SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf. [...]
Pi-hole, a popular network-level ad-blocker, has disclosed that donor names and email addresses were exposed through a security vulnerability in the GiveWP WordPress donation plugin. [...]
As part of our commitment to cloud workload security and transparency, today, we’re introducing a new, lightweight audit-only mode for Access Approval to enable access approvals in an “on demand only” model. This new capability is available at no extra charge in the Security section of the Google …
Victims fear leak at Everglades Correctional Institution could lead to violent extortion A data breach at a Florida prison has inmates' families concerned for their welfare after their contact details were allegedly leaked to convicted criminals.... [...]
A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges. [...]
Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy …
The Zero Day Initiative is offering a $1 million reward to security researchers who will demonstrate a zero-click WhatsApp exploit at its upcoming Pwn2Own Ireland 2025 hacking contest. [...]
Criminals used undocumented techniques and well-placed insiders to remotely withdraw money A ring of cybercriminals managed to physically implant a Raspberry Pi on a bank's network to steal cash from an Indonesian ATM.... [...]
Workers on joint US/UK/Australia nuclear submarine program are painting a target on themselves The Director-General of Security at the Australian Security Intelligence Organization (ASIO) has lamented the fact that many people list their work in the intelligence community or on sensitive military projects in their LinkedIn profiles …
Russian-state hackers are targeting foreign embassies in Moscow with custom malware that gets installed using adversary-in-the-middle attacks that operate at the ISP level, Microsoft warned Thursday. The campaign has been ongoing since last year. It leverages ISPs in that country, which are obligated to work on behalf of the …
Recent security research has highlighted the importance of CI/CD pipeline configurations, as documented in AWS Security Bulletin AWS-2025-016. This post pulls together existing guidance and recommendations into one guide. Continuous integration and continuous deployment (CI/CD) practices help development teams deliver software efficiently and reliably. AWS CodeBuild provides …
Crims warned 40% of respondents that they and their families would suffer Ransomware gangs now frequently threaten physical violence against employees and their families as a way to force victim organizations into paying their demands.... [...]
Illumina allegedly lied about its testing devices meeting government standards Biotech firm Illumina has agreed to cut the US government a check for the eminently affordable amount of $9.8 million to resolve allegations that it has been selling the feds genetic testing systems riddled with security vulnerabilities the …
Cybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apple's new containerization framework. [...]
Microsoft has announced that it will start disabling external workbook links to blocked file types by default between October 2025 and July 2026. [...]
No way this will be abused Microsoft has upgraded Azure AI Speech so that users can rapidly generate a voice replica with just a few seconds of sampled speech.... [...]
As introduced in Part 1 of this series, implementing secure file sharing solutions in AWS requires a comprehensive understanding of your organization’s needs and constraints. Before selecting a specific solution, organizations must evaluate five fundamental areas: access patterns and scale, technical requirements, security and compliance, operational requirements, and …
Microsoft has expanded its.NET bug bounty program and increased rewards to $40,000 for some.NET and ASP.NET Core vulnerabilities. [...]
Securely share sensitive data with time-limited, nonce-enhanced presigned URLs that prevent replay attacks, minimizing exposure risks through granular access controls and rigorous monitoring. [...]
H20 silicon under the microscope after slipping through US export bans China's internet watchdog has hauled Nvidia in for a grilling over alleged backdoors in its H20 chips, the latest twist in the increasingly paranoid semiconductor spat between Washington and Beijing.... [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors. [...]
Russia spying on foreign embassies? Say it ain't so Russian cyberspies are abusing local internet service providers' networks to target foreign embassies in Moscow and collect intel from diplomats' devices, according to a Microsoft Threat Intelligence warning.... [...]
Google Cloud is committed to being a trusted partner for customers who are navigating AI regulations in Europe. We have long understood that this requires a proactive and collaborative approach in order to ensure Europeans can access secure, first-rate AI tools as they become available. This week, Google announced …
Microsoft warns that a cyber-espionage group linked to Russia's Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers. [...]
US court docs reveal that infamous Chinese snoops filed IP papers like tax returns Security researchers have uncovered more than a dozen patents for offensive cybersecurity tools filed by Chinese companies allegedly tied to Beijing's Silk Typhoon espionage crew.... [...]
ClickFix abuses clipboards. FileFix hijacks File Explorer. Both social engineering attacks start in the browser—and end in malware. See how Keep Aware stops these stealthy attacks before they break out of the browser in a run down of a real attack. [...]
Regulators around the globe pay attention as results of 21-month cloud probe published Britain's competition regulator says Microsoft and AWS are using their dominance to harm UK cloud customers and proposes to designate both with strategic market status (SMS) to take action against them.... [...]
Researchers have found that in roughly 80% of cases, spikes in malicious activity like network reconnaissance, targeted scanning, and brute-forcing attempts targeting edge networking devices are a precursor to the disclosure of new security vulnerabilities (CVEs) within six weeks. [...]
Government officials say they are monitoring the situation A major supplier of healthcare equipment to the UK's National Health Service and local councils is on the verge of collapse 16 months after falling victim to cyber criminals.... [...]
Peter Gutmann and Stephan Neuhaus have a new paper —I think it’s new, even though it has a March 2025 date—that makes the argument that we shouldn’t trust any of the quantum factorization benchmarks, because everyone has been cooking the books: Similarly, quantum factorisation is performed …
Proton has launched Proton Authenticator, a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. [...]
UK's Online Safety Act kicks off about as well as everyone expected Analysis With the UK's Online Safety Act (OSA) now in effect, it was only a matter of time before tech-savvy under-18s figured out how to bypass the rules and regain access to adult content.... [...]
Italian operator calls for lawmakers to wake up to the critical role played by peering Internet Exchange Points are an underappreciated resource that all internet users rely on, but governments have unfortunately ignored them, despite their status as critical infrastructure.... [...]
Infosec issues spill into the real world and regional politics Analysis Thai and Cambodian tensions relating to issues including cybersecurity concerns boiled over into a kinetic skirmish at the border last week.... [...]
Few passengers are told they can opt out, and when they do, airport staff may push back US lawmakers are trying to extend the use of facial recognition at airports, despite many airline passengers objecting to the practice.... [...]
Hackers planted a Raspberry Pi equipped with a 4G modem in the network of an unnamed bank in an attempt to siphon money out of the financial institution's ATM system, researchers reported Wednesday. The researchers with security firm Group-IB said the “unprecedented tactic allowed the attackers to bypass perimeter …
A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. [...]
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. [...]
July 30, 2025: This post has been republished to migrate the Amazon EC2 Oracle Transparent Data Encryption database encryption keystore to AWS CloudHSM using AWS CloudHSM Client SDK 5. Encrypting databases is crucial for protecting sensitive data, helping you to be aligned with security regulations and safeguarding against data …
Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here’s a closer look at the social engineering tactics and remarkable traits …
IBM report shows a rush to embrace technology without safeguarding it, and as for governance... Organizations rushing to implement AI are neglecting security and governance, IBM claims, with attackers already taking advantage of lax protocols to target models and applications.... [...]
The SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company's compromised systems earlier this month. [...]
Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover. [...]
Read-only in weeks, deleted forever in months Dropbox has given users of its password manager until the end of October to extract their data before pulling the plug on the service.... [...]
'This was a deliberate, coordinated, digital attack' Minnesota Governor Tim Walz has activated the state's National Guard and declared a state of emergency in response to a cyberattack on the city of Saint Paul.... [...]
The UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank's network to bypass security defenses in a newly discovered attack. [...]
Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. [...]
Welcome to the second Cloud CISO Perspectives for July 2025. Today, Andy Wen, director, product management, Workspace Security, discusses new efforts we’re making to defend against identity-based cyberattacks. As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you …
The lure? Identity security and privileged access management tools to verify humans and... machines Palo Alto Networks will buy Israeli security biz CyberArk in a $25 billion cash-and-stock deal confirmed today.... [...]
Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmware Interface). [...]