Fake Employees Pose Real Security Risks darkreadingMercedes Cardona
August 20, 2025

The security risks posed by fake employees are particularly severe when they secure IT positions with privileged access and administrative permissions. The security risks posed by fake employees are particularly severe …


How Warlock Ransomware Targets Vulnerable SharePoint Servers darkreadingAlexander Culafi
August 20, 2025

Researchers highlight how Warlock, a new ransomware heavyweight, uses its sophisticated capabilities to target on-premises SharePoint instances. Researchers highlight how Warlock, a new ransomware heavyweight, uses its sophisticated capabilities to target …


Cybercriminals Abuse Vibe Coding Service to Create Malicious Sites darkreadingRob Wright
August 20, 2025

Some LLM-created scripts and emails can lower the barrier of entry for low-skill attackers, who can use services like Lovable to create convincing, effective websites in minutes. Some LLM-created scripts and …


FBI, Cisco Warn of Russian Attacks on 7-Year-Old Flaw darkreadingJai Vijayan, Contributing Writer
August 20, 2025

In the past year, "Static Tundra," aka "Energetic Bear," has breached thousands of end-of-life Cisco devices unpatched against a 2018 flaw, in a campaign targeting enterprises and critical infrastructure. In the …


How Outer Space Became the Next Big Attack Surface darkreadingAlexander Culafi
August 20, 2025

VisionSpace Technologies' Andrzej Olchawa and Milenko Starcik discussed a set of vulnerabilities capable of ending space missions at the Black Hat USA 2025 News Desk. VisionSpace Technologies' Andrzej Olchawa and Milenko …


Incode Acquires AuthenticID to Enhance AI-Driven Identity Verification darkreadingFahmida Y. Rashid
August 20, 2025

The combination of Incode's AI models and AuthenticID's experience running identity programs at scale in regulated environments will provide customers with holistic fraud signal analysis, multi-modal intelligence, real-time personhood verification, …


DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft The Hacker [email protected] (The Hacker News)
August 20, 2025

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication (2FA) codes, and credit card …


FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage The Hacker [email protected] (The Hacker News)
August 20, 2025

A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means …


Airtell Router Scans, and Mislabeled usernames, (Wed, Aug 20th) SANS Internet Storm Center, InfoCON: green
August 20, 2025

Looking at new usernames collected by our Cowrie honeypots, you will first of all notice a number of HTTP headers. It is very common for attackers to scan for web …


Europe’s Ransomware Surge Is a Warning Shot for US Defenders darkreadingGrayson Milbourne
August 20, 2025

We can strip attackers of their power by implementing layered defenses, ruthless patch management, and incident response that assumes failure and prioritizes transparency. We can strip attackers of their power by …