Threat actors are leveraging sophisticated phishing campaigns by creating fake Microsoft OAuth applications to impersonate legitimate enterprises, enabling credential theft while bypassing multifactor authentication (MFA). Proofpoint researchers have tracked this activity since early 2025, identifying over 50 impersonated applications, including…
Search Engines Are Indexing ChatGPT Chats — Here’s What Our OSINT Found
A significant privacy breach has emerged in the artificial intelligence landscape, as ChatGPT shared conversations are being indexed by major search engines, effectively transforming private exchanges into publicly discoverable content accessible to millions of users worldwide. This discovery has exposed…
This month in security with Tony Anscombe – July 2025 edition
Here’s a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025 This article has been indexed from WeLiveSecurity Read the original article: This month in security with Tony Anscombe – July…
Emerging Koske Malware Leverages Visual Deception on Linux Platforms
The new Linux malware strain, Kosk, has emerged in a striking demonstration of how artificial intelligence is being used to fight cybercrime. In a remarkable development in how cybercrime intersects with artificial intelligence, the malware uses stealthy delivery mechanisms…
You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them
Just as triathletes know that peak performance requires more than expensive gear, cybersecurity teams are discovering that AI success depends less on the tools they deploy and more on the data that powers them The junk food problem in cybersecurity…
Threat Actors Exploit Proofpoint and Intermedia Link Wrapping to Conceal Phishing Payloads
Cybercriminals are increasingly exploiting link wrapping features from vendors like Proofpoint and Intermedia to mask malicious payloads, leveraging the inherent trust users place in these security tools. Link wrapping, intended as a protective measure, reroutes URLs through vendor scanning services…
APT36 Hackers Target Indian Railways, Oil, and Government Systems Using Malicious PDF Files
The Pakistan-linked threat group APT36, also known as Transparent Tribe, has broadened its cyber operations beyond traditional military targets to encompass Indian railways, oil and gas infrastructure, and the Ministry of External Affairs. Security researchers have uncovered two sophisticated desktop-based…
LLMs Boost Offensive R&D by Identifying and Exploiting Trapped COM Objects
Outflank is pioneering the integration of large language models (LLMs) to expedite research and development workflows while maintaining rigorous quality standards. This approach allows teams to focus on refining and testing techniques for their Outflank Security Tooling (OST) suite, which…
The best free software uninstallers of 2025: Expert tested
Annoyed by unwanted software that doesn’t seem to want to leave your PC? These are the best free software uninstallers to tackle the problem. This article has been indexed from Latest news Read the original article: The best free software…
Google releases its award-winning Math Olympiad model, but it’ll come at a price
The $250 per month Google Ultra subscription just got more enticing. This article has been indexed from Latest news Read the original article: Google releases its award-winning Math Olympiad model, but it’ll come at a price
ToolShell under siege: Check Point analyzes Chinese APT Storm-2603
Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants named AK47HTTP and AK47DNS. Check Point Research is tracking a ToolShell campaign exploiting four Microsoft SharePoint flaws, linking it to China-nexus groups…
Spying on People Through Airportr Luggage Delivery Service
Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able…
Microsoft Upgrades .NET Bounty Program with Rewards to Researchers Up to $40,000
Microsoft has significantly enhanced its .NET bounty program, announcing substantial updates that expand the program’s scope, streamline award structures, and provide greater incentives for cybersecurity researchers. The enhanced program now offers rewards of up to $40,000 USD for identifying critical…
Threat Actors Abuse Proofpoint’s and Intermedia’s Link Wrapping Features to Hide Phishing Payloads
The latest wave of credential-phishing campaigns has revealed an unexpectedly convenient ally for threat actors: the very e-mail security suites meant to protect users. First observed in late July 2025, multiple phishing clusters began embedding malicious URLs inside the legitimate…
CISA Issues ICS Advisories for Rockwell Automation Using VMware, and Güralp Seismic Monitoring Systems
CISA released two high-severity Industrial Control Systems (ICS) advisories on July 31, 2025, highlighting critical vulnerabilities in widely deployed industrial equipment that could enable remote attackers to manipulate critical infrastructure systems. The flaws affect seismic monitoring devices and virtualized industrial…
Cybercrooks attached Raspberry Pi to bank network and drained ATM cash
Criminals used undocumented techniques and well-placed insiders to remotely withdraw money A ring of cybercriminals managed to physically implant a Raspberry Pi on a bank’s network to steal cash from an Indonesian ATM.… This article has been indexed from The…
IT Security News Hourly Summary 2025-08-01 12h : 8 posts
8 posts were published in the last hour 10:3 : Microsoft to Block External Workbook Links to Unsafe File Types by Default 10:3 : The best laptop cooling pads of 2025: Expert tested 10:3 : Storm-2603 Deploys DNS-Controlled Backdoor in…
Cyber Risk Management Firm Safe Raises $70 Million
Safe has raised $70 million in Series C funding to advance cyber risk management through specialized AI agents. The post Cyber Risk Management Firm Safe Raises $70 Million appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Hackers Regularly Exploit Vulnerabilities Before Public Disclosure, Study Finds
Spikes in attacker activity precede the disclosure of vulnerabilities 80% of the time, according to a new GreyNoise report This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Regularly Exploit Vulnerabilities Before Public Disclosure, Study Finds
Secret Blizzard Targets Moscow-Based Embassies in New Espionage Campaign
Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems This article has been indexed from www.infosecurity-magazine.com Read the original article: Secret Blizzard Targets Moscow-Based Embassies in New…
Microsoft to Block External Workbook Links to Unsafe File Types by Default
Microsoft announced a significant security enhancement for Excel users, revealing plans to block external workbook links to unsafe file types by default starting in October 2025. This major change aims to strengthen workbook security by preventing potential security vulnerabilities that…
The best laptop cooling pads of 2025: Expert tested
We tested the best laptop cooling pads to keep your device running smooth with powerful cooling, RGB lights, high RPM and more. This article has been indexed from Latest news Read the original article: The best laptop cooling pads of…
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks
The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations. The framework includes at least two different…
WhatsApp 0-Click RCE Exploit Worth $1 Million at Pwn2Own Ireland 2025
Cybersecurity researchers have a massive incentive to target WhatsApp this fall, as the Zero Day Initiative (ZDI) announced a record-breaking $1 million bounty for a zero-click remote code execution exploit against the popular messaging platform at Pwn2Own Ireland 2025. The…
The best printers of 2025: Your home office is about to get so much better
I tested the best printers of 2025 to find the fastest, sharpest, and most reliable models for everything from remote work to summer photo projects. This article has been indexed from Latest news Read the original article: The best printers…
Own a Samsung phone? 10 settings I always change first for the best user experience
Samsung packs its phones with clever features, but you’re probably not taking advantage of all of them. Here are a few you might be overlooking. This article has been indexed from Latest news Read the original article: Own a Samsung…
Echo Raises $15M in Seed Funding for Vulnerability-Free Container Images
Echo received funding for creating thousands of container images that are not affected by any CVE, for enterprise-grade software infrastructure. The post Echo Raises $15M in Seed Funding for Vulnerability-Free Container Images appeared first on SecurityWeek. This article has been…