A newly disclosed vulnerability in RARLAB’s WinRAR, the widely used file compression utility for Windows, has put millions of users at risk of remote code execution (RCE) attacks. Tracked as CVE-2025-6218 and assigned a CVSS score of 7.8 (High), this…
‘Psylo’ browser tries to obscure digital fingerprints by giving very tab its own IP address
Gotta keep ’em separated so the marketers and snoops can’t come out and play Psylo, which bills itself as a new kind of private web browser, debuted last Tuesday in Apple’s App Store, one day ahead of a report warning…
Cyber Intel Pros and Hobbyists Can Now Report Threats Anonymously
Draugnet is a new anonymous threat reporting platform built for the MISP ecosystem This article has been indexed from www.infosecurity-magazine.com Read the original article: Cyber Intel Pros and Hobbyists Can Now Report Threats Anonymously
Aviatrix Cloud Controller Flaw Enables Remote Code Execution via Authentication Bypass
A Mandiant Red Team engagement has uncovered two critical vulnerabilities in Aviatrix Controller—cloud networking software used to manage multi-cloud environments. The flaws enable full system compromise through an authentication bypass (CVE-2025-2171) followed by authenticated command injection (CVE-2025-2172). Authentication Bypass (CVE-2025-2171)…
LapDogs Hackers Leverages 1,000 SOHO Devices Using a Custom Backdoor to Act Covertly
A sophisticated China-linked cyber espionage campaign has emerged, targeting over 1,000 Small Office/Home Office (SOHO) devices worldwide through an advanced Operational Relay Box (ORB) network dubbed “LapDogs.” This covert infrastructure operation, active since September 2023, represents a significant evolution in…
New Echo Chamber Attack Breaks AI Models Using Indirect Prompts
A groundbreaking AI jailbreak technique, dubbed the “Echo Chamber Attack,” has been uncovered by researchers at Neural Trust, exposing a critical vulnerability in the safety mechanisms of today’s most advanced large language models (LLMs). Unlike traditional jailbreaks that rely on…
Why work-life balance in cybersecurity must start with executive support
In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership. She shares how her team handles constant pressure, sets boundaries, and deals with stress. Wallace also…
Notepad++ Vulnerability Allows Full System Takeover — PoC Released
A critical privilege escalation vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 enables attackers to achieve full system control through a supply-chain attack. The flaw exploits the installer’s insecure search path behavior, allowing unprivileged users to escalate privileges to NT AUTHORITY\SYSTEM with minimal user interaction.…
The real story behind cloud repatriation in 2025
In this Help Net Security video, Mark Wilson, Technology and Innovation Director at Node4, shares key insights from the company’s 2025 mid-market report. He explores the surprising trend of cloud repatriation, where 97% of mid-market organizations plan to move some…
Reconmap: Open-source vulnerability assessment, pentesting management platform
Reconmap is an open source tool for vulnerability assessments and penetration testing. It helps security teams plan, carry out, and report on security tests from start to finish. The platform simplifies tasks and makes it easier for teams to work…
IT Security News Hourly Summary 2025-06-24 06h : 2 posts
2 posts were published in the last hour 3:36 : Notepad++ Vulnerability Let Attacker Gain Complete System Control – PoC Released 3:36 : China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
Cybersecurity jobs available right now: June 24, 2025
Cyber Security Analyst Ascendion | Singapore | On-site – View job details As a Cyber Security Analyst, you will lead incident response efforts, including forensic analysis, malware mitigation, and DoS attack resolution. Design and implement advanced security architectures with a…
Notepad++ Vulnerability Let Attacker Gain Complete System Control – PoC Released
A severe privilege escalation vulnerability has been discovered in Notepad++ version 8.8.1, potentially exposing millions of users worldwide to complete system compromise. The flaw, designated CVE-2025-49144, allows attackers to gain SYSTEM-level privileges through a technique known as binary planting, with…
China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber…
ISC Stormcast For Tuesday, June 24th, 2025 https://isc.sans.edu/podcastdetail/9502, (Tue, Jun 24th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, June 24th, 2025…
IT Security News Hourly Summary 2025-06-24 03h : 1 posts
1 posts were published in the last hour 1:2 : Bulletproof Security Workflows with Grip’s Jira Integration
Bulletproof Security Workflows with Grip’s Jira Integration
See how Grip’s Jira integration automates SaaS security workflows, removes manual gaps, streamlines follow-up, and helps teams stay efficient and ahead of risk. The post Bulletproof Security Workflows with Grip’s Jira Integration appeared first on Security Boulevard. This article has…
Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department
Chinese crew built 1,000+ device network that runs on home devices then targets critical infrastructure A stealthy, ongoing campaign to gain long-term access to networks bears all the markings of intrusions conducted by China’s ‘Typhoon’ crews and has infected at…
IT Security News Hourly Summary 2025-06-24 00h : 3 posts
3 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-06-23 21:32 : China-linked LapDogs Campaign Drops ShortLeash Backdoor with Fake Certs 21:32 : Salesforce launches Agentforce 3 with AI agent observability and MCP support
IT Security News Daily Summary 2025-06-23
164 posts were published in the last hour 21:32 : China-linked LapDogs Campaign Drops ShortLeash Backdoor with Fake Certs 21:32 : Salesforce launches Agentforce 3 with AI agent observability and MCP support 21:2 : Google Integrates GenAI to Counter Indirect…
Salt Typhoon Targets Telecoms via Router Flaws, Warn FBI and Canada
Salt Typhoon, a China-linked group, is exploiting router flaws to spy on global telecoms, warns a joint FBI and Canadian advisory issued in June 2025. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI &…
Heightened Cyber Threat from Iran Sparks Urgent Calls for Vigilance and Mitigation
Following last week’s U.S. airstrikes targeting Iranian nuclear sites, cybersecurity experts and government officials are now warning of a possible digital retaliation, a surge in cyber threats originating from Iran. On June 22, the Department of Homeland Security (DHS) issued…
China-linked LapDogs Campaign Drops ShortLeash Backdoor with Fake Certs
ShortLeash backdoor, used in the China-linked LapDogs campaign since 2023, enables stealth access, persistence, and data theft via compromised SOHO routers and fake certs. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto…
Salesforce launches Agentforce 3 with AI agent observability and MCP support
Salesforce launches Agentforce 3 with AI agent observability and native MCP support, giving enterprises real-time visibility and secure interoperability at scale. This article has been indexed from Security News | VentureBeat Read the original article: Salesforce launches Agentforce 3 with…
Google Integrates GenAI to Counter Indirect Prompt Injection Attack Vectors
Google has revealed a thorough protection technique aimed at indirect prompt injection attacks, a subtle but powerful threat, marking a major advancement in cybersecurity in the age of generative AI. Unlike direct prompt injections, where malicious commands are overtly inserted…
UAC-0001 Hackers Target ICS Devices Running Windows-Based Server Systems
The national team for responding to cyber incidents, CERT-UA, has exposed a sophisticated cyberattack targeting the information and communication system (ICS) of a central executive body in March-April 2024. During the implementation of response measures, a technical device running a…
Cybersecurity Innovations in Software Development: How Developers Are Tackling Security Threats
Cybersecurity is more critical than ever as technology becomes more integrated into our daily lives and business operations. Cyber threats change quickly, so software developers need to make sure that apps, data, and users are safe by putting strong security…