Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Rob Teel, CTO, Oklahoma Department of Commerce and Howard Holton, CEO, GigaOm Thanks to our show sponsor, Vanta Do you…
HybridPetya: More proof that Secure Boot bypasses are not just an urban legend
Although it hasn’t been seen in the wild yet A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked Windows systems, making it the fourth publicly…
Trusted Connections, Hidden Risks: Token Management in the Third-Party Supply Chain
Effective OAuth token management is crucial for supply chain security, preventing breaches caused by dormant integrations, insecure storage or lack of rotation. The post Trusted Connections, Hidden Risks: Token Management in the Third-Party Supply Chain appeared first on Unit 42.…
New Windows 11 Flaw Slips In Through Old Patch
A Microsoft fix introduced CVE-2025-53136, leaking kernel addresses in Windows 11/Server 2022. Learn risks and how to stay protected. The post New Windows 11 Flaw Slips In Through Old Patch appeared first on eSecurity Planet. This article has been indexed…
Operation Eastwood: Measuring the Real Impact on NoName057(16)
Introduction On July 16, 2025, Europol revealed the details of Operation Eastwood, a coordinated international strike against one of the most active pro-Russian cybercrime groups, NoName057(016). The announcement promised a major disruption to the group’s activities. In this blog, we…
IT Security News Hourly Summary 2025-09-13 00h : 18 posts
18 posts were published in the last hour 21:38 : Data Is the New Diamond: Latest Moves by Hackers and Defenders 21:38 : AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks 21:38 : ChatGPT just saved me 25% off…
Data Is the New Diamond: Latest Moves by Hackers and Defenders
Unit 42 delves into how cybercriminals are treating stolen data like digital diamonds amid rising attacks and evolving extortion tactics. The post Data Is the New Diamond: Latest Moves by Hackers and Defenders appeared first on Unit 42. This article…
AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks
AdaptixC2, an open-source C2 framework, is increasingly used in attacks. We discuss its features and potential use case scenarios. The post AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks appeared first on Unit 42. This article has been indexed…
ChatGPT just saved me 25% off my dinner tonight – here’s how
You can use free ChatGPT or ChatGPT Plus to look for copuon codes. But one trick gets the best results. This article has been indexed from Latest news Read the original article: ChatGPT just saved me 25% off my dinner…
The Hidden Threat: How Sensitive Information Leakage Puts Your Business at Risk
You Don’t Know What You Don’t Know – And That’s the Problem Picture this: Your development team has built a robust e-commerce platform. Your security team has implemented comprehensive protection measures. Your compliance team has checked all the boxes. Yet…
Enhancing AI Privacy: Federated Learning and Differential Privacy in Machine Learning
Privacy-preserving techniques are keeping your data safe in the age of AI. In particular, federated learning (FL) keeps data local, while differential privacy (DP) strengthens individual privacy. In this article, we will discuss challenges associated with this, practical tools, and…
This ‘critical’ Cursor security flaw could expose your code to malware – how to fix it
A feature being disabled by default could leave users and their organizations vulnerable to commands that run automatically. This article has been indexed from Latest news Read the original article: This ‘critical’ Cursor security flaw could expose your code to…
Your Powerbeats Pro 2 are getting a serious upgrade – but there’s a catch
Apple says it’s improved heart rate tracking features with Beats, which is great news for iPhone users, and not so much for Android fans. This article has been indexed from Latest news Read the original article: Your Powerbeats Pro 2…
FTC scrutinizes OpenAI, Meta, and others on AI companion safety for kids
Seven tech companies are under investigation, following recent reports of AI companions behaving badly. Here’s why. This article has been indexed from Latest news Read the original article: FTC scrutinizes OpenAI, Meta, and others on AI companion safety for kids
News brief: Salesloft Drift breach update and timeline
<p>Additional information has surfaced and new victims have come forward in the Salesloft Drift breach, which has affected more than 700 organizations globally.</p> <div class=”ad-wrapper ad-embedded”> <div id=”halfpage” class=”ad ad-hp”> <script>GPT.display(‘halfpage’)</script> </div> <div id=”mu-1″ class=”ad ad-mu”> <script>GPT.display(‘mu-1’)</script> </div> </div> <p>Salesloft…
AI-powered Pentesting Tool ‘Villager’ Combines Kali Linux Tools with DeepSeek AI for Automated Attacks
New AI-powered penetration testing framework Villager combines Kali Linux toolsets with DeepSeek AI models to fully automate cyber attack workflows. Initially developed by the Chinese-based group Cyberspike, this tool has rapidly gained traction since its July 2025 release on the…
Sidewinder Hacker Group Weaponizing LNK File to Execute Malicious Scripts
The notorious APT-C-24 threat actor group, commonly known as Sidewinder or Rattlesnake, has evolved its attack methodology by deploying sophisticated LNK file-based phishing campaigns targeting government, energy, military, and mining sectors across South Asia. Active since 2012, this advanced persistent…
All your vulns are belong to us! CISA wants to maintain gov control of CVE program
Get ready for a fight over who steers the global standard for vulnerability identification The Cybersecurity and Infrastructure Security Agency (CISA) nearly let the Common Vulnerabilities and Exposures (CVE) program lapse earlier this year, but a new “vision” document it…
Samsung fixes Android 0-day that may have been used to spy on WhatsApp messages
A similar vuln on Apple devices was used against ‘specific targeted users’ Samsung has fixed a critical flaw that affects its Android devices – but not before attackers found and exploited the bug, which could allow remote code execution on…
Fridges, AI, and the Hidden Cost of Convenience
There’s an old story about a village that finally got electricity. Everyone bought fridges. A few months later, the elders gathered and suggested the unthinkable… “get rid of them!” Before the fridges, leftover food was shared. No one went to…
Randall Munroe’s XKCD ‘Dual Roomba’
via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Dual Roomba’ appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Randall Munroe’s…
The Top 5 DevOps Automation Tools .NET Developers Should Know
Master DevOps automation with these 5 essential tools for .NET developers. Streamline CI/CD, code analysis, and database versioning for faster, more reliable deployments. The post The Top 5 DevOps Automation Tools .NET Developers Should Know appeared first on Security Boulevard.…
CISA Lays Out Roadmap for CVE Program’s ‘Quality Era’
Five months after the future of the CVE program was thrown in doubt, CISA this week released a roadmap that calls for steps to take for its new “quality era,” which includes public sponsorship, expanded public-private partnership, and modernization. The…
DEF CON 2025: The Modern Rogue Presents Speedrun with Josh Nass!
Creators, Authors and Presenters: The Modern Rogue (@ModernRogue) Presents Josh Nass (@HamRadioCrashCourse) Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference’s events located at the Las Vegas…