IT Security News Daily Summary 2025-07-02

148 posts were published in the last hour

• 21:4 : Navigating Heightened Cyber Risks from Iranian Threats
• 21:4 : CISA warns the Signal clone used by natsec staffers is being attacked, so patch now
• 21:3 : Openssl Release Announcement for 3.5.1, 3.4.2, 3.3.4, 3.2.5, and 3.0.17
• 20:32 : Cisco removed the backdoor account from its Unified Communications Manager
• 20:32 : Qwizzserial Android Malware as Legitimate Apps Steals Banking Data & Intercepts 2FA SMS
• 20:5 : IT Security News Hourly Summary 2025-07-02 21h : 8 posts
• 19:32 : Phishers built fake Okta and Microsoft 365 login sites with AI – here’s how to protect yourself
• 19:32 : Hackers Actively Attacking Linux SSH Servers to Deploy TinyProxy or Sing-box Proxy Tools
• 19:32 : North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign
• 18:34 : India’s Max Financial says hacker accessed customer data from its insurance unit
• 18:7 : Chinese Student Charged in Mass Smishing Campaign to Steal Victims’ Personal Information
• 18:7 : What is a message authentication code (MAC)? How it works and best practices
• 18:7 : A Group of Young Cybercriminals Poses the ‘Most Imminent Threat’ of Cyberattacks Right Now
• 18:7 : 23andMe’s new owner says your DNA is safe this time
• 18:7 : Silent Push, NordVPN Uncover Thousands of Brand-Spoofing Websites
• 18:7 : Ahold Delhaize Reports Major Data Breach Affecting Over 2 Million Employees in the U.S.
• 18:7 : Encryption Drops While Extortion-Only Attacks Surge
• 17:35 : Gamaredon Unleashes Six New Malware Tools for Stealth, Persistence, and Lateral Movement
• 17:35 : SAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite Refresh
• 17:35 : How to delete your 23andMe data ASAP (and why you should)
• 17:35 : New Email Bombing Detection in Office 365 to Detect Email Bombing Attacks
• 17:35 : AI Crawlers Reshape The Internet With Over 30% of Global Web Traffic
• 17:35 : Critical ModSecurity WAF Vulnerability Allows Denial of Service via Empty XML Tags
• 17:5 : IT Security News Hourly Summary 2025-07-02 18h : 6 posts
• 16:32 : Here’s Why Businesses Need to be Wary of Document-Borne Malware
• 16:7 : Blumira Identifies 824 Iranian Cyber Incidents Over 21 Months
• 16:7 : Concentric AI Expands Data Security Ambitions With Swift Security, Acante Acquisitions
• 16:7 : Android SMS Stealer Infects 100,000 Devices in Uzbekistan
• 15:35 : Qantas Confirms Major Data Breach Linked to Third-Party Vendor
• 15:35 : What is SIEM (security information and event management)?
• 15:9 : How to turn off ACR on your TV (and why it greatly enhances your viewing experience)
• 15:9 : Google Chrome hit by another serious security flaw – update your browser ASAP
• 15:9 : Security Teams Struggle to Keep Up With Generative AI Threats, Cobalt Warns
• 15:9 : AI Models Mislead Users on Login URLs
• 14:34 : Cybercriminals Use Malicious PDFs to Impersonate Microsoft, DocuSign, and Dropbox in Targeted Phishing Attacks
• 14:34 : Microservice Madness: Debunking Myths and Exposing Pitfalls
• 14:34 : What is quantum key distribution (QKD)?
• 14:34 : Hacked, leaked, exposed: Why you should never use stalkerware apps
• 14:34 : Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
• 14:34 : U.S. Sanctions Russia’s Aeza Group for aiding crooks with bulletproof hosting
• 14:33 : Microsoft Intune Admins Beware! Your Security Baseline Policy Tweaks are not Saved During Updates
• 14:33 : DCRAT Attack Windows to Remotely Control, Keylogging, Screen Capture and Steal Personal Files
• 14:33 : Microsoft Authenticator to Discontinue Password Support and Cease Operations by August 2025
• 14:33 : CISA Warns of TeleMessage TM SGNL Vulnerabilities Exploited in Attacks
• 14:33 : International Criminal Court Hit by New Sophisticated Cyber Attack
• 14:5 : Esse Health Data Breach Exposes Personal and Medical Information of 263,000 Patients
• 14:5 : From VPN to SASE: Enabling Hybrid Work Beyond Legacy Access
• 14:5 : How to install a smart lock on an existing deadbolt – and why this model is my top pick
• 14:5 : US imposes sanctions on second Russian bulletproof hosting vehicle this year
• 14:5 : IT Security News Hourly Summary 2025-07-02 15h : 12 posts
• 14:5 : Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response
• 13:38 : Agentic AI Is Here ? and It?s Shaping the Future of Bot Defense
• 13:38 : New macOS Malware Uses Process Injection and Remote Access to Steal Keychain Credentials
• 13:38 : US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’
• 13:13 : Blind Eagle Linked to Russian Host Proton66 in Latin America Attacks
• 13:13 : IDE Extensions Like VSCode Allow Attackers to Bypass Trust Checks and Deliver Malware to Developer Systems
• 13:13 : YONO SBI Banking App Vulnerability Exposes Users to Man-in-the-Middle Attack
• 13:13 : US drops sanctions on second Russian bulletproof hosting vehicle this year
• 13:13 : International Criminal Court Hit by Advanced Cyber Attack, No Major Damage
• 13:12 : Polymorphic Security Approaches for the Next Generation of Cyber Threats
• 12:35 : Microsoft Ends Authenticator App’s Password Management Support From 2025
• 12:35 : Office 365 Introduces New Mail Bombing Detection to Shield Users
• 12:35 : Hackers Target Linux SSH Servers to Deploy TinyProxy and Sing-Box Proxy Tools
• 12:35 : Cybersecurity M&A Roundup: 41 Deals Announced in June 2025
• 12:5 : Qantas hack results in theft of 6 million passengers’ personal data
• 12:5 : 97% of MSPs Still Use Excel. Here’s the Risk – With Kevin Lancaster
• 12:5 : U.S. Treasury Sanctioned Bulletproof Hosting Provider Used by Ransomware Operator Groups
• 12:5 : Anthropic MCP Inspector Tool Vulnerability Let Attackers Execute Arbitrary Code on Developer Machines
• 12:5 : Critical WordPress Plugin Vulnerability Exposes 600,000+ Sites to Remote Takeover
• 12:5 : 10 Best VPN Alternative Solutions In 2025
• 12:5 : YONO SBI Banking App Vulnerability Let Attackers Execute a Man-in-the-Middle Attack
• 12:5 : Qantas: Breach affects 6 million people, “significant” amount of data likely taken
• 11:36 : US Senate Eliminates State AI Restrictions In 99-1 Vote
• 11:36 : California Jury Finds Google Liable For $314.6m Data Payout
• 11:35 : Qantas confirms customer data breach amid Scattered Spider attacks
• 11:35 : Kelly Benefits Data Breach Impacts 550,000 People
• 11:35 : Report Finds LLMs Are Prone to Be Exploited by Phishing Campaigns
• 11:35 : Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
• 11:35 : That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat
• 11:7 : Verizon and T-Mobile Deny Data Breaches as Millions of User Records Sold Online
• 11:7 : International Criminal Court Hacked via Sophisticated Cyber Campaign
• 11:7 : Ubuntu Disables Spectre/Meltdown Protections
• 11:7 : Qantas data breach could affect 6 million customers
• 11:7 : Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign
• 11:5 : IT Security News Hourly Summary 2025-07-02 12h : 23 posts
• 10:34 : DCRat Targets Windows Systems for Remote Control, Keylogging, Screen Capture, and Data Theft
• 10:34 : CISA Issues Alert on TeleMessage TM SGNL Flaws Actively Exploited
• 10:34 : Infinity Global Services’ Pen Testing Achieves CREST-Accreditation
• 10:34 : Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover
• 10:33 : API Sprawl Can Trip Up Your Security, Big Time
• 10:5 : PDFs: Portable documents, or perfect deliveries for phish?
• 10:5 : Windows Shortcut (LNK) Malware Strategies
• 10:5 : Bots Now Account for 30% of Global Web Traffic, Surpassing Human Activity in Some Regions
• 10:5 : Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks
• 10:5 : U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware
• 10:4 : US Treasury Sanctions Russian Bulletproof Hosting Service Aeza Group
• 10:2 : Inside the Mind of the Ethical Hacker: Training Beyond Tools
• 9:36 : Baidu, Huawei Push Open-Source Shift With More AI Models
• 9:36 : Data-Labelling Firm Surge AI ‘Seeks $1bn’ In Funding Round
• 9:36 : CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025
• 9:36 : Your Agentic AI Governance Checklist: 7 Non-Negotiables to Fix Governance Blind Spots
• 9:36 : Dozens of Corporates Caught in Kelly Benefits Data Breach
• 9:7 : TikTok Opens E-Commerce Operations In Japan
• 9:6 : US Judge Says Huawei Must Face Criminal Trial
• 9:6 : FileFix Attack Exploits Windows Browser Loophole to Evade Mark-of-the-Web Security
• 9:6 : Australian Airline Qantas Hacked – Attackers Gained Access to Customers Personal Data
• 9:6 : Chinese Houken Group Exploits Ivanti CSA Zero-Days to Install Linux Rootkits
• 9:6 : Nessus Vulnerabilities on Windows Enables Arbitrary System File Overwrites
• 9:6 : Microsoft Intune Update Wipes Custom Security Baseline Tweaks – Admins Alerted
• 9:6 : U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog
• 9:5 : TA829 Hackers Employs New TTPs and Upgraded RomCom Backdoor to Evade Detections
• 9:5 : FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection
• 9:5 : UK eyes new laws as cable sabotage blurs line between war and peace
• 9:5 : Qantas Data Breach Impacts Up to 6 Million Customers
• 9:5 : Cyberattack Targets International Criminal Court
• 9:5 : CISA Warns of Two Exploited TeleMessage Vulnerabilities
• 9:5 : How Monitoring Users’ Holistic Digital Identities Can Help Businesses Eliminate Cybercriminals’ Greatest Advantage
• 9:5 : Guiding Global Teams: Fostering Compliance and Creativity
• 9:4 : Qantas Reveals “Significant” Contact Center Data Breach
• 8:5 : IT Security News Hourly Summary 2025-07-02 09h : 8 posts
• 7:38 : Cloudflare To Block AI Crawlers By Default
• 7:38 : ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits
• 7:38 : ESET Threat Report H1 2025: Key findings
• 7:38 : Google issues Chrome security update, ICC targeted by new attack, Microsoft nixes Authenticator password management
• 7:4 : Does U.S. traffic control still use floppy disks?
• 7:4 : Top 6 Passwordless Authentication Solutions
• 7:4 : Vercel’s v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale
• 6:36 : U.S. Treasury Sanctions Bulletproof Hosting Firm Fueling Ransomware Campaigns
• 6:36 : Over 600K WordPress Sites at Risk Due to Critical Plugin Vulnerability
• 6:36 : Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines
• 6:35 : Scamnetic KnowScam 2.0 helps consumers detect every type of scam
• 6:35 : Exabeam Nova Advisor Agent equips security leaders with a real-time strategic planning engine
• 6:2 : Cybersecurity essentials for the future: From hype to what works
• 5:40 : Anthropic MCP Inspector Vulnerability Lets Hackers Run Arbitrary Code Remotely
• 5:40 : How FinTechs are turning GRC into a strategic enabler
• 5:6 : Product showcase: Protect your data with Apricorn Aegis Secure Key 3NXC
• 5:5 : Secretless Broker: Open-source tool connects apps securely without passwords or keys
• 5:5 : IT Security News Hourly Summary 2025-07-02 06h : 1 posts
• 4:8 : Scammers are trick­ing travelers into booking trips that don’t exist
• 3:5 : Model Context Protocol (MCP): Understanding security risks and controls
• 2:5 : Australian airline Qantas reveals data theft impacting six million customers
• 0:3 : Apple Confirms Some iOS 26 Features Will Not Launch in the EU
• 0:3 : Apple’s Surprising AI Strategy for Siri Reportedly Includes OpenAI or Anthropic
• 23:5 : IT Security News Hourly Summary 2025-07-02 00h : 2 posts
• 23:2 : ICEBlock, an app for anonymously reporting ICE sightings, goes viral overnight after Bondi criticism
• 23:2 : Rising star: Meet Dylan, MSRC’s youngest security researcher
• 22:55 : IT Security News Daily Summary 2025-07-01
• 22:32 : U.S. Target North Korean IT Worker Scams with Raids, Indictments