DoJ Disrupts North Korean IT Worker Scheme Across Multiple US States darkreadingKristina Beek
July 1, 2025

The US also conducted searches of 29 "laptop farms" across 16 states and seized 29 financial accounts used to launder funds. The US also conducted searches of 29 "laptop farms" across …


Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits The Hacker [email protected] (The Hacker News)
July 1, 2025

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow …


TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns The Hacker [email protected] (The Hacker News)
July 1, 2025

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader. Enterprise security firm Proofpoint …


Browsers Targeted via Chrome Zero-Day, Malicious Firefox Extensions darkreadingElizabeth Montalbano, Contributing Writer
July 1, 2025

Separate threats to popular browsers highlight the growing security risk for enterprises presented by the original gateway to the Web, which remains an integral tool for corporate users. Separate threats to …


How Businesses Can Align Cyber Defenses With Real Threats darkreadingDavid Meese, Andrew Bayers
July 1, 2025

Companies that understand the motivations of their attackers and position themselves ahead of the competition will be in the best place to protect their business operations, brand reputation, and their …


New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status The Hacker [email protected] (The Hacker News)
July 1, 2025

A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, …


CISA Adds Two Known Exploited Vulnerabilities to Catalog AlertsCISA
July 1, 2025

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025-48927 TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability CVE-2025-48928 …


CISA Releases Seven Industrial Control Systems Advisories AlertsCISA
July 1, 2025

CISA released seven Industrial Control Systems (ICS) advisories on July 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-182-01 FESTO Didactic CP, MPS …


A New Maturity Model for Browser Security: Closing the Last-Mile Risk The Hacker [email protected] (The Hacker News)
July 1, 2025

Despite years of investment in Zero Trust, SSE, and endpoint protection, many enterprises are still leaving one critical layer exposed: the browser. It’s where 85% of modern work now happens. It’s …


Google Patches Critical Zero-Day Flaw in Chrome’s V8 Engine After Active Exploitation The Hacker [email protected] (The Hacker News)
July 1, 2025

Google has released security updates to address a vulnerability in its Chrome browser for which an exploit exists in the wild. The zero-day vulnerability, tracked as CVE-2025-6554 (CVSS score: N/A), has …