Dark Web Vendors Shift to Third Parties, Supply Chains darkreadingRobert Lemos, Contributing Writer
July 3, 2025

As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web. As attacks on software …


Criminals Sending QR Codes in Phishing, Malware Campaigns darkreadingArielle Waldman
July 3, 2025

The Anti-Phishing Working Group observed how attackers are increasingly abusing QR codes to conduct phishing attacks or to trick users into downloading malware. The Anti-Phishing Working Group observed how attackers are …


IDE Extensions Pose Hidden Risks to Software Supply Chain darkreadingRob Wright
July 3, 2025

Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security. Malicious extensions can be engineered to bypass verification checks for popular …


Attackers Impersonate Top Brands in Callback Phishing darkreadingElizabeth Montalbano, Contributing Writer
July 3, 2025

Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers. Microsoft, PayPal, Docusign, and …


CISA Releases Four Industrial Control Systems Advisories AlertsCISA
July 3, 2025

CISA released four Industrial Control Systems (ICS) advisories on July 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-184-01 Hitachi Energy Relion 670/650 …


Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets The Hacker [email protected] (The Hacker News)
July 3, 2025

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet …


The Hidden Weaknesses in AI SOC Tools that No One Talks About The Hacker [email protected] (The Hacker News)
July 3, 2025

If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions …


Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms The Hacker [email protected] (The Hacker News)
July 3, 2025

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken …


Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials The Hacker [email protected] (The Hacker News)
July 2, 2025

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit …


ISC Stormcast For Thursday, July 3rd, 2025 https://isc.sans.edu/podcastdetail/9512, (Thu, Jul 3rd) SANS Internet Storm Center, InfoCON: green
July 2, 2025

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.  ​Read More