Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
phishing-as-a-service identity security
Identity Under Siege: How Phishing-as-a-Service and Browser Threats Are Fueling a New Cybercrime Wave
July 23, 2025
The past several years have seen a dramatic rise in identity-based attacks, a concerning trend in the threat landscape that puts many individuals and organizations in danger. Identity-based attacks have emerged as one of the…
Read More >
ToolShell SharePoint
Patch, Persist, Repeat: How ToolShell Is Bypassing SharePoint Defenses
July 22, 2025
A new zero-day exploit campaign is actively targeting Microsoft SharePoint Server, raising urgent concerns for enterprises running on-prem environments. Dubbed “ToolShell” by researchers at Ontinue, the attack chain enables unauthenticated remote code execution and has…
Read More >
Semperis Purple Knight Report
Purple Knight Report Exposes Troubling Gaps in Hybrid Identity Security
July 19, 2025
The security of identity infrastructure is under pressure like never before. As attackers increasingly target the systems that govern access, organizations are discovering they have less control than they assumed. Complex hybrid environments, aging configurations,…
Read More >
deepfake AI Marco Rubio
Deepfake Diplomacy: AI Impostor Exposes Critical Flaws in Cybersecurity
July 18, 2025
The AI explosion in recent years has caused shifts in the way individuals and organizations approach communications and tasks in many areas. Unfortunately, this includes the increasing use of AI-enhanced technologies by cybercriminals to make…
Read More >
CISA KEV exploited vulnerabilities
CISA Flags Four Actively Exploited Vulnerabilities—Some Nearly a Decade Old
July 15, 2025
On July 7, the Cybersecurity and Infrastructure Security Agency (CISA) added four new entries to its Known Exploited Vulnerabilities (KEV) catalog. What stands out about the vulnerabilities isn’t the number, it’s the age. The oldest…
Read More >
Outlook crash VDI reliability
Outlook Crash Sparks Debate Over VDI Reliability and Hidden Security Risks
July 14, 2025
A recent issue with Microsoft’s Outlook email platform has caused the client to crash when users are composing or opening emails. The issue can impact users across all Microsoft 365 Office channels, with users who…
Read More >
FDA medical manufacturing
FDA Pushes for Cybersecurity in Smart Manufacturing
July 09, 2025
Medical manufacturing is embracing a new wave of digital innovation. Production lines now integrate connected devices, data-driven automation, and analytics platforms designed to improve speed and precision. These advances bring clear operational benefits, but they…
Read More >
memory-safe languages MSLs
Why Memory-Safe Languages Are Now a National Security Priority
July 07, 2025
The United States Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) recently published a joint guide, “The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take…
Read More >
WormGPT
WormGPT Reborn: Cybercriminals Hijack Mainstream AI to Power New Variants
July 06, 2025
WormGPT first emerged in 2023 as a blackhat tool built on GPT-J, offering threat actors a way to generate malicious content through an uncensored AI interface. It gained quick traction in underground forums, where it…
Read More >
Brother devices printers vulnerabilities
Critical Vulnerabilities in Brother Devices Expose Millions to Remote Attacks
July 06, 2025
Security researchers at Rapid7 have disclosed eight newly discovered vulnerabilities affecting more than 689 models of Brother devices, including printers, scanners, and label makers. While these kinds of vulnerabilities rarely grab headlines, the scope of…
Read More >
Chrome extensions vulnerabilities
Popular Chrome Extensions Expose Users to Cyber Threats
June 30, 2025
It is tempting to believe that widely used browser extensions are required to follow strict security practices to protect users of popular browsers like Google Chrome, but this is not always the case. The ecosystem…
Read More >
SentinelOne cyber espionage
How SentinelOne Thwarted Cyber Espionage Attempts
June 28, 2025
SentinelOne recently revealed that it was the target of a failed cyber espionage operation carried out by China-linked threat actors. This case is a rare example where a cybersecurity firm itself became the focus of…
Read More >
GodFather mobile malware sandbox
Inside the Sandbox: The Evolution of Mobile Banking Malware
June 27, 2025
The history of mobile malware has been evolving for over 20 years, targeting mobile devices through a wide range of vectors for a variety of ends. Early mobile malware relied on Bluetooth capability to spread…
Read More >
Salesforce low-code vulnerabilities
Salesforce Industry Cloud Vulnerabilities Highlight Hidden Dangers of Low-Code Platforms
June 24, 2025
Low-code platforms like Salesforce’s Industry Cloud promise to speed up digital transformation by making it easier for organizations to build and deploy apps. With tools like OmniStudio, employees can quickly create workflows and interfaces tailored…
Read More >
Qualys Linux core dumps
New Vulnerabilities in Linux Core Dump Handlers Expose Password Hashes
June 23, 2025
Security researchers at Qualys have discovered two new vulnerabilities in popular Linux core dump handlers that could let local attackers extract sensitive data—including password hashes—from crashed programs. The flaws, tracked as CVE-2025-5054 and CVE-2025-4598, affect…
Read More >
ClickFix CAPTCHA phishing
ClickFix and the New Face of Phishing: Why Your Browser Is the Next Battleground
June 23, 2025
Phishing has taken a new and unsettling turn with the emergence of ClickFix, a browser-based tactic that doesn’t rely on fake login pages or malicious downloads. ClickFix masquerades as a security feature, using convincing visual…
Read More >
Victoria's Secret retail Scattered Spider
Victoria’s Secret and the Fashion Industry’s Growing Cybersecurity Crisis
June 17, 2025
On June 3rd, major clothing retailer Victoria’s Secret disclosed a cybersecurity incident affecting the company’s information technology (IT) systems. The attack led to Victoria’s Secret shutting down their website from May 26th to 29th while…
Read More >
Oasis OneDrive OAuth
Unpacking the OneDrive OAuth Crisis
June 13, 2025
Open Authorization (OAuth) is a standard for allowing apps and services to log in to one another while keeping confidential information private, such as when users sign in on a third-party site using their Facebook…
Read More >
Subscribe for the Latest News
Webinars
Securing the AI Frontier: Defending the Enterprise Ecosystem with Prisma AIRS
Register Now
When Your Cloud Directory Goes Dark: Recovering Entra ID After a Cyberattack
Register Now
Takeaways from Major Open Source Library Attacks
Register Now