A critical security flaw in Libraesva ESG email security gateways has been identified and patched, allowing threat actors to execute arbitrary commands through specially crafted email attachments. The vulnerability, tracked as CVE-2025-59689, affects multiple versions of the popular email security…
European Airport Operations Disrupted by Ransomware
Passengers across Europe are facing another day of flight delays after a cyber-attack struck the company behind the check-in and boarding software used at many airports. London Heathrow, Brussels, Dublin and Berlin have been worst hit since Friday, when the…
EDR-Freeze, DeepMind persuasion, vendors exit ATT&CK
EDR-Freeze tool suspends security software DeepMind updates Frontier Safety Framework Major vendors withdraw from MITRE EDR Evaluations Huge thanks to our sponsor, Conveyor Security reviews don’t have to feel like a hurricane. Most teams are buried in back-and-forth emails and…
Apple Disables AirPods Live Translation In EU
Apple says it will not allow Live Translation to work for EU users as it criticises regulatory efforts forcing it to open up ecosystem This article has been indexed from Silicon UK Read the original article: Apple Disables AirPods Live…
Hackers Using SVG Files to Deliver Malicious Payloads
A recent malware campaign making the rounds in Latin America offers a stark example of how cybercriminals are evolving and finetuning their playbooks. Victims receive emails dressed up to look as though they come from trusted institutions, warning of lawsuits…
22.2 Tbps DDoS Attack Breaks Internet With New World Record
Cloudflare announced it had autonomously mitigated the largest distributed denial-of-service (DDoS) attack ever recorded. The hyper-volumetric attack peaked at an unprecedented 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps), setting a new and alarming benchmark for…
Libraesva ESG Vulnerability Allows Attackers to Execute Malicious Commands
A critical command injection vulnerability in Libraesva ESG email security gateways has been discovered, allowing attackers to execute arbitrary commands through specially crafted compressed email attachments. The vulnerability, designated CVE-2025-59689, affects versions starting from 4.5 and has already been exploited…
Hackers Exploit GitHub Notifications to Launch Phishing Attacks
Cybersecurity researchers have uncovered a new phishing campaign that exploits GitHub’s official notification system to deliver malicious links and credential-stealing payloads. By capitalizing on the trust that open-source contributors place in GitHub’s communication channels, cybercriminals are able to bypass traditional…
EV charging biz zaps customers with data leak scare
Names, emails unplugged in DCS support snafu – but ‘billing is safe’ An electric vehicle charging point provider is telling users that their data may be compromised, following a recent security “incident” at a service provider.… This article has been…
Cybercriminals are going after law firms’ sensitive client data
Regardless of their size, all law firms hold valuable data, including client communications, financial records, and confidential legal strategies. That data has never been more at risk. Cybercriminals are targeting law firms by exploiting vulnerabilities, weak passwords, outdated systems, and…
Fake Job Offers Used to Deliver Advanced Malware Targeting Job Seekers
Iranian threat actors are exploiting job seekers’ aspirations through sophisticated fake recruitment campaigns designed to deploy advanced malware across Europe’s critical infrastructure sectors. The attack methodology demonstrates remarkable operational security and state-sponsored tradecraft characteristics. Nimbus Manticore, also known as UNC1549…
Windows 11 24H2 KB5064081 Update Causes Video Playback Issues
Microsoft’s latest Windows 11 update is causing significant problems for users trying to play protected video content. The KB5064081 update, released on August 29, 2025, has disrupted video playback functionality across multiple applications, leaving users frustrated with black screens and…
Review: Practical Purple Teaming
Practical Purple Teaming is a guide to building stronger collaboration between offensive and defensive security teams. The book focuses on how to design and run effective purple team exercises that improve detection and response and strengthen trust between teams. About…
Top 10 Best Supply Chain Risk Management Solutions in 2025
In today’s rapidly evolving global market, supply chain risk management has become more crucial than ever before. Organizations face risks like geopolitical issues, market unpredictability, compliance challenges, supplier failures, and even cyber threats. To maintain resilience, companies must adopt robust…
Gartner: Preemptive cybersecurity to dominate 50% of security spend by 2030
By 2030, preemptive cybersecurity solutions will account for 50% of IT security spending, up from less than 5% in 2024, replacing standalone detection and response (DR) solutions as the preferred approach to defend against cyberthreats, according to Gartner. Preemptive security…
High-impact IT outages cost businesses $2 million per hour
The financial stakes of downtime are climbing, and IT leaders are being pushed to rethink how they monitor complex systems. According to the 2025 Observability Forecast from New Relic, the median cost of a high-impact outage has reached $2 million…
ISC Stormcast For Tuesday, September 23rd, 2025 https://isc.sans.edu/podcastdetail/9624, (Tue, Sep 23rd)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, September 23rd, 2025…
Cybersecurity jobs available right now: September 23, 2025
Application Security Engineer PayPal | USA | On-site – View job details As an Application Security Engineer, you will apply security best practices to enhance and optimize systems, ensuring protection and efficiency, while beginning to understand and align security solutions…
Microsoft DCU’s Takedown of RaccoonO365
When I saw the name of the Microsoft Digital Crime Unit’s latest target, “RaccoonO365” I probably reacted to it differently than most. With the help of a friend in Lagos, we’ve been watching the money launderers and things have reached…
Anton’s Security Blog Quarterly Q3 2025
Amazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast…
Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign
SEO poisoning campaign “Operation Rewrite” uses a malicious IIS module called BadIIS to redirect users to unwanted websites. The post Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign appeared first on Unit 42. This…
Microsoft DCU’s Takedown of RaccoonO365
When I saw the name of the Microsoft Digital Crime Unit’s latest target, “RaccoonO365” I probably reacted to it differently than most. With the help of a friend in Lagos, we’ve been watching the money launderers and things have reached…
How to accelerate security finding reviews using automated business context validation in AWS Security Hub
Security teams must efficiently validate and document exceptions to AWS Security Hub findings, while maintaining proper governance. Enterprise security teams need to make sure that exceptions to security best practices are properly validated and documented, while development teams need a…
Jeep and Dodge Parent Company Stellantis Confirms Customer Data Breach
Stellantis, parent of Jeep, Chrysler, Dodge and FIAT, confirms data breach through third-party vendor. Contact info exposed, financial data not affected. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original…