SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others The Hacker [email protected] (The Hacker News)
August 7, 2025

The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The …


Citizen Lab Founder Flags Rise of US Authoritarianism darkreadingAlexander Culafi
August 7, 2025

Citizen Lab director and founder Ron Deibert explained how civil society is locked in "vicious cycle," and human rights are being abused as a result, covering Israeli spyware, the Khashoggi …


Payback: ‘ShinyHunters’ Clocks Google via Salesforce darkreadingNate Nelson, Contributing Writer
August 7, 2025

In 2024, it was Snowflake. In 2025, it's Salesforce. ShinyHunters is back, with low-tech hacks that nonetheless manage to bring down international megaliths like Google, Cisco, and Adidas. In 2024, it …


The Critical Flaw in CVE Scoring darkreadingOfri Ouzan
August 7, 2025

With informed decision-making, organizations can strengthen their overall resilience and maintain the agility needed to adapt to emerging threats, without sacrificing innovation or productivity. With informed decision-making, organizations can strengthen their …


Chanel Alerts Clients of Third-Party Breach darkreadingKristina Beek
August 7, 2025

The fashion house is added to a list of other companies that have been impacted by similar breaches, including Tiffany & Co. and Louis Vuitton. The fashion house is added to …


Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes The Hacker [email protected] (The Hacker News)
August 7, 2025

Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. "At …


CISA Issues ED 25-02: Mitigate Microsoft Exchange Vulnerability AlertsCISA
August 7, 2025

Today, CISA issued Emergency Directive (ED) 25-02: Mitigate Microsoft Exchange Vulnerability in response to CVE-2025-53786, a vulnerability in Microsoft Exchange server hybrid deployments.   ED 25-02 directs all Federal Civilian Executive …


CISA Releases Ten Industrial Control Systems Advisories AlertsCISA
August 7, 2025

CISA released ten Industrial Control Systems (ICS) advisories on August 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-219-01 Delta Electronics DIAView ICSA-25-219-02 Johnson …


Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups The Hacker [email protected] (The Hacker News)
August 7, 2025

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked …


6,500 Axis Servers Expose Remoting Protocol, 4,000 in U.S. Vulnerable to Exploits The Hacker [email protected] (The Hacker News)
August 7, 2025

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. "The attack results in pre-authentication remote code …