Hackers Abuse VPS Infrastructure for Stealth, Speed darkreadingAlexander Culafi
August 21, 2025

New research highlights how threat actors abuse legitimate virtual private server offerings in order to spin up infrastructure cheaply, quietly, and fast. New research highlights how threat actors abuse legitimate virtual …


K-12 School Incident Response Plans Fall Short darkreadingArielle Waldman
August 21, 2025

Quick recovery relies on three security measures. Quick recovery relies on three security measures.  ​Read More


Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks The Hacker [email protected] (The Hacker News)
August 21, 2025

Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, …


Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages The Hacker [email protected] (The Hacker News)
August 21, 2025

Threat actors have been observed leveraging the deceptive social engineering tactic known as ClickFix to deploy a versatile backdoor codenamed CORNFLAKE.V3. Google-owned Mandiant described the activity, which it tracks as UNC5518, …


Tree of AST: A Bug-Hunting Framework Powered by LLMs darkreadingAlexander Culafi
August 21, 2025

Teenaged security researchers Sasha Zyuzin and Ruikai Peng discuss how their new vulnerability discovery framework leverages LLMs to address limitations of the past. Teenaged security researchers Sasha Zyuzin and Ruikai Peng …


Prepping the Front Line for MFA Social Engineering Attacks darkreadingPaul Underwood
August 21, 2025

Attackers will continue to evolve, and the help desk will always be a target. But with the right mix of training, support, and trust, frontline agents can become your biggest …


Tailing Hackers, Columbia University Uses Logging to Improve Security darkreadingMercedes Cardona
August 21, 2025

Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored hackers targeting Columbia's research labs. Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored …


DARPA: Closing the Open Source Security Gap With AI darkreadingAlexander Culafi
August 21, 2025

DARPA's Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at scale. DARPA's Kathleen Fisher discusses the AI …


CISA Adds One Known Exploited Vulnerability to Catalog AlertsCISA
August 21, 2025

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025-43300 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability These types of vulnerabilities are …


CISA Releases Three Industrial Control Systems Advisories AlertsCISA
August 21, 2025

CISA released three Industrial Control Systems (ICS) advisories on August 21, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-233-01 Mitsubishi Electric Corporation MELSEC …