OpenAI’s June 2025 report, which details 10 threats from six countries, warns that AI is accelerating cyber threats, lowering barriers for attackers, and calling for collective detection efforts. This article has been indexed from Security | TechRepublic Read the original…
Play ransomware group hit 900 organizations since 2022
A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and…
Iranian APT ‘BladedFeline’ Stays Silent in Organizations Network for 8 Years
A sophisticated Iranian cyberespionage group has maintained undetected access to government networks across Iraq and the Kurdistan Regional Government for nearly eight years, representing one of the longest-running advanced persistent threat campaigns in the Middle East. The group, designated as…
Kommunen: Leichtes Ziel für Cyberangriffe
Cybersicherheit steht in deutschen Kommunen noch nicht im Fokus. Dabei können durch Cyberangriffe sensible Daten von Bürgern und Mitarbeitenden missbräuchlich verwendet werden. Im schlimmsten Fall kommt es zu einem langfristigen Ausfall des Verwaltungsapparats. Dieser Artikel wurde indexiert von Newsfeed Lesen…
Privatsphäre: Follower auf Kleinanzeigen nicht länger geheim
Bisher konnten Nutzer auf Kleinanzeigen nur die Anzahl ihrer Follower sehen. Eine neue Funktion stellt die Privatsphäre auf den Kopf und liefert Namen. (Privatsphäre, Datenschutz) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Privatsphäre: Follower…
PoC Exploit Released for Apache Tomcat DoS Vulnerability
A critical memory leak vulnerability in Apache Tomcat’s HTTP/2 implementation (CVE-2025-31650) has been weaponized, enabling unauthenticated denial-of-service attacks through malformed priority headers. The flaw affects Tomcat versions 9.0.76–9.0.102, 10.1.10–10.1.39, and 11.0.0-M2–11.0.5, with public exploits already circulating 12. Vulnerability Mechanics and…
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. “Several widely used extensions […] unintentionally transmit sensitive data…
Kettering data published, Reddit sues Anthropic, North Face breached
Stolen Kettering Health data published Reddit sues Anthropic for scraping North Face website customer accounts breached Huge thanks to our sponsor, Conveyor Let me guess, another security questionnaire just landed in your inbox. Which means all the follow up tasks…
How to secure your portable devices against cyberthreats
Portable devices such as smartphones, tablets, and laptops have become integral to our daily routines, storing a wealth of sensitive personal and professional information. As… The post How to secure your portable devices against cyberthreats appeared first on Panda Security…
Hackers Exploit Roundcube Vulnerability to Steal User Credentials via XSS Attack
A recent spearphishing campaign targeting Polish entities has been attributed with high confidence to the UNC1151 threat actor, a group linked to Belarusian state interests and, according to some sources, Russian intelligence services. CERT Polska reports that the attackers leveraged…
Hackers Using New Sophisticated iMessage 0-Click Exploit to Attack iPhone Users
A previously unknown zero-click vulnerability in Apple’s iMessage appears to have been exploited by sophisticated threat actors targeting high-profile individuals across the United States and the European Union. The vulnerability, dubbed “NICKNAME,” affected iOS versions up to 18.1.1 and was…
June 2025 Patch Tuesday forecast: Second time is the charm?
Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. The May Patch Tuesday release of updates was typical in number of vulnerabilities addressed with 41 in both Windows 10 and 11, and their associated servers. They…
Claroty enhances xDome platform with Device Purpose and Risk Benchmarking capabilities
Claroty announced new capabilities in its SaaS-based Claroty xDome platform that provide organizations with an impact-centric view of their CPS environment. The new additions, Device Purpose and Risk Benchmarking, allow users to see how the overall risk of an environment…
Pathlock helps organizations protect their SAP environments from development to deployment
Pathlock announced a major expansion of its SAP cybersecurity offerings, introducing a new portfolio of value-driven and easy-to-deploy SAP cybersecurity solutions, including a Free Edition. Designed to deliver maximum value and fast time-to-protection, the launch marks a significant step toward…
Cyber Extortion, Ukraine’s Cyber Offensive, and Chrome Trust Shake-up
Cybersecurity Today, hosted by Jim Love, delves into the latest in cyber threats. Cyber criminals have breached 20 organizations via convincing fake IT support calls, targeting Salesforce data for extortion. Ukraine’s intelligence claims a significant cyber operation against Russia’s…
Protecting patient data starts with knowing where it’s stored
Patient data is often stored or processed outside the country where it was collected. When that happens, the data falls under the laws of the country where it resides. Depending on those laws, local governments may have legal access to…
Why IAM should be the starting point for AI-driven cybersecurity
In this Help Net Security interview, Benny Porat, CEO at Twine Security, discusses applying AI agents to security decisions. He explains why identity and access management (IAM) is the ideal starting point for both augmentation and automation, and shares advice…
BladedFeline: Whispering in the dark
ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig This article has been indexed from WeLiveSecurity Read the original article: BladedFeline: Whispering in the dark
IT Security News Hourly Summary 2025-06-06 06h : 2 posts
2 posts were published in the last hour 4:2 : PumaBot: A New Malware That Sneaks into Smart Devices Using Weak Passwords 4:2 : Cerebras Unveils World’s Fastest AI Chip, Beating Nvidia in Inference Speed
Ransomware and USB attacks are hammering OT systems
Ransomware, trojans, and malware delivered through USB devices are putting growing pressure on industrial systems, according to the Honeywell 2025 Cyber Threat Report, which draws on data from monitoring tools deployed across industrial sites around the world. The findings highlight…
AI becomes key player in enterprise ransomware defense
Ransomware breaches continue to rise even as fewer victims pay, according to a Delinea report. 69% of organizations globally have fallen victim to ransomware, with 27% being hit more than once. While only 57% of organizations paid ransoms, down from…
Misconfigured HMIs Expose US Water Systems to Anyone With a Browser
Censys researchers follow some clues and find hundreds of control-room dashboards for US water utilities on the public internet. The post Misconfigured HMIs Expose US Water Systems to Anyone With a Browser appeared first on SecurityWeek. This article has been…
New infosec products of the week: June 6, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Akamai, AttackIQ, Barracuda Networks, Bitdefender, Fortinet, Malwarebytes, and Varonis. Bitdefender unifies security, risk management, and compliance in a single platform Bitdefender announced GravityZone Compliance Manager,…
PumaBot: A New Malware That Sneaks into Smart Devices Using Weak Passwords
A recently found malware called PumaBot is putting many internet-connected devices at risk. This malicious software is designed to attack smart systems like surveillance cameras, especially those that use the Linux operating system. It sneaks in by guessing weak…