Microsoft Patches 137 CVEs in July, But No Zero-Days darkreadingJai Vijayan, Contributing Writer
July 8, 2025

Some 17 of the bugs are at high risk for exploits, including multiple remote code execution bugs in Office and SharePoint. Some 17 of the bugs are at high risk for …


Malicious Open Source Packages Spike 188% YoY darkreadingAlexander Culafi
July 8, 2025

Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens. Data exfiltration was the most …


Suspected Hacker Linked to Silk Typhoon Arrested in Milan darkreadingKristina Beek
July 8, 2025

The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, aggravated identity theft, and unauthorized access to protected computers. The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, …


Microsoft Patch Tuesday, July 2025, (Tue, Jul 8th) SANS Internet Storm Center, InfoCON: green
July 8, 2025

Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9&#;x26;#;xc2;&#;x26;#;xa0;additional&#;x26;#;xc2;&#;x26;#;xa0;vulnerabilities not part of Microsoft&#;x26;#;39;s portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities …


Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware The Hacker [email protected] (The Hacker News)
July 8, 2025

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute …


Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play The Hacker [email protected] (The Hacker News)
July 8, 2025

Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's official app …


Hackers ‘Shellter’ Various Stealers in Red Team Tool to Evade Detection darkreadingElizabeth Montalbano, Contributing Writer
July 8, 2025

Researchers have uncovered multiple campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware by leveraging key features of the AV/EDR evasion framework. Researchers have uncovered multiple campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware …


4 Critical Steps in Advance of 47-Day SSL/TLS Certificates darkreadingTim Callan
July 8, 2025

With certificate lifespans set to shrink by 2029, IT teams need to spend the next 100 days planning in order to avoid operational disruptions. With certificate lifespans set to shrink by …


Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension The Hacker [email protected] (The Hacker News)
July 8, 2025

Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise, per …


Checking for Fraud: Texas Community Bank Nips Check Fraud in the Bud darkreadingKaren D. Schwartz, Contributing Writer
July 8, 2025

Within months of implementing anti-fraud measures and automation, Texas National Bank prevented more than $300,000 in check fraud. Within months of implementing anti-fraud measures and automation, Texas National Bank prevented more …