Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158,…
Amazon blocks APT29 campaign targeting Microsoft device code authentication
Amazon stopped a Russia-linked APT29 watering hole attack that hijacked Microsoft device code authentication via compromised sites. Amazon announced that it had disrupted an opportunistic watering hole campaign orchestrated by the Russia-linked cyber espionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard,…
Security Affairs newsletter Round 539 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lab…
Microsoft Confirms Recent Windows 11 24H2 Security Update Not Causing SSD/HDD Failures
Microsoft has officially addressed growing concerns among Windows 11 users, stating that its August 2025 security update for version 24H2 is not responsible for the scattered reports of SSD and HDD failures that have recently surfaced on social media and…
IT Security News Hourly Summary 2025-08-31 00h : 1 posts
1 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-08-30
IT Security News Daily Summary 2025-08-30
52 posts were published in the last hour 20:33 : Top 10 Attack Surface Management Software Solutions In 2025 20:33 : Top 10 Best Web Application Penetration Testing Companies in 2025 20:33 : BSidesSF 2025: Future-Proof Your Career: Evolving In…
Top 10 Attack Surface Management Software Solutions In 2025
Attack Surface Management (ASM) is a proactive security discipline focused on continuously discovering, analyzing, and reducing an organization’s external-facing digital footprint. In 2025, with the proliferation of cloud services, remote work, and supply chain dependencies, an organization’s attack surface has…
Top 10 Best Web Application Penetration Testing Companies in 2025
Web application penetration testing in 2025 goes beyond a simple, one-time assessment. The top companies combine human expertise with automation and intelligent platforms to provide continuous, on-demand testing. The rise of Penetration Testing as a Service (PTaaS) and bug bounty…
BSidesSF 2025: Future-Proof Your Career: Evolving In The Age Of AI
Creators, Authors and Presenters: Jay Sarwate, Alok Tongaonkar, Prutha Parikh, Ketan Nilangekar Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s…
New Shamos Malware Targets Mac Users Through Fake Tech Support Sites
Cybersecurity researchers have unearthed a new Mac-targeting malware called Shamos that deceives users through fake troubleshooting guides and repair solutions. This information-stealing malware, developed by the cybercriminal organization “COOKIE SPIDER,” represents a variant of the previously known Atomic macOS…
FreeVPN.One Chrome Extension Caught Secretly Spying on Users With Unauthorized Screenshots
Security researchers are warning users against relying on free VPN services after uncovering alarming surveillance practices linked to a popular Chrome extension. The extension in question, FreeVPN.One, has been downloaded over 100,000 times from the Chrome Web Store and…
My favorite affordable phone cases are BOGO free (including for the new Google Pixel 10 series)
Casely’s Labor Day sale is here with cases starting at 2 for $30, thanks to a sweet BOGO offer. Plus, shipping is free. This article has been indexed from Latest news Read the original article: My favorite affordable phone cases…
You can save up to $700 on my favorite Bluetti power stations for Labor Day
You can save up to $700 on these field-tested power stations, perfect for camping, RVs, and running a CPAP machine off the grid or during a blackout. This article has been indexed from Latest news Read the original article: You…
Millions of Patient Records Compromised After Ransomware Strike on DaVita
Healthcare Faces Growing Cyber Threats A ransomware attack that affected nearly 2.7 million patients has been confirmed by kidney care giant DaVita, revealing that one of the most significant cyberattacks of the year has taken place. There are over 2,600…
Nissan Confirms Data Leak After Ransomware Attack on Design Unit
Nissan’s Tokyo-based design subsidiary, Creative Box Inc. (CBI), has launched an investigation into a cyberattack after a ransomware group claimed to have stolen a large cache of internal files. The company confirmed that some design data has been compromised but…
Ten Cloud-Agnostic Cybersecurity Tips for Protecting Your Data Across Platforms
When it comes to rapidly scaling operational processing power and expanding digital storage, cloud platform solutions are unmatched. Offering unparalleled flexibility, cloud platforms have quickly become essential for businesses of… The post Ten Cloud-Agnostic Cybersecurity Tips for Protecting Your Data…
IT Security News Hourly Summary 2025-08-30 15h : 4 posts
4 posts were published in the last hour 12:34 : Hackers Exploit CrushFTP Zero-Day to Take Over Servers 12:34 : Google Urges 2.5B Gmail Users to Reset Passwords After Salesforce Breach 12:34 : New ‘Sindoor Dropper’ Malware Targets Linux Systems…
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling
Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of legitimate software for malicious purposes. “In this incident, the threat actor…
Banking-as-a-Service
BaaS on a Global Scale Banking-as-a-Service (BaaS) solutions bring exciting new revenue streams to the banking world. This partnership model enables many new digital banks to run on reduced customer… The post Banking-as-a-Service appeared first on Cyber Defense Magazine. This…
Red Hat Trusted Artifact Signer can now be hosted on RHEL
Organizations looking to better understand the lineage of their software artifacts have begun to adopt signing as a way to improve their security posture. By applying digital signatures to software artifacts, trust can be established to verify that assets have…
Hackers Exploit CrushFTP Zero-Day to Take Over Servers
WatchTowr Labs uncovers a zero-day exploit (CVE-2025-54309) in CrushFTP. The vulnerability lets hackers gain admin access via the… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Hackers Exploit…
Google Urges 2.5B Gmail Users to Reset Passwords After Salesforce Breach
A sophisticated voice phishing operation has emerged as a significant threat to organizations worldwide, with cybercriminals successfully infiltrating Salesforce environments to steal sensitive data and demand ransom payments. Google’s Threat Intelligence Group has identified this financially motivated campaign, designating the…
New ‘Sindoor Dropper’ Malware Targets Linux Systems with Weaponized .desktop Files
A new malware campaign, dubbed “Sindoor Dropper,” is targeting Linux systems using sophisticated spear-phishing techniques and a multi-stage infection chain. The campaign leverages lures themed around the recent India-Pakistan conflict, known as Operation Sindoor, to entice victims into executing malicious…
Critical Citrix 0-Day Vulnerability Exploited Since May, Leaving Global Entities Exposed
A critical zero-day vulnerability in Citrix NetScaler products, identified as CVE-2025-6543, has been actively exploited by threat actors since at least May 2025, months before a patch was made available. While Citrix initially downplayed the flaw as a “memory overflow…