Security
EU can’t attract and retain cyber talent: why?
Both public and private organizations in critical sectors across the European Union are finding it difficult to attract and retain cybersecurity professionals, ENISA (the European Union Agency for Cybersecurity) says.
Read more about EU can’t attract and retain cyber talent: why?
Chinese state hackers attended Cisco cybersec training, researcher claims
Two Chinese hackers accused of running one of Beijing’s biggest cyber-espionage campaigns may have first learned their craft in a beginner-level Cisco training program.
Read more about Chinese state hackers attended Cisco cybersec training, researcher claims
Feds charge former Accenture employee for misleading them on cloud security
A former product manager at Accenture repeatedly lied to the company’s government customers about the compliance of its cloud product with security regulations. Now, she’s been charged by the Justice Department.
Read more about Feds charge former Accenture employee for misleading them on cloud security
React, Next.js disclose follow-up vulnerabilities, again urge users to patch immediately
Web server admins must scramble to update their backend servers again after React and Next.js disclosed two additional follow-up vulnerabilities related to last week’s discovery of a critical bug.
Read more about React, Next.js disclose follow-up vulnerabilities, again urge users to patch immediately
Google rushes Chrome updates after new vulnerability found exploited in wild
Chrome users are racing against active attackers after Google confirmed a newly patched vulnerability is already being exploited in the wild. Clues lead to Google’s WebGL engine.
Read more about Google rushes Chrome updates after new vulnerability found exploited in wild
Microsoft urges users to change passwords, as the Dune-inspired worm hits again
A resurrected and more vicious Shai-Hulud worm is silently tearing through the software supply chain, compromising developers and cloud pipelines at scale.
Read more about Microsoft urges users to change passwords, as the Dune-inspired worm hits again
Google launches Android emergency live video to stream 911 calls in real time
Google’s Android Emergency Live Video lets users stream live footage to 911 dispatchers, giving first responders vital real-time context to save lives faster.
Read more about Google launches Android emergency live video to stream 911 calls in real time
Newly identified ransomware can execute total takeover of compromised devices
Droidlock, a new type of malware more accurately classified as ransomware, has the ability to lock device screens with a ransomware-like overlay and illegally acquire app lock credentials. This then leads to a total takeover of the compromised device.
Read more about Newly identified ransomware can execute total takeover of compromised devices
Bitdefender launches free phone number lookup tool to combat scammers
Bitdefender, a cybersecurity company, has launched a free and unlimited “Reverse Phone Lookup” tool that assesses whether unknown numbers are linked to spam or scams.
Read more about Bitdefender launches free phone number lookup tool to combat scammers
Free spy tool can track 3 billion WhatsApp users, drain batteries and data limits
A tool for tracking over three billion WhatsApp and Signal users has been publicly released. Just by knowing the phone number, attackers can determine when users come home, when they are actively using the phone, when they go to sleep, or when they are offline. They can also drain batteries and data limits without the users noticing anything.
Read more about Free spy tool can track 3 billion WhatsApp users, drain batteries and data limits
Fortinet, Ivanti, SAP release urgent patches for critical security vulnerabilities
Cybersecurity and software companies Fortinet, Ivanti, and SAP have all dropped patches to address critical security flaws in their products that could result in an authentication bypass and code execution if successfully exploited.
Read more about Fortinet, Ivanti, SAP release urgent patches for critical security vulnerabilities
Google fixes GeminiJack zero-click exposing corporate Gmail, Calendar invites, shared Docs
A newly uncovered AI injection prompt vulnerability in the Google Gemini enterprise AI ecosystem – allowing attackers to steal sensitive Gmail, Docs, and Calendar data – has been fixed, but experts say it is just the beginning of AI vulnerabilities to come.
Read more about Google fixes GeminiJack zero-click exposing corporate Gmail, Calendar invites, shared Docs
Aeroflot hack explained: report says infrastructure was nearly destroyed
The Bell, an independent Russian news outlet, has published a deep dive into this July’s major hack of Russia’s national airline Aeroflot. It turns out the company’s entire infrastructure was close to collapsing.
Read more about Aeroflot hack explained: report says infrastructure was nearly destroyed
Attackers exploit React2Shell vulnerability to target home CCTV, smart plugs, and TVs
A critical new flaw in React Server Components has unleashed a global wave of automated attacks hammering thousands of smart devices.
Read more about Attackers exploit React2Shell vulnerability to target home CCTV, smart plugs, and TVs
Sudan’s war-shaken aviation sector receives one more blow: hackers claim to be selling internal documents
A hacker claims to have compromised one of Sudan’s few surviving airlines, dumping its internal manuals and security data onto a cybercrime marketplace.
Read more about Sudan’s war-shaken aviation sector receives one more blow: hackers claim to be selling internal documents
4B+ records, including numerous LinkedIn profiles, exposed in one of the largest lead-generation datasets ever found open
What appears to be 16TB of professional and corporate intelligence data includes LinkedIn URLs and profile handles, alongside other personal information.
Read more about 4B+ records, including numerous LinkedIn profiles, exposed in one of the largest lead-generation datasets ever found open
Notepad++ releases emergency patch as hackers exploit updater to deploy malware
Hackers are abusing Notepad++, a popular text and source code editor, to deliver malware. The app’s updater, WinGUp, can be tricked by an attacker-in-the-middle to pull compromised executables from malicious servers. Patches are now available.
Read more about Notepad++ releases emergency patch as hackers exploit updater to deploy malware
New malware on Microsoft Marketplace steals passwords and screenshots of desktops
Some developers thought they were installing a dark theme and an AI assistant on their VS Code. However, it turned out to be malware that stole their data.
Read more about New malware on Microsoft Marketplace steals passwords and screenshots of desktops
Cheap devices from China may come with hidden sensors and hacking tools
Cheap devices for remotely managing hardware can themselves pose a significant security risk. Dr. Matej Kovačič, a security researcher from Slovenia, found that a popular NanoKVM contained a hidden microphone, together with hacking tools and dangerous exploits that would make exploitation trivial.
Read more about Cheap devices from China may come with hidden sensors and hacking tools
Trump prioritizing trade with China over cyber war, Salt Typhoon goes unpunished
The US President wants the world’s fellow autocrats to like him so much that he seems unwilling to allow nuisances such as cyberattacks against America to get in the way. This means that Salt Typhoon, a complex Chinese cyberespionage group, is being given a pass.
Read more about Trump prioritizing trade with China over cyber war, Salt Typhoon goes unpunished
