Millions Allegedly Affected in Allianz Insurance Breach darkreadingKristina Beek
August 19, 2025

Have I Been Pwned claims that the compromised data includes physical addresses, dates of birth, phone numbers, and more, for life insurance customers. Have I Been Pwned claims that the compromised …


Increased Elasticsearch Recognizance Scans, (Tue, Aug 19th) SANS Internet Storm Center, InfoCON: green
August 19, 2025

I noticed an increase in scans that appear to try to identify Elasticsearch instances. Elasticsearch is not a new target. Its ability to easily store and manage JSON data, combined …


Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems The Hacker [email protected] (The Hacker News)
August 19, 2025

Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the …


PipeMagic Backdoor Resurfaces as Part of Play Ransomware Attack Chain darkreadingElizabeth Montalbano, Contributing Writer
August 19, 2025

Attackers are wielding the sophisticated modular malware while exploiting CVE-2025-29824, a previously zero-day flaw in Windows Common Log File System (CLFS) that allows attackers to gain system-level privileges on compromised …


New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code The Hacker [email protected] (The Hacker News)
August 19, 2025

Financial institutions like trading and brokerage firms are the target of a new campaign that delivers a previously unreported remote access trojan called GodRAT. The malicious activity involves the "distribution of …


10 Major GitHub Risk Vectors Hidden in Plain Sight darkreadingLiad Cohen, Eyal Paz
August 19, 2025

By addressing these overlooked risk vectors, organizations can continue leveraging GitHub's innovation while protecting against sophisticated supply chain attacks targeting interconnected software. By addressing these overlooked risk vectors, organizations can continue …


Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution The Hacker [email protected] (The Hacker News)
August 19, 2025

A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question …


‘DripDropper’ Hackers Patch Their Own Exploit darkreadingJai Vijayan, Contributing Writer
August 19, 2025

An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw. An attacker is breaking into Linux systems via …


CISA Releases Four Industrial Control Systems Advisories AlertsCISA
August 19, 2025

CISA released four Industrial Control Systems (ICS) advisories on August 19, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-231-01 Siemens Desigo CC Product …


Secure AI Use Without the Blind Spots darkreadingJoan Goodchild
August 19, 2025

Why every company needs a clear, enforceable AI policy — now. Why every company needs a clear, enforceable AI policy — now.  ​Read More