Microsoft has announced significant enhancements to its .NET Bounty Program, introducing expanded coverage, streamlined award structures, and substantially increased financial incentives for security researchers. The updated program now offers maximum rewards of USD 40,000 for critical vulnerabilities affecting .NET and…
Over 17,000 SharePoint Servers Found Exposed Online — 840 Vulnerable to Active 0-Day Attacks
A significant cybersecurity crisis has emerged with the discovery of over 17,000 Microsoft SharePoint servers exposed to internet-based attacks, including 840 systems vulnerable to a critical zero-day vulnerability that Chinese threat actors are actively exploiting. The vulnerability, designated CVE-2025-53770 and…
CISA Releases Thorium: Open-Source Malware and Forensics Tool Now Public
The Cybersecurity and Infrastructure Security Agency (CISA) has made a significant contribution to the cybersecurity community by publicly releasing Thorium, a powerful open-source platform designed to revolutionize malware analysis and digital forensics operations. This announcement marks a major milestone in…
Review: CISA Certified Information Systems Auditor Practice Tests
CISA Certified Information Systems Auditor Practice Tests offers practical, domain-by-domain prep for the CISA exam, with hundreds of questions covering key objectives and real-world systems audit skills. About the authors Peter H. Gregory is a best-selling cybersecurity author, educator, keynote…
What attackers know about your company thanks to AI
In this Help Net Security video, Tom Cross, Head of Threat Research at GetReal Security, explores how generative AI is empowering threat actors. He breaks down three key areas: how GenAI lowers the technical barrier for attackers, enables highly convincing…
IT Security News Hourly Summary 2025-08-01 06h : 2 posts
2 posts were published in the last hour 4:3 : Infosec products of the month: July 2025 3:32 : Microsoft Authenticator won’t manage your passwords anymore – or most passkeys
Security gaps still haunt shared mobile device use in healthcare
Shared mobile devices are becoming the standard in hospitals and health systems. While they offer cost savings and workflow improvements, many organizations are still struggling to manage the security risks that come with them, according to Imprivata’s 2025 State of…
Ransomware Payment Bans: Prevention Strategy or Misguided Policy?
It’s no secret that ransomware is on the rise, as this escalation is echoed across numerous industry reports. The Verizon 2025 Data Breach Investigations Report (DBIR), for instance, starkly illustrates this reality, revealing that ransomware (with or without encryption) was…
Salt Security Unveils Salt Surface to Expose Hidden API Risks
API security company Salt Security has announced the launch of Salt Surface, a new capability integrated into its existing API Protection Platform. Salt Surface provides organisations with a comprehensive API attack surface assessment, delivering an attacker’s-eye view of their public-facing…
Infosec products of the month: July 2025
Here’s a look at the most interesting products from the past month, featuring releases from: Akeyless, At-Bay, Barracuda Networks, Bitdefender, Cynomi, Darwinium, DigitalOcean, Immersive, Lepide, Malwarebytes, ManageEngine, NETSCOUT, PlexTrac, Scamnetic, Seemplicity, Socure, StealthCores, Stellar Cyber, Tosibox, Tracer AI, and Zenni…
Microsoft Authenticator won’t manage your passwords anymore – or most passkeys
The only type of passkeys that Microsoft currently supports are device-bound (non-syncable) passkeys. Here’s what that means for you and your credential management plans. This article has been indexed from Latest news Read the original article: Microsoft Authenticator won’t manage…
Threat Actors Embed Malicious RMM Tools to Gain Silent Initial Access to Organizations
A sophisticated cyber campaign leveraging legitimate Remote Monitoring and Management (RMM) tools has emerged as a significant threat to European organizations, particularly those in France and Luxembourg. Since November 2024, threat actors have been deploying carefully crafted PDF documents containing…
Unit 42 Unveils Attribution Framework to Classify Threat Actors Based on Activity
Palo Alto Networks’ Unit 42 threat research team has introduced a groundbreaking systematic approach to threat actor attribution, addressing longstanding challenges in cybersecurity intelligence analysis. The Unit 42 Attribution Framework, unveiled on July 31, 2025, transforms what has traditionally been…
IT Security News Hourly Summary 2025-08-01 03h : 7 posts
7 posts were published in the last hour 1:3 : I replaced my ThinkPad with this Lenovo tablet for a week – and it was pretty dang close 1:3 : The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs…
ISC Stormcast For Friday, August 1st, 2025 https://isc.sans.edu/podcastdetail/9552, (Fri, Aug 1st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, August 1st, 2025…
This one feature could make GPT-5 a true game changer (if OpenAI gets it right)
GPT-5’s launch is around the corner, and here’s why it’s so exciting for users. This article has been indexed from Latest news Read the original article: This one feature could make GPT-5 a true game changer (if OpenAI gets it…
Why the best-value robot vacuum right now isn’t made by iRobot or Shark
The Mova P50 Ultra is a top robot vacuum and mop with a midrange price, especially thanks to a $200 discount. This article has been indexed from Latest news Read the original article: Why the best-value robot vacuum right now…
Finally, an Android tablet that I can confidently recommend to gamers
I started out skeptical, but RedMagic’s Astra gaming tablet blew me away with its outstanding gaming performance. This article has been indexed from Latest news Read the original article: Finally, an Android tablet that I can confidently recommend to gamers
I replaced my ThinkPad with this Lenovo tablet for a week – and it was pretty dang close
Lenovo’s 13-inch Yoga Tab Plus pairs a stunning display with strong battery life and powerful speakers. This article has been indexed from Latest news Read the original article: I replaced my ThinkPad with this Lenovo tablet for a week –…
The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers. This article has been indexed from Security Latest Read the original…
New Banking Malware DoubleTrouble Attacking Users Via Phishing Sites To Steal Banking Credentials
A sophisticated new banking trojan dubbed DoubleTrouble has emerged as a significant threat to mobile users across Europe, employing advanced evasion techniques and expanding its attack surface through novel distribution channels. The malware initially spread through phishing websites impersonating well-known…
First AI-Powered Malware LAMEHUG Attacking Organizations With Compromised Official Email Account
The cybersecurity landscape has witnessed a groundbreaking and concerning development with the emergence of LAMEHUG, the first publicly documented malware to integrate artificial intelligence capabilities for automated cyberattacks. This sophisticated malware, developed by the notorious Russian threat actor group APT28…
Anubis Ransomware Attacking Android and Windows Users to Encrypt Files and Steal Login Credentials
A sophisticated new ransomware threat has emerged from the cybercriminal underground, targeting both Android and Windows platforms with dual capabilities that extend far beyond traditional file encryption. Anubis ransomware, first identified in November 2024, represents a concerning evolution in malware…
Silver Fox Hackers Using Weaponized Google Translate Tools to Deploy Windows Malware
A sophisticated malware campaign has emerged targeting unsuspecting users through weaponized versions of popular online tools, particularly Google Translate interfaces. The Silver Fox threat actors have developed an intricate attack chain that leverages social engineering tactics to deliver the notorious…