23174
🗞 The finest daily news on cybersecurity and privacy. 🔔 Daily releases. 💻 Is your online life secure? 📩 lalilolalo.dev@gmail.com
🕵️♂️ Why Cybersecurity Still Matters for America's Schools 🕵️♂️Cyberattacks on educational institutions are growing. But with budget constraints and funding shortfalls, leadership teams are questioning whether and how they can keep their institutions safe.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🕵️♂️ China-Backed Salt Typhoon Hacks US National Guard for Nearly a Year 🕵️♂️Between March and December of last year, infamous Chinese statesponsored APT Salt Typhoon gained access to sensitive US National Guard data.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📔 Most European Financial Firms Still Lagging on DORA Compliance 📔A Veeam survey found that 96 of financial services organizations believe their current levels of data resilience falls short of DORA compliance, citing major challenges.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Microsoft Exposes Scattered Spider’s Latest Tactics 📔Microsoft has reported Scattered Spider continues to evolve tactics to compromise both onpremises infrastructure and cloud environments.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 AI Cloaking Tools Enable Harder-to-Detect Cyber-Attacks 📔Cybercriminals are using AI cloaking tools to evade detection, disguising phishing and malware sites.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code 🖋️Cisco has disclosed a new maximumseverity security vulnerability impacting Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISEPIC that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges. Tracked as CVE202520337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE202520281, which was patched.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ CTEM vs ASM vs Vulnerability Management: What Security Leaders Need to Know in 2025 🖋️The modernday threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive and reactive, and in most cases, ineffective against emerging threats and sophisticated threat actors. Prioritizing cybersecurity means implementing more proactive, adaptive, and actionable measures that can work together to effectively address the.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner 🖋️Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys. The vulnerability in question is CVE202141773 CVSS score 7.5, a highseverity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution. "The attacker leverages.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
📢 Neglecting printer security is leaving you wide open to cyber attacks 📢Enterprises are ignoring printer security risks and failing to update, according to HP Wolf Security, leaving them vulnerable to cyber attacks.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
📢 Despite the hype, cybersecurity teams are still taking a cautious approach to using AI tools 📢Research from ISC2 shows the appetite for AI tools in cybersecurity is growing, but professionals are taking a far more cautious approach than other industries.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🕵️♂️ ISC2 Finds Orgs Are Increasingly Leaning on AI 🕵️♂️While many organizations are eagerly integrating AI into their workflows and cybersecurity practices, some remain undecided and even concerned about potential drawbacks of AI deployment.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
📔 Education Sector is Most Exposed to Remote Attacks 📔CyCognito research finds that a third of education sector APIs, web apps and cloud assets are exposed to attack.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Retail Ransomware Attacks Jump 58% Globally in Q2 2025 📔BlackFog found that publicly disclosed ransomware attacks on retail grew significantly in Q2 compared to Q1, with UK firms heavily targeted.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Pro-Russian Cybercrime Network Demolished in Operation Eastwood 📔A Europol coordinated operation has taken down key infrastructure used by proRussian hacktivist group NoName05716, as well as a number of arrests.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act 🖋️Google on Tuesday revealed that its large language model LLMassisted vulnerability discovery framework discovered a security flaw in the SQLite opensource database engine before it could have been exploited in the wild. The vulnerability, tracked as CVE20256965 CVSS score 7.2, is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🕵️♂️ AI Driving the Adoption of Confidential Computing 🕵️♂️After years of hanging out in the wild, confidential computing is getting closer to an AI model near you.
📖 Read more.
🔗 Via "Dark Reading"
----------
👁️ Seen on @cibsecurity
🦅 Scanception: A QRiosity-Driven Phishing Campaign 🦅 Executive summary CRIL has been closely tracking a widespread and ongoing quishing campaign, which we have dubbed "Scanception". This campaign leverages QR codebased delivery mechanisms to distribute credentialharvesting URLs. The attack chain typically begins with a phishing email containing a PDF lure that urges recipients to scan an embedded QR code. This technique effectively bypasses traditional email security and endpoint protection controls by shifting the attack surface to unmanaged personal mobile devices that typically fall outside the organizations security perimeter. A factor to note is that this campaign remains active at the time of publishing and continues to evolve, with new variants and lure themes regularly emerging across multiple sectors. Over the past th...
📖 Read more.
🔗 Via "CYBLE"
----------
👁️ Seen on @cibsecurity
📔 US Data Breaches Head for Another Record Year After 11% Surge 📔There were 1732 publicly reported US data breaches in the first half of 2025, according to the latest ITRC report.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 One in 12 US/UK Employees Uses Chinese GenAI Tools 📔Harmonic Security raises the alarm as one in 12 British and American employees uses Chinese GenAI tools.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Malware-as-a-Service Campaign Exploits GitHub to Deliver Payloads 📔A new malware campaign uses GitHub to deliver payloads via Amadey botnet, bypassing email distribution.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors 🖋️The Taiwanese semiconductor industry has become the target of spearphishing campaigns undertaken by three Chinese statesponsored threat actors. "Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🖋️ Europol Disrupts NoName057(16) Hacktivist Group Linked to DDoS Attacks Against Ukraine 🖋️An international operation coordinated by Europol has disrupted the infrastructure of a proRussian hacktivist group known as NoName05716 that has been linked to a string of distributed denialofservice DDoS attacks against Ukraine and its allies. The actions have led to the dismantling of a major part of the group's central server infrastructure and more than 100 systems across the world.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity
🦿 Hackers Can Hide Malicious Code in Gemini’s Email Summaries 🦿A recently discovered promptinjection flaw in Googles Gemini makes it possible for hackers to target unsuspecting users in sophisticated phishing attacks.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📢 A new, silent social engineering attack is being used by hackers – and your security systems might not notice until it’s too late 📢Security researchers have warned the 'FileFix' technique, which builds on the notorious 'ClickFix' tactic, is being used in the wild by threat actors.
📖 Read more.
🔗 Via "ITPro"
----------
👁️ Seen on @cibsecurity
🦿 Google’s Big Sleep Foils Hackers by Spotting SQLite Flaw Before Exploit 🦿Googles Big Sleep AI agentic system spotted a zeroday SQLite bug after threat signals emerged, preventing hackers from exploiting the flaw before it was disclosed.
📖 Read more.
🔗 Via "Tech Republic"
----------
👁️ Seen on @cibsecurity
📔 Co-op Aims to Divert More Young Hackers into Cyber Careers 📔The Coop is teaming up with The Hacking Games to inspire pathways into ethical cybersecurity careers.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Cloudflare Blocks Record-Breaking 7.3 Tbps DDoS Attack 📔Cloudflare highlighted a huge rise in hypervolumetric DDoS attacks in Q2 2025, with attackers seeking to overwhelm defenses.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 Over 5.4 Million Affected in Healthcare Data Breach at Episource 📔A data breach at Episource has exposed the personal information of 5.4 million individuals after attackers accessed systems for 10 days.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
📔 SquidLoader Malware Campaign Targets Hong Kong Financial Sector 📔A new malware campaign targeting Hong Kong finance has been identified, featuring SquidLoader to deploy Cobalt Strike Beacon.
📖 Read more.
🔗 Via "Infosecurity Magazine"
----------
👁️ Seen on @cibsecurity
🖋️ Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild 🖋️Google on Tuesday rolled out fixes for six security issues in its Chrome web browser, including one that it said has been exploited in the wild. The highseverity vulnerability in question is CVE20256558 CVSS score 8.8, which has been described as an incorrect validation of untrusted input in the browser's ANGLE and GPU components. "Insufficient validation of untrusted input in ANGLE and.
📖 Read more.
🔗 Via "The Hacker News"
----------
👁️ Seen on @cibsecurity