IT Security News Daily Summary 2025-07-09

133 posts were published in the last hour

• 21:2 : What Is an 888 Area Code and Are Calls From It Safe?
• 20:34 : MSPs Under More Scrutiny From Customers on Cyber Than Ever
• 20:34 : Huntress and Microsoft Collaborate to Strengthen Cybersecurity for Businesses Worldwide
• 20:5 : IT Security News Hourly Summary 2025-07-09 21h : 7 posts
• 20:4 : Top 5 Remote-Access And RMM Tools Most Abused By Threat Actors
• 19:39 : McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Using the Password ‘123456’
• 19:39 : API Use is Growing Fast, but Security is Lacking: Raidiam
• 19:39 : Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
• 19:2 : SQL Injection Prevention: 6 Ways to Protect Your Stack
• 19:2 : Jack Dorsey says his ‘secure’ new Bitchat app has not been tested for security
• 18:34 : Someone used AI to impersonate a secretary of state – how to make sure you’re not next
• 18:34 : Nippon Steel Solutions suffered a data breach following a zero-day attack
• 18:34 : US sanctions alleged North Korean IT sweatshop leader
• 18:34 : Over 40 Malicious Crypto Wallet Extensions Found on Firefox Add-Ons Store
• 18:9 : Microsoft expands Zero Trust workshop to cover network, SecOps, and more
• 17:32 : Security log management tips and best practices
• 17:31 : AMD warns of new Meltdown, Spectre-like bugs affecting CPUs
• 17:5 : IT Security News Hourly Summary 2025-07-09 18h : 3 posts
• 17:2 : Did This Retail Giant Pay a Ransom to Scattered Spider?
• 16:34 : 200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in SureForms WordPress Plugin
• 16:34 : This open-source bot blocker shields your site from pesky AI scrapers – here’s how
• 16:34 : Palo Alto Networks Commitment to Europe
• 16:5 : Microsoft targets 130 vulnerabilities on July Patch Tuesday
• 16:5 : Reflectiz Now Available on the Datadog Marketplace
• 15:34 : Reframing investments in security as investments in the business
• 15:34 : United States Imposes Ban on Russian Bulletproof Hosting Provider
• 15:34 : North Korean Malware Targets Mac Users in Crypto Sector via Calendly and Telegram
• 15:3 : Incident response tabletop exercises: Guide and template
• 15:3 : Get your exhibit table at TechCrunch Disrupt 2025
• 15:3 : Chinese Hackers Exploit Microsoft Exchange Servers to Steal COVID-19 Research Data
• 15:3 : Microsoft 365 PDF Export LFI Vulnerability Allows Access to Sensitive Server Data
• 15:3 : Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions – Update Now
• 15:2 : VS Code Extension Weaponized With Two Lines of Code Leads to Supply Chain Attack
• 15:2 : Microsoft Patches Wormable RCE Vulnerability in Windows and Windows Server
• 15:2 : DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware
• 14:38 : Setting up Your Own Certificate Authority for Development: Why and How., (Wed, Jul 9th)
• 14:37 : Supply Chain Attack Unleashed via Compromised VS Code Extension
• 14:37 : Reflectiz Joins the Datadog Marketplace
• 14:37 : Axis Max Life Cyberattack: A Warning to the Indian Insurance Sector
• 14:5 : SparkKitty Malware Steals Photos from iOS and Android Devices
• 14:5 : June 2025 Malware Spotlight: Discord Exploits Lead to Rising Threats
• 14:5 : Red Hat introduces Enterprise Linux for Business Developers
• 14:5 : AlertMedia Incident Response improves coordination and visibility into resolving incidents
• 14:5 : Ransomware Attack Stops Nova Scotia Power Meter Readings
• 14:5 : IT Security News Hourly Summary 2025-07-09 15h : 6 posts
• 13:32 : Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server
• 13:32 : TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions
• 13:32 : Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates
• 13:31 : Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack
• 13:5 : FUNNULL Uses Amazon and Microsoft Cloud to Hide Malicious Infrastructure
• 13:5 : Can’t quit Windows 10? Here’s how to keep getting security updates after October 2025
• 13:4 : Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions – Update Now
• 13:4 : Train smarter, respond faster: Close the skill gaps in your SOC
• 12:34 : Millions of people spied on by malicious browser extensions in Chrome and Edge
• 12:34 : How To Automate Ticket Creation, Device Identification and Threat Triage With Tines
• 12:34 : U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme
• 12:34 : Microsoft Patch Tuesday: One Zero-Day and A Potential ‘Wormable’ Flaw
• 12:2 : Google Launches Advanced Protection for Vulnerable Users via Chrome on Android
• 12:2 : How to protect your cell phone number from SIM swap attacks
• 12:2 : Samsung Announces Security Improvements for Galaxy Smartphones
• 12:2 : Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)
• 11:40 : XwormRAT Hackers Leverage Code Injection for Sophisticated Malware Deployment
• 11:40 : Microsoft 365 PDF Export Feature Vulnerable to LFI – Sensitive Data at Risk
• 11:40 : Hackers Exploit IIS Machine Keys to Breach Organizations
• 11:40 : Yet Another Strava Privacy Leak
• 11:40 : FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code
• 11:39 : Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges
• 11:39 : SparkKitty Malware Attacking iOS and Android Device Users to Steal Photos From Gallery
• 11:39 : Qantas begins telling some customers that mystery attackers have their home address
• 11:39 : ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact
• 11:39 : The 2025 Verizon Data Breach Report: A Wake-Up Call for MSPs
• 11:5 : IT Security News Hourly Summary 2025-07-09 12h : 4 posts
• 11:2 : Why Financial Websites Should Treat Web Application Firewalls Like Insurance
• 11:2 : Hackers weaponize Shellter red teaming tool to spread infostealers
• 11:2 : Chinese State-Sponsored Hacker Charged Over COVID-19 Research Theft
• 10:39 : Server with Rockerbox Tax Firm Data Exposed 286GB of Records
• 10:39 : Windows BitLocker Vulnerability Lets Attackers Bypass Security Protections
• 10:39 : Anatsa Android Banking Malware Targets Users in the U.S. and Canada via Google Play
• 10:39 : Building Trust in the Digital Age
• 10:39 : New Android TapTrap Attack Let Malicious Apps Bypass Permission and Carry out Destructive Actions
• 10:39 : Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks
• 10:39 : Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking
• 10:38 : A Practical Guide to Building a Red Teaming Strategy for AI
• 10:38 : What is Zero Data Retention and Why it May Be the Future of Secure Automation
• 10:38 : Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks
• 10:38 : MacOS Infostealer AMOS Evolves with Backdoor for Persistent Access
• 9:39 : No thanks: Google lets its Gemini AI access your apps, including messages [updated]
• 9:39 : Privacy campaigners pour cold water on London cops’ 1,000 facial recognition arrests
• 9:39 : Ingram Micro restarts orders – for some – following ransomware attack
• 9:39 : Canadian Electric Utility Says Power Meters Disrupted by Cyberattack
• 9:3 : Ivanti, Fortinet, Splunk Release Security Updates
• 9:2 : 23andMe…and Everyone Else: All Eyes are on the Most Personal Data
• 8:35 : Patch Tuesday: Microsoft Addresses 137 Vulnerabilities, Including High-Severity SQL Server RCE
• 8:35 : Chinese Hacker Linked to Silk Typhoon Charged With Stealing COVID Data
• 8:34 : Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server
• 8:34 : M&S Chair Details Ransomware Attack, Declines to Confirm if Payment Was Made
• 8:5 : IT Security News Hourly Summary 2025-07-09 09h : 5 posts
• 7:35 : Splunk SOAR Addresses Vulnerabilities in Third-Party Packages – Update Now
• 7:35 : Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code
• 7:34 : 10 Best Secure Web Gateway Vendors In 2025
• 7:34 : Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network
• 7:34 : 10 Best Advanced Endpoint Security Tools – 2025
• 7:34 : Zenni ID Guard disrupts unwanted infrared facial tracking
• 7:34 : Barracuda protects Microsoft Entra ID environment from data loss
• 7:34 : Rubio Spoofed, RondoDox Botnet, Batavia Spyware
• 7:5 : FTC v. Meta and US v. Google: The Landmark Antitrust Lawsuits Shaping Big Tech
• 7:5 : Hugging Face just launched a $299 robot that could disrupt the entire robotics industry
• 7:4 : Iranian ransomware crew reemerges, promises big bucks for attacks on US or Israel
• 7:4 : Alleged Chinese State Hacker Wanted by US Arrested in Italy
• 7:4 : IPinfo boosts privacy detection capabilities with Residential Proxy Detection API
• 7:4 : AI Threats, Enterprise Security, and Google’s Confusing Gemini Release: Cybersecurity Today
• 6:35 : Splunk Enterprise Addresses Vulnerabilities in Bundled Third-Party Packages – Update Now
• 6:2 : FortiWeb SQL Injection Vulnerability Allows Attackers to Execute Malicious SQL Commands
• 6:2 : Citrix Windows Virtual Delivery Agent Vulnerability Lets Attackers Escalate to SYSTEM Privileges
• 5:33 : US Announces Arresting Chinese Hacker Linked to HAFNIUM Group
• 5:33 : Why your security team feels stuck
• 5:3 : Zoom for Windows Flaw Allows Attackers to Trigger DoS Attacks
• 5:3 : Chinese Hacker Linked to Silk Typhoon Charged with Stealing COVID Data
• 5:3 : Kanvas: Open-source incident response case management tool
• 5:2 : It’s time to give AI security its own playbook and the people to run it
• 4:31 : 6 eye-opening books on AI’s rise, risks, and realities
• 2:12 : ISC Stormcast For Wednesday, July 9th, 2025 https://isc.sans.edu/podcastdetail/9518, (Wed, Jul 9th)
• 2:12 : How to get free Windows 10 security updates through October 2026: Two ways
• 2:12 : How passkeys work: The complete guide to your inevitable passwordless future
• 2:5 : IT Security News Hourly Summary 2025-07-09 03h : 3 posts
• 1:8 : Microsoft Patch Tuesday, July 2025 Edition
• 0:37 : Twitter Co-Founder Launches Bitchat, a Security-Focused, Bluetooth Messaging App – No Internet Required
• 0:37 : Trust nothing, verify everything: Why the UK public sector must embrace Zero Trust
• 0:37 : Black Duck Sets New Standard with Polaris, First AppSec SaaS Hosted in Saudi Arabia
• 23:34 : Microsoft enjoys first Patch Tuesday of 2025 with no active exploits
• 23:5 : IT Security News Hourly Summary 2025-07-09 00h : 6 posts
• 22:55 : IT Security News Daily Summary 2025-07-08
• 22:4 : Chinese researchers unveil MemOS, the first ‘memory operating system’ that gives AI human-like recall