The Transparency in Frontier Artificial Intelligence Act (TFAIA) requires AI companies to implement and disclose publicly safety protocols to prevent their most advanced models from being used to cause major harm. The post California Gov. Gavin Newsom Signs Bill Creating…
The Reality of CTI: Voices from the Analysts
How CTI Analysts See Their Role, Challenges, and Future The post The Reality of CTI: Voices from the Analysts appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: The Reality of CTI:…
Harrods Data Breach Explained
On Friday, September 26–27, 2025 (UK time), Harrods warned that a third-party provider suffered an intrusion that exposed some online customers’ basic personal details (names and contact information). Harrods says its own systems weren’t breached, payment data and passwords weren’t…
CISA Issues Alert on Actively Exploited Libraesva ESG Command Injection Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting the active exploitation of a serious vulnerability in the Libraesva Email Security Gateway (ESG). Cataloged as CVE-2025-59689, this command injection vulnerability has emerged as a significant…
Details of a Scam
Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here’s an almost: Then he added, “Here at Chase, we’ll never ask for your personal information or passwords.” On the contrary, he gave me more information—two “cancellation…
260 romance scammers and sextortionists caught in huge Interpol sting
Investigators linked 1,463 victims to the scams, and said their losses amounted to around $2.8 million. This article has been indexed from Malwarebytes Read the original article: 260 romance scammers and sextortionists caught in huge Interpol sting
Apple fixes critical font processing bug. Update now!
Apple has patched a serious vulnerability (CVE-2025-43400) in how devices handle fonts. This article has been indexed from Malwarebytes Read the original article: Apple fixes critical font processing bug. Update now!
Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247)
Western Digital has fixed a critical remote code execution vulnerability (CVE-2025-30247) in the firmware powering its My Cloud network-attached storage (NAS) devices, and has urged users to upgrade as soon as possible. About CVE-2025-30247 Western Digital’s My Cloud devices are…
IT Security News Hourly Summary 2025-09-30 12h : 11 posts
11 posts were published in the last hour 10:2 : Microsoft Flags AI Phishing Attack Hiding in SVG Files 10:2 : U.S. CISA adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities…
CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent alert for system administrators and IT teams worldwide. Researchers have confirmed that attackers are actively exploiting a serious vulnerability in the sudo utility used on many Linux and Unix systems. This…
Apple Updates iOS and macOS to Prevent Malicious Font Attacks
The vulnerability could lead to a denial-of-service condition or memory corruption when a malicious font is processed. The post Apple Updates iOS and macOS to Prevent Malicious Font Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Webinar Today: AI and the Trust Dilemma: Balancing Innovation and Risk
Webinar: How do you embrace AI’s potential while defending against its threats? The post Webinar Today: AI and the Trust Dilemma: Balancing Innovation and Risk appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Ivanti upgrades Connect Secure with hardened system and gateway improvements
Ivanti released Ivanti Connect Secure (ICS) version 25.X. The update includes a modernized enterprise-grade OS, platform hardening, and gateway enhancements designed to reduce vulnerabilities, shrink attack surfaces, and improve resilience. Enterprise security is central to Connect Secure 25.X. Many legacy…
Phantom Taurus: 新たな中華系Nexus APTとNET-STARマルウェア スイートの発見
「Phantom Taurus」は、これまで活動が報告されていなかった中国の脅威グループです。本稿では、このグループが使用する特徴的なツールセットが、いかにしてその存在の発見につながったのかを解説します。 The post Phantom Taurus: 新たな中華系Nexus APTとNET-STARマルウェア スイートの発見 appeared first on Unit 42. This article has been indexed from Unit 42 Read the original article: Phantom Taurus: 新たな中華系Nexus APTとNET-STARマルウェア スイートの発見
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
Phantom Taurus is a previously undocumented Chinese threat group. Explore how this group’s distinctive toolset lead to uncovering their existence. The post Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite appeared first on…
Researchers Publish Technical Analysis of Linux Sudo Privilege Escalation
A team of security researchers has released an in-depth technical report on CVE-2025-32463, a critical local privilege escalation flaw in the widely used Linux sudo utility. The vulnerability, which affects sudo versions 1.9.14 through 1.9.17, allows a local attacker with…
Britain’s policing minister punts facial recog nationwide
Met’s Croydon cameras hailed as a triumph, guidance to be published later this year The government is to encourage police forces across England and Wales to adopt live facial recognition (LFR) technology, with a minister praising its use by the…
Legit’s Command Center tracks AI code, models, and MCP server usage across the SDLC
Legit Security has updated its AI Security Command Center. As vibe coding and AI-first development reshape how software is built, the Command Center offers visibility into when, where, and how AI-generated code, AI models, and MCP servers are used across…
New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly. Dutch mobile security company ThreatFabric said it discovered the campaign in August…
Microsoft Flags AI Phishing Attack Hiding in SVG Files
Microsoft Threat Intelligence detected a new AI-powered phishing campaign using LLMs to hide malicious code inside SVG files disguised as business dashboards. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the…
U.S. CISA adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva…
£5.5B Bitcoin fraudster pleads guilty after years on the run
Zhimin Qian recruited takeaway worker to launder funds through property overseas London’s Metropolitan Police has secured a “landmark conviction” following a record-busting Bitcoin seizure and seven-year investigation.… This article has been indexed from The Register – Security Read the original…
Cyberattack on Beer Giant Asahi Disrupts Production
The incident has resulted in a system failure that impacted orders and shipments in Japan, and call center operations. The post Cyberattack on Beer Giant Asahi Disrupts Production appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Asahi Suspends Operations in Japan After Cyber-Attack
Japanese brewery giant Asahi revealed that a cyber-attack had caused a “system failure”, with order and shipment operations suspended in Japan This article has been indexed from www.infosecurity-magazine.com Read the original article: Asahi Suspends Operations in Japan After Cyber-Attack