CERT/CC disclosed serious data exposure vulnerabilities in Workhorse Software used by hundreds of U.S. cities and towns. CERT Coordination Center (CERT/CC) at Carnegie Mellon University disclosed two serious data exposure flaws in an accounting application developed by Workhorse Software’s, and…
CISA Issues Four ICS Advisories on Vulnerabilities and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) released four critical Industrial Control Systems (ICS) advisories on August 19, 2025, alerting organizations to current security vulnerabilities and potential exploits affecting critical infrastructure systems. These advisories provide essential information for administrators and…
New Loader Malware Dubbed ‘QuirkyLoader’ Delivering Infostealers and RATs
A sophisticated new malware loader called QuirkyLoader has emerged as a significant cybersecurity threat, actively distributing well-known infostealers and remote access trojans (RATs) since November 2024. The malware has demonstrated remarkable versatility in delivering multiple payload families, including Agent Tesla,…
Google Announces New Capabilities for Enabling Defenders and Securing AI Innovation
Google Cloud has unveiled a comprehensive suite of security enhancements at its Security Summit 2025, marking a significant evolution in enterprise AI security frameworks. The technology giant’s latest announcements, delivered by VP and GM Jon Ramsey, focus on two critical…
New PromptFix Attack Tricks AI Browsers to Run Malicious Hidden Prompts
A new attack vector called PromptFix exploits AI-powered browsers by embedding malicious instructions within seemingly innocent web content. The attack represents an evolution of traditional ClickFix scams, specifically designed to manipulate agentic AI systems rather than human users. The research,…
Russian Hackers Exploiting 7-Year-Old Cisco Vulnerability to Collect Configs from Industrial Systems
A Russian state-sponsored cyber espionage group designated as Static Tundra has been actively exploiting a seven-year-old vulnerability in Cisco networking devices to steal configuration data and establish persistent access across critical infrastructure networks. The sophisticated threat actor, linked to Russia’s…
Critical Apache Tika PDF Parser Vulnerability Allow Attackers to Access Sensitive Data
A critical security vulnerability has been discovered in Apache Tika’s PDF parser module that could enable attackers to access sensitive data and trigger malicious requests to internal systems. The flaw, designated as CVE-2025-54988, affects multiple versions of the widely used…
Doppel Simulation combats social engineering attacks
Doppel announced Doppel Simulation, a new product and expansion to the Doppel Vision Platform that enables organizations to redefine security awareness training and social engineering penetration testing by mirroring today’s multi-channel and dynamic attacker behaviors. Informed by real-world threats and…
Apple zero-day patch, Jailbreaking ChatGPT-5 Pro, 7-year old Cisco Vulnerability exploited
A patch today keeps the zero-day away Jailbreaking ChatGPT-5 Pro The thing about vulnerabilities is they stay vulnerable Huge thanks to our sponsor, Conveyor It’s Thursday. Have you been personally victimized by a portal security questionnaire this week? Most solutions…
Don’t Forget The “-n” Command Line Switch, (Thu, Aug 21st)
A lot of people like the command line, the CLI, the shell (name it as you want) because it provides a lot of powerful tools to perform investigations. The best example is probably parsing logs! Even if we have SIEM…
Apple Confirms Critical 0-Day Under Active Attack – Immediate Update Urged
Apple has issued an emergency security update for iOS 18.6.2 and iPadOS 18.6.2 to address a critical zero-day vulnerability that the company confirms is being actively exploited in sophisticated attacks against targeted individuals. The update, released on August 20, 2025,…
Using lightweight LLMs to cut incident response times and reduce hallucinations
Researchers from the University of Melbourne and Imperial College London have developed a method for using LLMs to improve incident response planning with a focus on reducing the risk of hallucinations. Their approach uses a smaller, fine-tuned LLM combined with…
Critical Flaw in Apache Tika PDF Parser Exposes Sensitive Data to Attackers
A critical XML External Entity (XXE) vulnerability has been discovered in Apache Tika’s PDF parser module, potentially allowing attackers to access sensitive data and compromise internal systems. The flaw, tracked as CVE-2025-54988, affects a wide range of Apache Tika deployments…
Europol Says Qilin Ransomware Reward Fake
A $50,000 reward from Europol for two members of the Qilin ransomware group is a ‘scam’, according to the law enforcement agency. The post Europol Says Qilin Ransomware Reward Fake appeared first on SecurityWeek. This article has been indexed from…
Enterprise SSO for Schools: Simplifying Staff and Student Access
Discover how Enterprise SSO simplifies digital access for students and staff, cuts login frustration, and reduces IT load without compromising security or usability The post Enterprise SSO for Schools: Simplifying Staff and Student Access appeared first on Security Boulevard. This…
Fractional vs. full-time CISO: Finding the right fit for your company
In this Help Net Security interview, Nikoloz Kokhreidze, Fractional CISO at Mandos, discusses why many early- and growth-stage B2B companies hire full-time CISOs before it’s needed. He breaks down common founder misconceptions, explains the right approach to security leadership, and…
Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that…
PromptFix Exploit Forces AI Browsers to Execute Hidden Malicious Commands
Cybersecurity researchers have uncovered critical vulnerabilities in AI-powered browsers that allow attackers to manipulate artificial intelligence agents into executing malicious commands without user knowledge, introducing what experts are calling a new era of “Scamlexity” in digital security threats. The research,…
Product showcase: iStorage datAshur PRO+C encrypted USB flash drive
The iStorage datAshur PRO+C is a USB-C flash drive featuring AES-XTS 256-bit hardware encryption. Available in capacities from 32 GB to 512 GB, the drive holds FIPS 140-3 Level 3 certification and operates without the need for software, making it…
IT Security News Hourly Summary 2025-08-21 06h : 2 posts
2 posts were published in the last hour 4:2 : CISOs need to think about risks before rushing into AI 3:32 : Critical Apple 0-Day Vulnerability Actively Exploited in the Wild – Update Now
Ransomware Incidents Targeting Japan Increased by Approximately 1.4 Times
Japan experienced a significant surge in ransomware attacks during the first half of 2025, with incidents increasing by approximately 1.4 times compared to the same period in 2024. According to comprehensive research conducted by cybersecurity analysts, 68 ransomware cases affected…
Elastic Denies Serious Security Flaw in Its Defend Software
Elastic, the company known for its enterprise search and security products, has pushed back against recent claims of a serious vulnerability in its Defend endpoint detection and response (EDR) tool. The controversy began after a small cybersecurity group, AshES…
The End of Tribal Knowledge: Why Contextual Policy Is the Foundation for Agentic AI Development
For years, the challenge in software security and governance hasn’t been knowing what to do, but instead scaling that knowledge across fast-moving teams. At Sonatype, we invested heavily in solving that through contextual policy. Not just rules, but rules that…
URL-based threats become a go-to tactic for cybercriminals
Cybercriminals are using advanced social engineering and AI-generated content to make malicious URLs difficult for users to identify, according to Proofpoint. Whether through email, text messages, or collaboration apps, URL-based threats now dominate the cyber threat landscape. Attackers are not…