Adobe has released a comprehensive security update addressing 60 critical vulnerabilities across 13 of its flagship products as part of its August 2025 Patch Tuesday initiative. The massive security bulletin, published on August 12, 2025, represents one of the most…
Apache Tomcat Vulnerabilities Let Attackers Trigger Dos Attack
A critical security vulnerability in Apache Tomcat’s HTTP/2 implementation has been discovered, enabling attackers to launch devastating denial-of-service (DoS) attacks against web servers. The vulnerability, designated as CVE-2025-48989 and dubbed the “Made You Reset” attack, affects multiple versions of the…
Quantum Threat Is Real: Act Now with Post Quantum Cryptography
Why Businesses Must Upgrade to Quantum-Safe Encryption Before It’s Too Late Cybersecurity has always had to keep pace with the evolution of cyberattacks. These attacks started gaining prominence in the… The post Quantum Threat Is Real: Act Now with Post…
Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution
Path traversal and XXE injection flaws allowing unauthenticated remote code execution have been patched in Xerox FreeFlow Core. The post Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution appeared first on SecurityWeek. This article has been indexed from…
KLM Alerts Customers After Data Theft by Fraudsters
On Wednesday, Air France and KLM announced a breach of a customer service platform, compromising the personal data of an undisclosed number of customers. The breach highlights the increasing cybersecurity challenges faced by the aviation industry. Air France–KLM Group, the…
Security Flaws Found in Police and Military Radio Encryption
Cybersecurity experts have uncovered significant flaws in encryption systems used by police and military radios globally, potentially allowing malicious actors to intercept secure communications. Background and context In 2023, Dutch security researchers from Midnight Blue unearthed an intentional backdoor…
Brute-force attacks hammer Fortinet devices worldwide
A surge in brute-force attempts targeting Fortinet SSL VPNs that was spotted earlier this month could be a portent of imminent attacks leveraging currently undisclosed (potentially zero-day) vulnerabilities in Fortinet devices. Shifting attacks Greynoise, a cybersecurity intelligence service that through…
Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS
Japan’s CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS…
IT Security News Hourly Summary 2025-08-14 15h : 14 posts
14 posts were published in the last hour 12:36 : Microsoft IIS Web Deploy Vulnerability Allows Remote Code Execution 12:36 : CISA Publishes Operational Technology Guide for Critical Infrastructure Stakeholders 12:36 : Splunk Release Guide for Defenders to Detect Suspicious…
Netflix scammers target jobseekers to trick them into handing over their Facebook logins
Scammers are sending out fake Netflix job offers to get control of Facebook accounts. This article has been indexed from Malwarebytes Read the original article: Netflix scammers target jobseekers to trick them into handing over their Facebook logins
During Deadly Floods, Central Texas Hit with Online Scams: BforeAI
In the 10 days after the deadly floods in Central Texas began, researcher’s with BeforeAI’s PreCrime Labs identified more than 70 malicious or suspicious domains that used the natural disaster to steal money and information from victims or those looking…
Palo Alto Networks helps organizations accelerate their quantum readiness
Palo Alto Networks announced two new security solutions to help organizations confidently navigate the quantum landscape, and to keep pace with highly dynamic cloud and AI environments. These innovations provide enterprises with the visibility, agility and defenses needed to accelerate…
The Reality of Modern Cyberattacks: Lessons from Recent Retail Breaches
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: The Reality of Modern Cyberattacks: Lessons from Recent Retail Breaches
Stopping Fraud: What Does Email Got to Do with It?
With 7.9 billion email accounts worldwide and 4.3 billion active users, emails now play an essential role in fraud detection and identity verification. Businesses leverage email not just for communication but also as… The post Stopping Fraud: What Does Email Got to Do…
This people search site is back after a massive breach – how to remove your data from it ASAP
National Public Data’s security breach exposed the personal data of 3 billion people. Protect your privacy now – and check if other people-search sites have your information. This article has been indexed from Latest news Read the original article: This…
I tried this tiny 360° camera drone, and it could be a game-changer for creators
Insta360’s new Antigravity brand is launching a drone that records everything around it simultaneously in 8K. This article has been indexed from Latest news Read the original article: I tried this tiny 360° camera drone, and it could be a…
Law and water: Russia blamed for US court system break-in and Norwegian dam drama
Moscow-linked miscreants accused of swiping sealed US court files and fiddling with a Norwegian dam’s floodgates Russian attackers reportedly spent months rummaging through the US federal court’s creaky case-management system, while Norway reckons the same Kremlin-friendly miscreants took control of…
FBI Shares Tips to Spot Fake Lawyer Schemes Targeting Crypto Scam Victims
The Bureau’s Internet Crime Complaint Center has provided a list of indicators for potential cryptocurrency scam victims to avoid a double whammy This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI Shares Tips to Spot Fake Lawyer…
Microsoft IIS Web Deploy Vulnerability Allows Remote Code Execution
Microsoft has disclosed a critical security vulnerability in its Internet Information Services (IIS) Web Deploy tool that could allow attackers to execute arbitrary code remotely on affected systems. The vulnerability, designated as CVE-2025-53772, was announced on August 12, 2025, and…
CISA Publishes Operational Technology Guide for Critical Infrastructure Stakeholders
The Cybersecurity and Infrastructure Security Agency (CISA), in partnership with eight other national cyber agencies, has released a comprehensive “Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators.” Published on August 13, 2025, this new guide equips critical…
Splunk Release Guide for Defenders to Detect Suspicious Activity Before ESXi Ransomware Attack
A detailed security guide released by Splunk to help cybersecurity teams detect and prevent ransomware attacks targeting ESXi infrastructure before they can cause catastrophic damage. The guide comes as a response to increasing threats against VMware’s ESXi hypervisor systems, which…
Xerox FreeFlow Core Vulnerability Let Remote Attackers Execute Malicious Code – PoC Released
Critical vulnerabilities in Xerox FreeFlow Core, a widely-used print orchestration platform, allow unauthenticated remote attackers to execute malicious code on vulnerable systems. The flaws, tracked as CVE-2025-8355 and CVE-2025-8356, affect the JMF Client service and have been patched in FreeFlow…
Hackers Using Dedicated Phishlet to Launch FIDO Authentication Downgrade Attacks
A sophisticated new threat vector has emerged that could undermine one of the most trusted authentication methods in cybersecurity. FIDO-based passkeys, long considered the gold standard for phishing-resistant authentication, are now facing a potentially devastating attack technique that forces users…
CISA Warns of Attacks Exploiting N-able Vulnerabilities
CISA reported becoming aware of attacks exploiting CVE-2025-8875 and CVE-2025-8876 in N-able N-central on the day they were patched. The post CISA Warns of Attacks Exploiting N-able Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…