate Authors’ Copyright, Judge Rules
• 20:38 : SparkKitty Spyware on App Store and Play Store, Steals Photos for Crypto Data
• 20:38 : Generative AI and privacy are best frenemies – a new study ranks the best and worst offenders
• 20:38 : Cybersecurity governance: A guide for businesses to follow
• 20:38 : NCSC Warns of SHOE RACK Malware Using DOH & SSH Protocol for Attacking Fortinet Firewalls
• 20:38 : New DRAT V2 Updates C2 Protocol Expands Functional Capabilities With Shell Command Execution
• 20:38 : Innovator Spotlight: Qualys
• 20:38 : Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware
• 20:38 : Why Every File Demands Sanitization
• 20:37 : LinuxFest Northwest: GNU/Linux Loves All
• 20:37 : Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025​​
• 20:37 : New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public
• 20:5 : IT Security News Hourly Summary 2025-06-24 21h : 6 posts
• 19:12 : Quick Password Brute Forcing Evolution Statistics, (Tue, Jun 24th)
• 19:12 : ControlID iDSecure On-Premises
• 19:11 : Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025​​
• 18:34 : The U.S. House banned WhatsApp on government devices due to security concerns
• 18:34 : Here’s Why Using SMS Two-Factor Authentication Codes Is Risky
• 18:34 : Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025​​
• 18:5 : AT&T customer? You might get a cut of $177 million data breach settlement
• 18:5 : Multifactor authentication: 5 examples and strategic use cases
• 18:5 : Gonjeshke Darande Threat Actors Pose as Hacktivist Infiltrated Iranian Crypto Exchange
• 18:5 : New FileFix Attack Abuses Windows File Explorer to Execute Malicious Commands
• 18:4 : Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025​​
• 17:35 : OpenAI Removes Mention Of Jony Ive Partnership After Trademark Dispute
• 17:35 : Androxgh0st Botnet Expands Reach, Exploiting US University Servers
• 17:35 : Beware of fake SonicWall VPN app that steals users’ credentials
• 17:34 : Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025​​
• 17:5 : Waymo Partners Uber To Launch Atlanta Robotaxi Service
• 17:5 : Bank of America, Netflix, and Microsoft Hacked to Inject Fake Phone Numbers
• 17:5 : How to get Windows 10 extended security updates for free: 2 options
• 17:5 : Anton’s Security Blog Quarterly Q2 2025
• 17:5 : WhatsApp BANNED by House Security Goons — But Why?
• 17:5 : Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025​​
• 17:5 : IT Security News Hourly Summary 2025-06-24 18h : 21 posts
• 16:35 : Kali Linux 2025.1c Fixes Key Issue, Adds New Tools and Interface Updates
• 16:35 : New DRAT V2 Update Enhances C2 Protocol with Shell Command Execution Capabilities
• 16:35 : CISA Releases Eight Industrial Control Systems Advisories
• 16:35 : Delta Electronics CNCSoft
• 16:35 : Kaleris Navis N4 Terminal Operating System
• 16:34 : Schneider Electric Modicon Controllers
• 16:34 : Parsons AccuWeather Widget
• 16:34 : Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025​​
• 16:34 : Lessons from Helsinki: NCSC-FI’s Role in Mitigating a Major Data Breach
• 16:3 : Amazon To Invest £40 Billion In UK, Campaigners Warn Of Data Centre Consumption
• 16:3 : Kubernetes Admission Controllers: Your First Line of Defense
• 16:3 : Threat Actors Abuse ConnectWise Configuration to Build a Signed Malware
• 16:3 : Google Cloud Donates A2A Protocol to Linux Foundation Enables Secure, Intelligent Communication
• 16:3 : Zimbra Classic Web Client Vulnerability Let Attackers Execute Arbitrary JavaScript
• 16:3 : Facebook, Netflix, Microsoft Hijacked to Insert Fake Phone Number
• 16:3 : 2,000+ Devices Hacked Using Weaponized Social Security Statement Themes
• 16:3 : AutoPwnKey – AV Evasion via Simulated User Interaction
• 16:3 : The Hidden Front: Iran, Cyber Warfare, and the Looming Threat to U.S. Critical Infrastructure
• 16:3 : Application and API Security Can’t Rely Solely on Perimeter Defenses or Scanners | Notes on Gartner AppSec Research | Contrast Security
• 16:2 : Malware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards
• 15:35 : How CISOs became the gatekeepers of $309B AI infrastructure spending
• 15:34 : Integrated Threat Management: A Unified Strategy for Modern Business Security
• 15:34 : Linux Foundation launches Agent2Agent, a protocol that enables agentic AI interoperability
• 15:5 : Cryptominers? Anatomy: Shutting Down Mining Botnets
• 15:5 : TLDR* May Work for EULAs But Your Contracts?
• 15:5 : Gonjeshke Darande Hackers Pose as Activists to Infiltrate Iranian Crypto Exchange
• 15:5 : AI/ML Big Data-Driven Policy: Insights Into Governance and Social Welfare
• 15:5 : The vulnerability management gap no one talks about
• 15:5 : The Security Fallout of Cyberattacks on Government Agencies
• 15:5 : Mclaren Health Care Data Breach Impacts Over 743,000 Patients
• 14:35 : CitrixBleed 2: Electric Boogaloo — CVE-2025–5777
• 14:35 : Threat Actors Exploit ConnectWise Configuration to Create Signed Malware
• 14:35 : Over 2,000 Devices Compromised by Weaponized Social Security Statement Phishing Attacks
• 14:35 : What is residual risk? How is it different from inherent risk?
• 14:35 : What is pure risk?
• 14:35 : What is risk avoidance?
• 14:34 : Critical Convoy Vulnerability Let Attackers Execute Remote Code on Affected Servers
• 14:34 : Targeted Cyber Threat Disrupts Washington Post Newsroom Operations
• 14:34 : Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers
• 14:34 : Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue
• 14:5 : IT Security News Hourly Summary 2025-06-24 15h : 12 posts
• 14:4 : Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent
• 14:4 : Weaponized DMV-Themed Phishing Scam Targets U.S. Citizens to Steal Personal and Financial Data
• 14:4 : Dissecting a Malicious Havoc Sample
• 14:4 : DataKrypto and Tumeryk Join Forces to Deliver World’s First Secure Encrypted Guardrails for AI LLMs and SLMs
• 14:4 : ManageEngine helps MSPs manage day-to-day operations
• 14:3 : Barracuda Managed Vulnerability Security identifies and prioritizes vulnerabilities
• 13:37 : Zimbra Classic Web Client Vulnerability Allows Arbitrary JavaScript Execution
• 13:37 : EagleSpy v5 RAT Promoted by Hacker for Stealthy Android Access
• 13:37 : Want a free VPN? How to use ProtonVPN on Android without having to pay
• 13:37 : Russia-linked APT28 use Signal chats to target Ukraine official with malware
• 13:37 : Xiaomi’s Interoperability App Vulnerability Let Hackers Gain Unauthorized Access to the Victim’s Device
• 13:36 : OPPO Clone Phone Weak WiFi Hotspot Exposes Sensitive Data
• 13:36 : Pro-Iranian Hacktivists Targeting US Networks Department of Homeland Security Warns
• 13:36 : Trends in Ransomware Attacks in Q3, 2024
• 13:36 : Siemens Notifies Customers of Microsoft Defender Antivirus Issue
• 13:5 : PDFguard: AI Engine Against Growing Threats in PDFs
• 13:5 : 75 million deepfakes blocked: Persona leads the corporate fight against hiring fraud
• 13:4 : 2 clever ways Android 16 guards your security – but you need to enable them
• 13:4 : US House bans WhatsApp from staff devices
• 13:4 : Fortifying Retail Security: Practical Steps to Prevent Cyberattacks
• 12:34 : UK May Compel Google To Change Search Rankings, Offer Alternatives
• 12:34 : Between Buzz and Reality: The CTEM Conversation We All Need
• 12:34 : Half of Security Pros Want GenAI Deployment Pause
• 12:7 : Unveiling Supply Chain Transformation: IIoT and Digital Twins
• 12:7 : Weaponized DMV-Themed Phishing Attacking U.S. Citizens to Harvest Personal and Financial Data
• 12:7 : Four REvil ransomware crooks walk free, escape gulag fate, after admitting guilt
• 12:7 : Trojanized SonicWall NetExtender app exfiltrates VPN credentials
• 12:7 : Reported Impersonation Scams Surge 148% as AI Takes Hold
• 11:36 : Google Cloud Donates A2A Protocol to Linux Foundation for Smarter, Secure Communication
• 11:36 : NCSC Warns of SHOE RACK Malware Targeting Fortinet Firewalls via DOH & SSH Protocols
• 11:36 : Critical Convoy Flaw Allows Remote Code Execution on Servers
• 11:36 : US bans WhatsApp from House of Representatives staff devices
• 11:36 : Here’s a Subliminal Channel You Haven’t Considered Before
• 11:5 : IT Security News Hourly Summary 2025-06-24 12h : 9 posts
• 11:3 : Amazon Launches Second Batch Of Project Kuiper Satellites
• 11:3 : DHS Warns of Pro-Iranian Hacktivists Targeting U.S. Networks
• 11:3 : OPPO Clone Phone Vulnerability Leaks Sensitive Data via Weak WiFi Hotspot
• 11:3 : OWASP AI Testing Guide – A New Project to Detect Vulnerabilities in AI Applications
• 11:3 : Aviatrix Cloud Controller Authentication Vulnerability Let Attackers Execute Remote Code
• 11:3 : Prometei Botnet Activity Spikes
• 11:3 : Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives
• 11:3 : Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network
• 10:35 : Revenge, Fame, and Fun: The Motives Behind Modern Cyberattacks
• 10:5 : North Korean Hackers Use Malicious Zoom Apps to Execute System-Takeover Attacks
• 10:5 : WinRAR Directory Vulnerability Allows Arbitrary Code Execution Using a Malicious File
• 10:5 : Sophisticated Malware Campaign Targets WordPress and WooCommerce Sites with Obfuscated Skimmers
• 10:5 : Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play
• 10:5 : Chinese APT Hacking Routers to Build Espionage Infrastructure
• 10:5 : Using AI to Identify Patterns in Vishing Attempts
• 10:5 : High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)
• 10:5 : APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
• 10:4 : U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues
• 9:32 : LapDogs Hackers Compromise 1,000 SOHO Devices Using Custom Backdoor for Stealthy Attacks
• 9:8 : Advanced Malware Campaign Targets WordPress and WooCommerce Sites with Hidden Skimmers
• 9:8 : WinRAR Vulnerability Let Execute Arbitrary Code Using a Malicious File
• 9:8 : Apple, Netflix, Microsoft Sites ‘Hacked’ for Tech Support Scams
• 9:7 : Unstructured Data Management: Closing the Gap Between Risk and Response
• 9:7 : NSFOCUS was Selected as a Representative Provider of Gartner® “Innovation Insight: Adversarial Exposure Validation in China”
• 9:7 : Common Good Cyber Fund launches to support nonprofits protecting the internet
• 9:7 : NCSC Urges Experts to Join Cyber Advisor Program
• 8:34 : Xiaomi Interoperability App Flaw Allows Unauthorized Access to User Devices
• 8:34 : OWASP Launches AI Testing Guide to Uncover Vulnerabilities in AI Systems
• 8:34 : I found a worthy Ring alternative in this video security camera (and it has no subscriptions)
• 8:34 : U.S. warns of incoming cyber threats following Iran airstrikes
• 8:34 : China-linked APT Salt Typhoon targets Canadian Telecom companies
• 8:6 : WhatsApp Banned on U.S. House Staffers Devices Due to Potential Security Risks
• 8:6 : North Korean Hackers Trick Users With Weaponized Zoom Apps to Execute System-Takeover Commands
• 8:5 : IT Security News Hourly Summary 2025-06-24 09h : 5 posts
• 7:34 : ‘Psylo’ browser tries to obscure digital fingerprints by giving every tab its own IP address
• 7:34 : Retaliatory Iranian cyberattacks, steel giant confirms breach, ransomware hits healthcare system again
• 7:2 : WinRAR Vulnerability Exploited with Malicious Archives to Execute Code
• 7:2 : ‘Psylo’ browser tries to obscure digital fingerprints by giving very tab its own IP address
• 7:2 : Cyber Intel Pros and Hobbyists Can Now Report Threats Anonymously
• 6:36 : Aviatrix Cloud Controller Flaw Enables Remote Code Execution via Authentication Bypass
• 6:36 : LapDogs Hackers Leverages 1,000 SOHO Devices Using a Custom Backdoor to Act Covertly
• 6:4 : New Echo Chamber Attack Breaks AI Models Using Indirect Prompts
• 6:4 : Why work-life balance in cybersecurity must start with executive support
• 5:32 : Notepad++ Vulnerability Allows Full System Takeover — PoC Released
• 5:32 : The real story behind cloud repatriation in 2025
• 5:31 : Reconmap: Open-source vulnerability assessment, pentesting management platform
• 5:5 : IT Security News Hourly Summary 2025-06-24 06h : 2 posts
• 4:34 : Cybersecurity jobs available right now: June 24, 2025
• 3:36 : Notepad++ Vulnerability Let Attacker Gain Complete System Control – PoC Released
• 3:36 : China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
• 2:6 : ISC Stormcast For Tuesday, June 24th, 2025 https://isc.sans.edu/podcastdetail/9502, (Tue, Jun 24th)
• 2:5 : IT Security News Hourly Summary 2025-06-24 03h : 1 posts
• 1:2 : Bulletproof Security Workflows with Grip’s Jira Integration
• 0:2 : Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department
• 23:5 : IT Security News Hourly Summary 2025-06-24 00h : 3 posts
• 22:55 : IT Security News Daily Summary 2025-06-23
• 22:32 : Salt Typhoon Targets Telecoms via Router Flaws, Warn FBI and Canada
• 22:32 : Heightened Cyber Threat from Iran Sparks Urgent Calls for Vigilance and Mitigation