Google is once again in the crosshairs of French regulators. France’s data watchdog, the CNIL, has fined the tech giant €325 million (approximately $381 million) for slipping promotional messages directly into Gmail inboxes and for cookie consent practices that regulators say were more about coercion than choice. show more ...
A newly disclosed security flaw in the Linux UDisks daemon has been reported. Tracked as CVE-2025-8067, the out-of-bounds read vulnerability allows local, unprivileged users to access files and data owned by privileged accounts, a serious breach with potentially far-reaching implications. Red Hat officially show more ...
A serious Django web vulnerability has been identified, prompting immediate action from the Django web framework development team. The flaw, officially registered as CVE-2025-57833, affects the FilteredRelation feature in Django and could allow attackers to carry out SQL injection attacks. This vulnerability has been show more ...
In its latest Android Security Bulletin, Google has confirmed the patching of 111 unique security vulnerabilities, including two zero-day vulnerabilities that were actively exploited in targeted attacks. The most concerning of these involve CVE-2025-48543, a flaw in Android Runtime, and CVE-2025-38352, a bug in the show more ...
The Cyber Express, in collaboration with Suraksha Catalyst, has officially released Episode 5 of the Black Hat USA 2025 CISO Podcast Series. The series, which brings together global cybersecurity leaders to share insights from the frontlines, continues to explore some of the most pressing challenges shaping the show more ...
The flaws and vulnerabilities of cellular networks are regularly exploited to attack subscribers. Malicious actors use devices with catchy names like IMSI Catcher (Stingray) or SMS blaster to track peoples movements and send them spam and malware. These attacks were easiest to carry out on 2G networks, becoming more show more ...
Many high-profile Salesloft Drift customers have disclosed data breaches as a result of a recent supply-chain attack, but the extent and severity of this campaign are unclear.
With the continued success of North Korea's IT worker scams, Asia-Pacific nations are working with private firms to blunt the scheme's effectiveness.
Czech cyber agency NÚKIB warned of the risks of using products and software that send data back to China.
What's believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years.
The addition of Black Duck's application security testing offering to UltraViolet Cyber's portfolio helps security teams find and remediate issues earlier in the security lifecycle.
The digital refuge: Abortion clinics, activist groups, and other organizations are turning to overseas hosting providers willing to keep their data — and their work — safe.
_Stefan_Sutka_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
The more you hunt, the more you learn.
New threat actor "GhostRedirector" is using a malicious IIS module to inject links that try to artificially boost search engine ranking for target sites.
The Homeland Justice APT tried spying on countries and organizations from six continents, using more than 100 hijacked email accounts.
Reports of disruptions at North American plants emerged earlier this week, though the nature of the attack on the tire manufacturer remains unclear.
_jvphoto_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
This Tech Tip outlines how organizations can make the shift to post-quantum cryptography for their hybrid cloud environment with minimal disruption.
_Brain_light_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
The Nonprofit organization launched the Threat Handling Foundations Certificate amid mounting incident and breach disclosures.
The General Court of the Court of Justice of the European Union ruled against a French lawmaker who had challenged the EU-U.S. Data Privacy Framework, citing the fact that a U.S. data protection court provides independent oversight of U.S. intelligence agencies and their potential surveillance of Europeans’ data.
More than 880,000 Texans were affected by the breach at education tech provider PowerSchool, state Attorney General Ken Paxton noted in filing a lawsuit against the company.
A federal jury awarded plaintiffs suing Google $425 million in damages, holding that by collecting the data of users who had switched off an app activity-tracking feature, the tech giant invaded the privacy of millions.
A former information security professor with more than 25 years in the Ukrainian armed forces, Oleksandr Potii is blunt about Moscow’s capabilities: “We see that Russia’s technical level is high and its potential is strong. We cannot underestimate them."
Google has been penalized €325 million ($379 million) and clothing retailer Shein has been ordered to pay €150 million ($175 million) for not getting proper consent from users for advertising cookies, France's CNIL said.
Cloud storage and remote operation can expose critical sectors to Chinese espionage, warned the Czech Republic's NÚKIB, "making trust in the reliability of the provider absolutely crucial."
In breach notifications submitted to regulators in Maine and Vermont, Chess.com explained that 4,541 people had personal information exposed to hackers who breached an unnamed file transfer application between June 5 and June 18.
Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X's malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok. The findings were highlighted by Nati Tal, head of Guardio Labs, in a series of posts on X. The technique has been codenamed Grokking. The approach is designed to
The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, for violating cookie rules. Both companies set advertising cookies on users' browsers without securing their consent, the National Commission on Informatics and Liberty (CNIL) said. Shein has since updated its systems to comply with
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-50224 (CVSS score: 6.5) - An authentication bypass by spoofing vulnerability
The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor "is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word," S2 Grupo's LAB52 threat intelligence team said. "When such an email is
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS) module
Your AI reads the small print, and that's a problem. This week in episode 433 of "Smashing Security" we dig into LegalPwn - malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a harmless calculator). show more ...
ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results
Source: sec.cloudapps.cisco.com – Author: . Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Information Disclosure Vulnerability Medium CVE-2025-20270 CWE-200 Download CSAF Email Summary A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager show more ...
Source: www.infosecurity-magazine.com – Author: A malicious campaign targeting developers through npm and GitHub repositories has been uncovered, featuring an unusual method of using Ethereum smart contracts to conceal command-and-control (C2) infrastructure. The campaign first came to light in early July when show more ...
Source: www.infosecurity-magazine.com – Author: Researchers at Spanish cybersecurity provider S2 Grupo have observed a new Outlook backdoor that enables threat actors to exfiltrate data, upload files and execute commands on a victim’s computer. S2 Grupo’s threat intelligence lab, LAB52, shared its show more ...
Source: www.infosecurity-magazine.com – Author: A large Internet Protocol Television (IPTV) piracy network spanning more than 1100 domains and over 10,000 IP addresses has been uncovered by cybersecurity researchers. The operation, active for several years, has reportedly impacted more than 20 well-known show more ...
Source: www.infosecurity-magazine.com – Author: Cloudflare and Palo Alto Networks are the latest big names to have had their Salesforce instances accessed by threat actors via the Salesloft Drift app, the firms have revealed. In a post yesterday, Cloudflare said it became aware of suspicious activity in its show more ...
Source: www.infosecurity-magazine.com – Author: Written by New techniques have been developed within the Tycoon phishing kit to hide malicious links in email attacks, researchers from Barracuda have warned. The use of URL encoding, among other new techniques, are designed to better obscure, muddle and disrupt show more ...
Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer The Homeland Justice APT tried spying on countries and organizations from six continents, using more than 100 hijacked email accounts. Original Post URL: https://www.darkreading. show more ...
Source: www.darkreading.com – Author: Robert Lemos, Contributing Writer With the continued success of North Korea’s IT worker scams, Asia-Pacific nations are working with private firms to blunt the scheme’s effectiveness. Original Post URL: https://www.darkreading. show more ...
Source: www.darkreading.com – Author: Rob Wright The notorious Russian state-sponsored hacking unit, also known as Fancy Bear, is abusing Microsoft Outlook for covert data exfiltration. Original Post URL: https://www.darkreading.com/endpoint-security/apt28-outlook-notdoor-backdoor Category & Tags: – show more ...
Source: www.darkreading.com – Author: Fahmida Y. Rashid While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked. Original Post URL: https://www.darkreading. show more ...
Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer A “sophisticated” attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware. Original Post URL: https://www.darkreading. show more ...
Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido A quiet but consequential change is reshaping the foundations of online trust. Related: CISA on quantum readiness Starting in 2026, TLS certificate lifespans will shrink in stages — from 200 days, to 100, and eventually just 47 by 2029. The show more ...
Source: securityboulevard.com – Author: Gary Warner A new round of mobile phish is imitating the State of California’s “Franchise Tax Board” in a round of phishing sites that are gaining prominence in the past few days. I visited ftb.ca-gov-sg[.]top/notice from a burner phone to see how the show more ...
Source: securityboulevard.com – Author: Mary Henry Scaling Kubernetes isn’t just about launching containers—it’s about choosing support models that truly let developers innovate instead of drowning in operational noise. Recently, I read Kathie Clark’s excellent blog, “What I Got Wrong About Cloud show more ...
Source: securityboulevard.com – Author: Jeffrey Burt Cloudflare, Palo Alto Networks, and Zscaler are the latest among hundreds of victims of an expanding data-stealing attack by the UNC6395 threat group that is exploiting compromised OAuth tokens associated with Salesloft’s Drift app to access show more ...
Source: securityboulevard.com – Author: Michael Vizard A survey of 264 professionals that maintain websites based on the WordPress content management system (CMS) finds 96% have been impacted by at least one security incident/event, with just under two-thirds of those respondents (64%) having suffered a full show more ...
Source: www.infosecurity-magazine.com – Author: A new agentic AI-powered tool for red teams is already being abused by threat actors to rapidly accelerate and simplify vulnerability exploitation, Check Point has warned. Hexstrike-AI is built around an abstraction and orchestration “brain.” This uses AI show more ...
Source: www.infosecurity-magazine.com – Author: Healthcare organizations (HCOs) are among the slowest at remediating serious vulnerabilities, leaving systems and data exposed for weeks or even months, according to Cobalt. The penetration testing firm drew on a decade of internal data, as well as a survey of 500 show more ...
Source: sec.cloudapps.cisco.com – Author: . Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability Medium CVE-2025-20330 CWE-79 Download CSAF Email Summary A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence show more ...
Source: sec.cloudapps.cisco.com – Author: . Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Software Vulnerabilities Medium CVE-2025-20335 CVE-2025-20336 CWE-200 CWE-284 Download CSAF Email Summary Multiple vulnerabilities in the directory permissions of Cisco Desk show more ...
Source: www.techrepublic.com – Author: J.R. Johnivan Published September 4, 2025 We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. A rash of SSD failures have prompted some users to show more ...
Source: www.techrepublic.com – Author: Megan Crouse Topic — Artificial Intelligence Published September 3, 2025 Claude AI creator Anthropic plans to use the money from its latest funding round for enterprise products, safety research and expanding internationally. Anthropic’s Dario Amodei and Daniela Amodei. show more ...
Source: www.techrepublic.com – Author: Fiona Jackson We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Google has debunked the recent reports that it was alerting its billions of show more ...
Source: go.theregister.com – Author: Paul Kunert Sainsbury’s, Britain’s second-largest supermarket chain, has caught the attention of privacy campaigners by launching an eight-week trial of live facial recognition (LFR) tech in two of its stores to curb shoplifting. A survey of the grocer’s show more ...
Source: go.theregister.com – Author: Simon Sharwood France’s data protection authority levied massive fines against Google and SHEIN for dropping cookies on customers without securing their permission, and also whacked Google for showing ads in email service. The Commission nationale de l’informatique show more ...
Source: go.theregister.com – Author: Iain Thomson The US State Department has put a $10 million bounty on the heads of three Russians accused of being intelligence agents hacking America’s critical infrastructure – primarily via old Cisco kit, it seems. The alert directly connects them to reports of show more ...
Source: www.schneier.com – Author: Bruce Schneier Anthropic reports on a Claude user: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the show more ...
Source: www.infosecurity-magazine.com – Author: A newly identified hacking group has compromised at least 65 Windows servers worldwide, primarily in Brazil, Thailand and Vietnam. According to ESET researchers, the group, named GhostRedirector, deployed two previously unknown tools: a C++ backdoor called Rungan show more ...
