We are always asked what we are reading and paying attention to, whilst we want to keep you updated with this there is just too much stuff. Here is a sample of the daily reading lists.
Meenakshi Balasubramanian, a Chennai activist, advocates for accessibility and inclusion for persons with disabilities in Tamil Nadu and across ...
Go to External Site
A conspiracy to steal cash via ATM malware led to the indictment of two Venezuelans in Merced County, with theft spanning multiple states on the ...
Go to External Site
A new ZuRu macOS malware variant spreads via trojanized Termius SSH app, targeting developers with advanced infection techniques.
Go to External Site
ServiceNow Platform Vulnerability Enables Attackers to Exfiltrate Sensitive Data · 0. Security researchers have identified a critical vulnerability in ...
Go to External Site
A critical vulnerability CVE-2025-6514 with a CVSS score of 9.6 affecting the mcp-remote project allows… 2 hours ago. All Rights ReservedView Non ...
Go to External Site
Both companies have stated their commitment to data security following the swift remediation of this critical vulnerability. “This incident is a ...
Go to External Site
Discussions around making legal provisions for services such as penetration testing and bug bounties were originally introduced by Russia's ...
Go to External Site
... Cisco Talos. Thus, when a user searched for crypto-related keywords such as “blockchain” or “bitcoin wallet,” the spoofed links appeared at the ...
Go to External Site
SafePay ransomware surged in 2025, hitting 200+ victims via RDP/VPN attacks on MSPs & SMBs, disrupting supply chains.
Go to External Site
A sophisticated variant of the macOS.ZuRu malware, first identified by a Chinese blogger, has resurfaced with a new method of attack.
Go to External Site
SuperOps, the AI-powered IT management platform, has unveiled its new Agent Missing campaign for MSPs focused on agentic AI.
Go to External Site
Most cyberattackers employ two primary methods, social engineering and exploiting software and firmware vulnerabilities, to gain initial access to ...
Go to External Site
... Windows updates. These updates make Secure Boot more strict. If the Linux bootloader hasn't been updated or properly configured, the system may ...
Go to External Site
Note: This is an unofficial workaround. WordPad may not work perfectly, and future Windows updates might disable or break it.
Go to External Site
"TL;DR: We discovered a critical vulnerability in open-vsx.org, the open-source VS Code extensions marketplace powering popular VSCode forks like ...
Go to External Site
The US FBI and cybersecurity experts are warning that the Scattered Spider extortion gang has shifted its focus to the aviation and transportation ...
Go to External Site
The MP Materials-Pentagon partnership addresses a critical vulnerability in US industrial capacity. For decades, the United States has relied ...
Go to External Site
Industry's Most Comprehensive Mobile Application Penetration Testing Program Addresses Real-World Mobile Security Challenges.
Go to External Site
Through its philanthropic arm, iVerify will provide its solution to protect journalists, activists and others in harm's way.
Go to External Site
While many partner businesses were impacted by the Ingram Micro ransomware attack, they are mostly complementary of how it handled the affair.
Go to External Site
Cybercriminals escalate tactics with AsyncRAT's sophisticated campaign, while FakeUpdates continues to be the most widespread malware targeting...
Go to External Site
Yet this progress hides a critical vulnerability: the organizations enabling it are financially desperate. Incubators and hubs supporting founders ...
Go to External Site
The National Commission for Scheduled Castes (NCSC) has taken suo motu cognisance of the death of a postgraduate medical student in a private ...
Go to External Site
Windows updates incorporating the revised AMD microcode should arrive via Windows Update. Virtualization and Hypervisor Controls. Cloud providers ...
Go to External Site
Microsoft has fixed an issue that affected Windows Server Update Services (WSUS), a tool many businesses use to manage and distribute Windows updates ...
Go to External Site
The recall highlights a critical vulnerability: If Walmart's quality control processes failed to detect the lid design flaw over eight years, it ...
Go to External Site
Cyber criminals now use AI to improvise their phishing attempts–by eliminating spelling and grammar errors and crafting more believable emails.
Go to External Site
A sophisticated malware campaign has emerged exploiting the trusted GitHub platform to distribute malicious software disguised as legitimate tools ...
Go to External Site
The GodFather 2.0 malware uses advanced virtualization techniques to create copies of your apps, enabling it to bypass security measures and steal ...
Go to External Site
CYFIRMA has discovered a sophisticated cyberattack campaign in which threat actors are using GitHub to host and disseminate malware.
Go to External Site
... critical vulnerability in an era of geopolitical tension. By guaranteeing a 15% equity stake, a $110/kg price floor for key rare earths, and ...
Go to External Site
... 12 (Part 1): Underground LLMs — Scams, Jailbreaks, and Poetic Justice. 9 views · 17 minutes ago ...more. Cisco Talos Intelligence Group. 5.37K.
Go to External Site
Cisco Talos' Vulnerability Discovery & Research team recently disclosed two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat products.
Go to External Site
Cisco Talos has observed a growing use of uncensored, jailbroken and criminal-designed LLMs to support phishing, malware development, and other ...
Go to External Site
AI in the Wrong Hands? @Cisco Talos Uncovers the Dark Side Cybercriminals are now weaponizing AI to scale attacks Jailbroken LLMs generating ...
Go to External Site
Previous ArticleCisco Talos report shows LLMs are being weaponised by cybercriminals. Related Articles. Most Read in Home-Slide. Ericsson reinforces ...
Go to External Site
Fortinet revealed persistent gaps, pointing to critical areas where organizations must strengthen their defenses as IT and OT (operational ...
Go to External Site
Learn how cybercriminals create fake online stores in online shopping scams to trick consumers into sharing personal info or sending money.
Go to External Site
It doesn't even include browser-level protection against malicious and fraudulent websites. With its Windows equivalent, you get a firewall, ...
Go to External Site
A critical vulnerability in mcp-remote (CVE-2025-6514) allows remote code execution, affecting 437000+ users.
Go to External Site
Proof-of-Concept (PoC) exploits for a critical vulnerability, tracked as CVE-2025-5777 and dubbed CitrixBleed2, affecting Citrix NetScaler ADC and ...
Go to External Site
Microsoft is out with one of its biggest Windows updates, showcasing the company's continued strive to make it a better OS. By Fahd Temsamani. Jul ...
Go to External Site
This problem is delaying the deployment of critical Windows updates across enterprise environments that depend on WSUS for patch management. Windows ...
Go to External Site
... Windows updates, and it could make everyone's life easier. Latest in Macs. Apple Mac Mini M4. Quick! The tiny but mighty Mac mini is cheaper than ...
Go to External Site
Go to the Microsoft Intune admin center, and navigate to Devices > Windows updates > Quality updates. Select Create Windows quality update policy ...
Go to External Site
Cascading failures are a critical vulnerability of complex information or infrastructure networks. Here we investigate the properties of load ...
Go to External Site
Critical Vulnerability in Kia Cars Allowed Arbitrary Remote Control ...
Go to External Site
The cannabis sector is booming, but a critical vulnerability threatens to blunt its momentum. Chris Sullivan (pictured), commercial practice ...
Go to External Site
A critical remote code execution vulnerability in GeoServer has become a prime target for cybercriminals deploying cryptocurrency mining malware ...
Go to External Site
Partners have a huge opportunity to protect SMBs from cyber threats, as Malwarebytes' Brian Kane explains in this episode of Coffee with Craig and ...
Go to External Site
Eli Smadja, global research group manager at Check Point, provided a detailed overview of Africa's evolving cyber threat landscape, which he said is ...
Go to External Site
Cybersecurity hackathon at NCSC 2025. As part of the National Cyber Security Conference activities, on Day 1, July 9, the MDAs Hackathon showcased ...
Go to External Site
... (NCSC). Active lives, daily routines: How Sun City West Senior community keeps moving. “In fact we have reason to believe there've been two major ...
Go to External Site
That's where CloudIBN steps in — securing outsourcing operations through powerful VAPT Services (Vulnerability Assessment and Penetration Testing).
Go to External Site
Legacy systems still in use may not be patched regularly, and penetration testing is rarely conducted, creating ripe conditions for exploitation.
Go to External Site
Cary, North Carolina, July 10th, 2025, CyberNewsWire. Industry's Most Comprehensive Mobile Application Penetration Testing Program Addresses ...
Go to External Site
The malware's data exfiltration scope is staggeringly broad, targeting system information, browser credentials, cryptocurrency wallets, and even ...
Go to External Site
Cons · No detection of malicious or fraudulent websites · No scores from independent testing labs · Does not detect Windows malware ...
Go to External Site
Security pros advised to patch the bugs as CISA warns that they have been actively exploited. botnet bot-net computer virus · Threat Intelligence ...
Go to External Site
A critical vulnerability in ServiceNow's widely-used enterprise platform that could enable attackers to extract sensitive data.
Go to External Site
Human risk remains a critical vulnerability too as social engineering is responsible for 22 percent of breaches in manufacturing organizations.
Go to External Site
The most critical vulnerability, designated CVE-2025-6948 with a CVSS score of 8.7, affects all versions from 17.11 before 17.11.6, 18.0 before ...
Go to External Site
For example, if a SAST scanner detects a critical vulnerability, the developer must either resolve it or obtain approval from the security team before ...
Go to External Site
A critical vulnerability CVE-2025-6514 with a CVSS score of 9.6 affecting the mcp-remote project allows attackers to achieve arbitrary operating ...
Go to External Site
A critical vulnerability CVE-2025-6514 with a CVSS score of... CISO Corner. How to Conduct a Secure Code Review – Tools and Techniques · CISO ...
Go to External Site
Security researchers have identified a critical vulnerability in ServiceNow's... CVE/vulnerability · CISA Warns ValveLink Products May Expose ...
Go to External Site
Scam websites are spreading malware through Google Search. Learn how fake sites are manipulating SEO to distribute malicious software like Oyster.
Go to External Site
Kathy Gibson reports – Researchers have uncovered new malware threats that use artificial intelligence (AI) to bypass existing malware detection.
Go to External Site
Android malware Anatsa infiltrates Google Play to target US banks ... malware, data breach incidents, and hacks. Previous Article · Next Article ...
Go to External Site
... malware in the past year. Data from Absolute Security, which surveyed 500 CISOs based in the US through Censuswide, found 72% of respondents ...
Go to External Site
In a recent cyber threat investigation, researchers at CYFIRMA have uncovered an active malware campaign exploiting GitHub.
Go to External Site
... malware. ClickFix campaigns are on the rise. We highlight three that distributed NetSupport RAT, Latrodectus, and Lumma Stealer malware.
Go to External Site
Elastic Security Labs has identified multiple financially motivated malware campaigns leveraging the commercial AV/EDR evasion framework, ...
Go to External Site
Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via ...
Go to External Site
But here's the rub: the report said Avery's "model was able to generate malware capable of totally bypassing Microsoft Defender for Endpoint about 8% ...
Go to External Site
ZuRu malware continues to prey on macOS users seeking legitimate business tools, adapting its loader and C2 techniques to backdoor its targets.
Go to External Site
Intentional weakening of browsing protections · Of 45 known Chrome extensions, 12 are now inactive. Some of the extensions were removed for malware ...
Go to External Site
Zimperium has revealed new zLabs research, detailing an advanced evolution of mobile attackers using a GodFather Android banking trojan.
Go to External Site
The malware campaign represents a significant escalation in automated web scraping attacks, leveraging a globally distributed infrastructure with ...
Go to External Site
Hackers are flooding open source repositories with malware designed to steal secrets, hijack cloud accounts, and quietly infiltrate the software ...
Go to External Site
... malware campaign that uses fake websites to distribute malicious software. These scams are particularly dangerous because they mimic legitimate ...
Go to External Site
Researchers from Outflank have trained an open-source AI model to generate malware that evades Microsoft Defender 8% of the time.
Go to External Site
Updated AMOS malware gains persistent backdoor Infosecurity Magazine reports that Atomic macOS Stealer, or AMOS, malware has once again been ...
Go to External Site
Further analysis revealed that malware had been added to the extensions much later through updates. "Due to how Google and Microsoft handle ...
Go to External Site
A cryptocurrency social engineering campaign uses fake AI and gaming companies to deliver malware on Windows and macOS, draining digital assets.
Go to External Site
The Co-op reportedly avoided the ransomware by pulling down its own network before the hackers could activate the malware. Harrods, too, said it ...
Go to External Site
The global rare earth supply chain faces a critical vulnerability—overwhelming dependence on a single source. China controls approximately 70% of ...
Go to External Site
Explore 35+ top penetration testing tools and cutting-edge AI pentesting solutions to strengthen cybersecurity in 2025.
Go to External Site
Researchers at penetration testing and threat intelligence firm PCA Cyber Security (formerly PCAutomotive) have discovered that critical ...
Go to External Site
To prevent further abuse, Funcom is rolling out additional server-side security upgrades and conducting penetration testing as part of its upcoming ...
Go to External Site
The security researchers identified multiple critical vulnerabilities through systematic penetration testing of the McHire platform. Their ...
Go to External Site
CyberFirst, a programme led by the UK's National Cyber Security Centre (NCSC), celebrates excellence in cyber education and engagement. The Gold ...
Go to External Site
Fortinet has released security updates to address a critical vulnerability (CVE-2025-25257) affecting their FortiWeb products. Impact. Successful ...
Go to External Site
The power sector remains a critical vulnerability, with $3.1 billion in legacy debts and an additional $3.7 billion required to clear arrears.
Go to External Site
As the U.S. faces a critical vulnerability in its supply chain concerning the rare earth supply, MP Materials Corp.
Go to External Site
SAP Fixes Critical Vulnerability After Evidence of Exploitation · News 25 Apr 2025. MITRE Unveils Top 25 Most Critical Software Flaws · News 22 Nov ...
Go to External Site
Black Kite researchers found that 31 out of 140 vendors have at least one critical vulnerability with a CVSS at or above 8, and 15 vendors show an ...
Go to External Site
This dual-support requirement creates a critical vulnerability window that attackers can exploit to break the fundamental security assumptions of ...
Go to External Site
... critical vulnerability. NATO's intensified focus on securing subsea assets, driven by escalating geopolitical tensions and technological ...
Go to External Site
Critical vulnerability in Linux tool sudo. The critical vulnerability CVE-2025-32463 affects the UNIX and Linux tool sudo and allows local ...
Go to External Site
They say they then convinced victims to install a computer virus, and afterwards a separate team would use that virus to gain access to victims online ...
Go to External Site
Learn about Lumma malware, considered to be one of the most prolific infostealers on the market today, and how organizations can detect and ...
Go to External Site
The malware consists of the following malicious components: a VBA script and two executable files.” The research indicates that the theme of the ...
Go to External Site
Hackers use SEO to rank fake sites mimicking PuTTY and WinSCP, tricking users into downloading malware. The malware silently runs in the ...
Go to External Site
This is a serious headache for businesses and organizations that rely on WSUS to manage Windows updates across networks. Reports of errors have ...
Go to External Site
Almost half (48%) of mobile banking apps still contained at least one critical vulnerability. In 52% of cases, attackers could exploit ...
Go to External Site
Cybersecurity researchers have uncovered a new ransomware strain that is drawing attention for its minimalist yet dangerously effective design.
Go to External Site
Malicious actors continuously evolve their tactics to evade detection in today's dynamic cybersecurity landscape. Among these, script-based ...
Go to External Site
A critical vulnerability in the game allowed hackers to take control of the users' computers. After a wave of such reports, Activision made the ...
Go to External Site
Richard Horne, CEO of NCSC, speaking at the CYBERUK 2025 conference. The government is taking the cybersecurity threat to businesses very ...
Go to External Site
Speaking in Abuja, yesterday, on the readiness of the country to tackle the menace of cybercrime at the maiden National Cybersecurity Conference (NCSC) ...
Go to External Site
The hackers combined code from two malware types, known as Nymaim and Gozi, to create GozNym, a Trojan both persistent and powerful, according to ...
Go to External Site
Transport Layer Security malware rose by 11 percentage points, indicating encrypted channels as a primary attack vector. Endpoint threats saw dramatic ...
Go to External Site
Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as ...
Go to External Site
It admitted that the bug has resulted in customers not being able to deploy Windows updates via WSUS and Configuration Manager. Although manual ...
Go to External Site
... critical vulnerability in national security,” industry veteran Friedland told the Financial Times. “I commend the Trump administration for doing ...
Go to External Site
A critical vulnerability impacting Citrix NetScaler has been reported. It has been assigned the reference CVE-2025- 5777 and a CVSS 3.1 score of ...
Go to External Site
Microsoft Defender for Endpoint, Business and AV, Microsoft 365 Business Premium, E3 and E5 licenses are now enhanced with Huntress' security products ...
Go to External Site
There have been reports of threat actors using a social engineering technique known as ClickFix to trick potential victims into executing ...
Go to External Site
Atomic Stealer (AMOS), one of the most dangerous infostealer malware threats on the macOS ecosystem, just got a significant upgrade that makes it ...
Go to External Site
DoNot APT, likely an India-linked cyberespionage group, targets European foreign ministries with LoptikMod malware.
Go to External Site
The malware is called Treasurehunt and it was developed by a group of hackers that go by the name of Bears. The experts say Treasurehunt is hard ...
Go to External Site
Security researchers have released a technical analysis and proof-of-concept exploit code for a critical vulnerability fixed last month in Citrix ...
Go to External Site