The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding active exploitation of a critical Linux kernel vulnerability, tracked as CVE-2023-0386, which has now been added to the Known Exploited Vulnerabilities (KEV) Catalog. This flaw, rooted in the…
Scattered Spider Targets US Insurance, Microsoft Zero-Day, Major Database Breach, and AI Poison Pill
In this episode, host Jim Love delves into recent cybersecurity threats and breakthroughs. The notorious Scattered Spider hacker group has shifted its focus to US insurance companies after attacking UK retailers earlier this year. Microsoft’s urgent security updates address active…
Google’s Gerrit Platform Flaw Exposes 18 Google Projects, Including ChromiumOS, to Hackers
A critical vulnerability, dubbed “GerriScary,” has been discovered in Google’s Gerrit code-collaboration platform, putting at least 18 major Google projects—including ChromiumOS, Chromium, Dart, and Bazel—at risk of unauthorized code submissions by hackers. This flaw, uncovered by Tenable Cloud Research, highlights…
Threat Actors Attacking Windows System With New Winos 4.0 Malware
A sophisticated threat campaign targeting Windows systems has emerged, leveraging a new strain of malware known as winos 4.0 to compromise organizations across Taiwan. The attack, which has been active since January 2025, demonstrates the evolving tactics of cybercriminals who…
Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security
As applications become more distributed, traditional monitoring and security tools are failing to keep pace. This article explores how eBPF, when utilized by the graduated CNCF Cilium and its sub-project Tetragon, combined with Software Bills of Materials (SBOMs), can provide…
Kusari Inspector improves supply chain security
Kusari unveiled Kusari Inspector, an AI-based pull request security tool that brings cutting-edge security risk analysis directly into developers’ daily workflows. In Kusari Inspector, Kusari has brought together a powerful combination of industry standards, AI, and dependency graph analysis, to…
Dashlane’s AI model alerts businesses to phishing risks
Dashlane introduced AI phishing alerts, an advancement to the Dashlane Omnix platform that protects enterprises and users against threats targeting user credentials. Trained by Dashlane on both legitimate and phishing sources, the new innovation detects and alerts users to phishing…
Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict
Iran has throttled internet access in the country in a purported attempt to hamper Israel’s ability to conduct covert cyber operations, days after the latter launched an unprecedented attack on the country, escalating geopolitical tensions in the region. Fatemeh Mohajerani,…
Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions. The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out…
Citrix NetScaler ADC & Gateway Flaws Expose Sensitive Data to Hackers
Two critical vulnerabilities have been discovered in Citrix NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), potentially exposing sensitive data to hackers and putting enterprise networks at significant risk. The flaws, identified as CVE-2025-5349 and CVE-2025-5777, have…
Veeam Vulnerabilities Expose Backup Servers to Remote Attacks
Veeam, a leading provider of data protection and backup solutions, disclosed three critical vulnerabilities affecting its widely deployed backup software. These flaws—assigned CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287—could allow attackers to execute code remotely or escalate privileges, posing significant risks to organizations…
35 open-source security tools to power your red team, SOC, and cloud security
This article showcases free, open-source security tools that support your organization’s teams in red teaming, threat hunting, incident response, vulnerability scanning, and cloud security. Autorize: Burp Suite extension for automatic authorization enforcement detection Autorize is an open-source Burp Suite extension…
Scattered Spider New Target: US Insurance Giants Under Cyber Attack
Google’s Threat Intelligence Group (GTIG) has issued a significant warning indicating that the notorious threat actor, Scattered Spider… The post Scattered Spider New Target: US Insurance Giants Under Cyber Attack appeared first on Hackers Online Club. This article has been…
Beyond Playbooks and AI Agents: Embracing Persistent, Autonomous Security Operations
Why traditional SOC playbooks and AI agents fall short. Learn how Morpheus AI delivers autonomous security operations without the complexity. The post Beyond Playbooks and AI Agents: Embracing Persistent, Autonomous Security Operations appeared first on D3 Security. The post Beyond…
AI is changing cybersecurity roles, and entry-level jobs are at risk
Will humans remain essential in cybersecurity, or is AI set to take over? According to Wipro, many CISOs are leveraging AI to improve threat detection and response times and to build enhanced incident response capabilities. What’s changing AI systems can…
IT Security News Hourly Summary 2025-06-18 06h : 1 posts
1 posts were published in the last hour 3:35 : Gendaten: Britische Datenschutzstrafe für 23andme
From cleaners to creepers: The risk of mobile privilege escalation
In this Help Net Security video, Nico Chiaraviglio, Chief Scientist at Zimperium, explores how Android apps can be abused to escalate privileges, giving attackers access to sensitive data and system functions. Drawing on Zimperium’s recent research, he breaks down two…
Achtstellige Passwörter unzureichend: Datenschutzstrafe für Genfirma 23andme
2023 wurden fast 7 Millionen Datensätze von Kunden 23andmes im Darknet feilgeboten. Großbritannien verhängt eine Millionenstrafe. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Achtstellige Passwörter unzureichend: Datenschutzstrafe für Genfirma 23andme
Web Application Security Report 2025 – Evolving Threats, Strategies, and Best Practices
Introduction Web applications are the backbone of modern organizations, enabling digital transformation, customer engagement, and business operations. However, rapid development cycles, complex cloud environments, and increasingly sophisticated threats expose critical security gaps. Weak access controls, insufficient visibility, and delayed threat…
Your Backup System Is Your Biggest Security Blind Spot
The cybersecurity industry has made tremendous strides in protecting organizations from external threats. Zero Trust architecture, advanced endpoint detection, and AI-powered threat hunting have become standard components of the modern security stack. Yet despite these investments, many organizations remain vulnerable…
Securing the Gaps: Firewalls in a Hybrid Cloud World
Hybrid cloud has fundamentally changed how systems are built—but how we secure them hasn’t evolved at the same pace. The illusion that a firewall can “secure the edge” is still baked into most architectures, even though there’s no meaningful edge…
A New Breed of Ransomware Threatens Total Data Destruction
Until now, most ransomware attacks have revolved around double or triple extortion tactics—where hackers not only encrypt the victim’s data but also steal it and threaten to leak it publicly unless a ransom is paid. However, a new and even…
Trump administration set to waive TikTok sell-or-die deadline for a third time
Quick reminder: The law that banned the app is called ‘Protecting Americans from Foreign Adversary Controlled Applications Act’ The Trump administration is set to again waive the 2024 law that requires the made-in-China social network TikTok to either sell its…
Employees are using AI where they know they shouldn’t
Despite widespread anticipation about AI’s positive impact on workforce productivity, most employees feel they were overpromised on its potential, according to GoTo. In fact, 62% believe AI has been significantly overhyped. However, this is likely because employees aren’t making the…