A sophisticated new Android malware dubbed PhantomCard has emerged from the shadows of Brazil’s cybercriminal underground, representing a significant evolution in mobile banking threats. This malicious application leverages Near Field Communication (NFC) technology to create a seamless bridge between victims’…
New HTTP/2 MadeYouReset Vulnerability Enables Large-Scale DDoS Attacks
Security researchers have identified a new denial-of-service (DoS) vulnerability in HTTP/2 implementations, referred to as MadeYouReset (CVE-2025-8671). This discovery represents a notable escalation in the threats associated with web protocols. Publicly disclosed on August 13, 2025, this flaw allows attackers…
Threat Actors Attacking Windows Systems With New Multi-Stage Malware Framework PS1Bot
A sophisticated new malware campaign targeting Windows systems has emerged, employing a multi-stage framework dubbed “PS1Bot” that combines PowerShell and C# components to conduct extensive information theft operations. The malware represents a significant evolution in attack methodologies, utilizing modular architecture…
NFC fraud reappears, Canada government breach, Zoom’s critical flaw
New wave of NFC relay fraud, call hijacking, and root exploits in banking sector Canada’s House of Commons suffers cyberattack Zoom fixes critical Windows client flaw that could enable privilege escalation Huge thanks to our sponsor, Vanta Do you know…
Should UK.gov save money by looking for open source alternatives to Microsoft? You decide
As £9 billion MoU sparks debate about value for money, it’s time to have your say Register debate series It’s a lot of money, £9 billion ($12 billion). Especially for a government which finds itself — for whatever reason —…
How military leadership prepares veterans for cybersecurity success
In this Help Net Security interview, Warren O’Driscoll, Head of Security Practice at NTT DATA UK and Ireland, discusses how military leadership training equips veterans with the mindset, resilience, and strategic thinking needed to excel in cybersecurity. Drawing on habits…
HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks
Security researchers have disclosed a critical vulnerability in the HTTP/2 protocol that could enable massive distributed denial-of-service (DDoS) attacks, potentially affecting millions of web servers worldwide. The flaw, dubbed “MadeYouReset” and assigned CVE-2025-8671, was publicly disclosed on August 13, 2025,…
Cyber insurance market shows early signs of maturity
The cyber insurance market is entering a new phase of evolution and showing early signs of maturity, according to recent research from Arctic Wolf. Brokers and carriers are taking on different but connected roles to help customers get policies. Brokers…
300 Million In Crypto Fraud Funds Frozen: Cybersecurity Today
Cyber Crime Crackdown: $300 Million in Crypto Frozen, FBI Accounts Hacked, and Critical Microsoft Patches Released In this episode of Cybersecurity Today, host Jim Love covers major recent events in cybercrime and cybersecurity. Over $300 million in cryptocurrency tied to…
Obot MCP Gateway: Open-source platform to securely manage the adoption of MCP servers
Obot MCP Gateway is a free, open-source gateway that enables IT organizations to securely manage and scale adoption of Model Context Protocol (MCP) servers. MCPs are becoming the standard for how AI agents interface with real-world systems. Without a control…
Cisco Secure Firewall Vulnerability Lets Attackers Execute Remote Shell Commands
Cisco has disclosed a critical security vulnerability in its Secure Firewall Management Center software that could allow unauthenticated attackers to remotely execute shell commands with elevated privileges. The flaw, tracked as CVE-2025-20265, carries a maximum CVSS score of 10.0 and…
Fighting fraud with AI: The new identity security playbook
In this Help Net Security video, Hal Lonas, CTO at Trulioo, talks about the rise of synthetic identity fraud and how it’s quickly becoming one of the biggest threats in financial crime. He breaks down how fraudsters are using generative…
IT Security News Hourly Summary 2025-08-15 06h : 2 posts
2 posts were published in the last hour 4:4 : New infosec products of the week: August 15, 2025 3:33 : Threat Actors Personalize Phishing Attacks With Advanced Tactics for Malware Delivery
Employees race to build custom AI apps despite security risks
The latest Netskope findings show a 50% increase in GenAI platform usage among enterprise end-users, driven by growing employee demand for tools to develop custom AI applications and agents. Top LLM interfaces by percentage in organizations (source: Netskope) Despite an…
Cisco Secure Firewall Vulnerability Allows Hackers to Inject Remote Shell Command Injection
Cisco has disclosed a critical security vulnerability in its Secure Firewall Management Center (FMC) Software that could allow unauthenticated attackers to execute arbitrary shell commands with high-level privileges remotely. The vulnerability, tracked as CVE-2025-20265 and assigned the maximum CVSS score…
New infosec products of the week: August 15, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Brivo, Envoy, Prove, Rubrik, and Trellix. Rubrik Agent Rewind enables organizations to undo mistakes made by agentic AI Agent Rewind, powered by Predibase AI infrastructure,…
Threat Actors Personalize Phishing Attacks With Advanced Tactics for Malware Delivery
Cybercriminals are increasingly leveraging personalization tactics to enhance the effectiveness of their malware-delivery phishing campaigns, with threat actors customizing subject lines, attachment names, and embedded links to create a false sense of authenticity and urgency. This sophisticated approach represents a…
IT Security News Hourly Summary 2025-08-15 03h : 5 posts
5 posts were published in the last hour 1:3 : Hackers exploit Microsoft flaw to breach Canada ’s House of Commons 1:2 : MailSniper – PowerShell Tool for Exchange Mailbox Search and Credential Discovery 0:32 : SNI5GECT: Sniffing and Injecting…
ISC Stormcast For Friday, August 15th, 2025 https://isc.sans.edu/podcastdetail/9572, (Fri, Aug 15th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, August 15th, 2025…
The Cost of NYDFS Cybersecurity Noncompliance: What You Need to Know in 2025
The New York State Department of Financial Services (NYDFS) has long been a leader in setting cybersecurity standards for the financial services and insurance sectors. Under 23 NYCRR Part 500, regulated entities are required to implement a comprehensive cybersecurity program…
Hackers exploit Microsoft flaw to breach Canada ’s House of Commons
Hackers breached Canada ’s House of Commons, exploiting a recent Microsoft flaw, compromising data, according to CBC News. Threat actors reportedly breached Canada’s House of Commons by exploiting a recently disclosed Microsoft vulnerability. “The House of Commons and Canada’s cybersecurity…
MailSniper – PowerShell Tool for Exchange Mailbox Search and Credential Discovery
MailSniper PowerShell tool for Microsoft Exchange. Search mailboxes for passwords, network intel, and harvest usernames in red team operations. This article has been indexed from Darknet – Hacking Tools, Hacker News & Cyber Security Read the original article: MailSniper –…
SNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations, (Thu, Aug 14th)
As the world gradually adopts and transitions to using 5G for mobile, operational technology (OT), automation and Internet-of-Things (IoT) devices, a secure 5G network infrastructure remains critical. Recently, the Automated Systems SEcuriTy (ASSET) Research Group have released a new framework…
New FireWood Malware Attacking Linux Systems to Execute Commands and Exfiltrate Sensitive Data
A sophisticated new variant of the FireWood backdoor has emerged, targeting Linux systems with enhanced evasion capabilities and streamlined command execution functionality. This latest iteration represents a significant evolution of the malware family first discovered by ESET’s research team, which…