Microsoft Patch Tuesday, July 2025, (Tue, Jul 8th) SANS Internet Storm Center, InfoCON: green
July 8, 2025

Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9&#;x26;#;xc2;&#;x26;#;xa0;additional&#;x26;#;xc2;&#;x26;#;xa0;vulnerabilities not part of Microsoft&#;x26;#;39;s portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities …


Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware The Hacker [email protected] (The Hacker News)
July 8, 2025

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute …


Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play The Hacker [email protected] (The Hacker News)
July 8, 2025

Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's official app …


Hackers ‘Shellter’ Various Stealers in Red Team Tool to Evade Detection darkreadingElizabeth Montalbano, Contributing Writer
July 8, 2025

Researchers have uncovered multiple campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware by leveraging key features of the AV/EDR evasion framework. Researchers have uncovered multiple campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware …


4 Critical Steps in Advance of 47-Day SSL/TLS Certificates darkreadingTim Callan
July 8, 2025

With certificate lifespans set to shrink by 2029, IT teams need to spend the next 100 days planning in order to avoid operational disruptions. With certificate lifespans set to shrink by …


Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension The Hacker [email protected] (The Hacker News)
July 8, 2025

Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise, per …


Checking for Fraud: Texas Community Bank Nips Check Fraud in the Bud darkreadingKaren D. Schwartz, Contributing Writer
July 8, 2025

Within months of implementing anti-fraud measures and automation, Texas National Bank prevented more than $300,000 in check fraud. Within months of implementing anti-fraud measures and automation, Texas National Bank prevented more …


CISA Releases One Industrial Control Systems Advisory AlertsCISA
July 8, 2025

CISA released one Industrial Control Systems (ICS) advisory on July 8, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-189-01 Emerson ValveLink Products CISA encourages …


5 Ways Identity-based Attacks Are Breaching Retail The Hacker [email protected] (The Hacker News)
July 8, 2025

From overprivileged admin roles to long-forgotten vendor tokens, these attackers are slipping through the cracks of trust and access. Here’s how five retail breaches unfolded, and what they reveal about... In …


RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks The Hacker [email protected] (The Hacker News)
July 8, 2025

Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders (DVRs) and Four-Faith routers to rope the devices into a new botnet …