Russia is planning to make a “national messenger” as an alternative to social media apps like WhatsApp and Telegram. Max, a messenger app released earlier this year by the tech giant VK and supported by state media campaigns, seems to…
Pi-hole Data Breach Exposes Donor Names and Emails via GiveWP Plugin Vulnerability
Pi-hole, a well-known network-level ad-blocker, has confirmed that a security flaw in the GiveWP WordPress donation plugin exposed donor names and email addresses. Pi-hole functions as a DNS sinkhole, blocking unwanted content before it reaches users’ devices. Originally built…
Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems
Cybersecurity researchers have uncovered a jailbreak technique to bypass ethical guardrails erected by OpenAI in its latest large language model (LLM) GPT-5 and produce illicit instructions. Generative artificial intelligence (AI) security platform NeuralTrust said it combined a known technique called…
The Future of API Security Reviews
As organizations increasingly rely on application programming interfaces (APIs) to facilitate communication and data exchange between software systems, these “gates” become primary targets for attackers. Businesses that fail to put… The post The Future of API Security Reviews appeared first…
WinRAR Zero-Day CVE-2025-8088 Exploited to Spread RomCom Malware
Critical WinRAR flaw CVE-2025-8088 exploited by Russia-linked hackers to spread RomCom malware, update to version 7.13 now to… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: WinRAR Zero-Day…
SonicWall VPN Zero-Day Vulnerability Suspected Amid Rising Ransomware Attacks
Virtual Private Networks (VPNs) have recently been in the spotlight due to the U.K.’s Online Safety Act, which requires age verification for adult content websites. While many consumers know VPNs as tools for bypassing geo-restrictions or securing public Wi-Fi…
Android adware: What is it, and how do I get it off my device?
Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here’s what to do. This article has been indexed from WeLiveSecurity Read the original article: Android adware: What is it, and how do…
Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?
A sky-high premium may not always reflect your company’s security posture This article has been indexed from WeLiveSecurity Read the original article: Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?
IT Security News Hourly Summary 2025-08-09 15h : 5 posts
5 posts were published in the last hour 13:4 : ReVault! When your SoC turns against you… deep dive edition 13:4 : SMBs Know the Risks, So Why Are Cybercriminals Still Winning? 13:3 : ChatGPT Connectors ‘0-click’ Vulnerability Let Attackers…
How Secure Code Review Strengthen Web Apps Security?
Twitter recently suffered a data breach due to misconfigured settings in its application programming interface (API). As a result, hackers accessed the personal data of 5.4 million users and leaked it on an online forum. The stolen data was later…
ReVault! When your SoC turns against you… deep dive edition
Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. This article has been indexed from Cisco Talos Blog Read the original article: ReVault! When your SoC…
SMBs Know the Risks, So Why Are Cybercriminals Still Winning?
Cybercriminals are no longer primarily focused on large enterprises. They now see small- and medium-sized businesses (SMBs) as prime targets because they lack the resources, expertise, and robust security measures… The post SMBs Know the Risks, So Why Are Cybercriminals…
ChatGPT Connectors ‘0-click’ Vulnerability Let Attackers Exfiltrate Data From Google Drive
A critical vulnerability in OpenAI’s ChatGPT Connectors feature allows attackers to exfiltrate sensitive data from connected Google Drive accounts without any user interaction beyond the initial file sharing. The attack, dubbed “AgentFlayer,” represents a new class of zero-click exploits targeting…
Cybercrime Group Claims Theft of MailChimp Client Data
The Russian-speaking cybercrime group Everest says it has stolen a large trove of data from email marketing giant Mailchimp, but the company has denied any evidence of a security incident. Everest announced the alleged breach on its dark web…
BlackSuit Ransomware Capabilities Undermined by Targeted Server Takedown
With the help of U.S Immigration and Customs Enforcement’s Homeland Security Investigations (HSI), as well as domestic and international law enforcement agencies, U.S Immigration and Customs Enforcement’s Homeland Security Investigations has dismantled the backbone of the BlackSuit ransomware group,…
5 iOS 26 features that made updating my iPhone worthwhile (and how to try them)
iOS 26 is out in both developer and public beta, bringing a slew of exciting new features and upgrades. Here are the ones I like best. This article has been indexed from Latest news Read the original article: 5 iOS…
IT Security News Hourly Summary 2025-08-09 12h : 4 posts
4 posts were published in the last hour 10:3 : Critical Linux Kernel Vulnerability Allows Attackers Gain Full Kernel-Level Control From Chrome Sandbox 10:3 : Over 28,000 Microsoft Exchange Servers Exposed Online to CVE-2025-53786 Vulnerability 9:34 : 3 portable power…
Multiple Zero-Day Exploits Discover That Bypass BitLocker, Exposing All Encrypted Data
Microsoft security researchers have uncovered four critical vulnerabilities in Windows BitLocker that could allow attackers with physical access to bypass the encryption system and extract sensitive data. The findings, revealed in research dubbed “BitUnlocker,” demonstrate sophisticated attack methods targeting the…
The US Court Records System Has Been Hacked
Plus: Instagram sparks a privacy backlash over its new map feature, hackers steal data from Google’s customer support system, and the true scope of the Columbia University hack comes into focus. This article has been indexed from Security Latest Read…
Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking
Researchers showed how flaws in a bus’ onboard and remote systems can be exploited by hackers for tracking, control and spying. The post Free Wi-Fi Leaves Buses Vulnerable to Remote Hacking appeared first on SecurityWeek. This article has been indexed…
#DEFCON: AI Cyber Challenge Winners Revealed in DARPA’s $4M Cybersecurity Showdown
The winners of the AI Cybersecurity Challenge (AIxCC), Team Atlanta, won a $4m prize This article has been indexed from www.infosecurity-magazine.com Read the original article: #DEFCON: AI Cyber Challenge Winners Revealed in DARPA’s $4M Cybersecurity Showdown
New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox Via Rare Linux Socket Feature
August 9, 2025 — A critical vulnerability in the Linux kernel, identified as CVE-2025-38236, has exposed a flaw that could allow attackers to escalate privileges from within the Chrome renderer sandbox on Linux systems. Google Project Zero researcher Jann Horn…
Critical Linux Kernel Vulnerability Allows Attackers Gain Full Kernel-Level Control From Chrome Sandbox
August 9, 2025: A severe security vulnerability in the Linux kernel, dubbed CVE-2025-38236, has been uncovered by Google Project Zero researcher Jann Horn, exposing a pathway for attackers ranging from native code execution within the Chrome renderer sandbox to full…
Over 28,000 Microsoft Exchange Servers Exposed Online to CVE-2025-53786 Vulnerability
The cybersecurity community faces a significant threat as scanning data reveals over 28,000 unpatched Microsoft Exchange servers remain exposed on the public internet, vulnerable to a critical security flaw designated CVE-2025-53786. This high-severity vulnerability, which carries a CVSS score of…