Iran seeks at least three cloud providers to power its government
[The Register - Security] [14 Jul 25 @ 07:15]
Despite loathing the USA, Iran wants providers who match NIST’s definition of cloud computing The Information Technology Organization of Iran (ITOI), the government body that develops and implement...
Nvidia warns its GPUs – even Blackwells – need protection against Rowhammer attacks
[The Register - Security] [14 Jul 25 @ 01:46]
PLUS: Bluetooth mess leaves cars exposed; Bitcoin ATMs attacked; Deepfakers imitate US secretary of state Marco Rubio; and more Infosec In Brief Nvidia last week advised customers to ensure they ...
Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb
[Security Affairs] [13 Jul 25 @ 20:10]
PoC exploits released for critical Fortinet FortiWeb flaw allowing pre-auth RCE. Fortinet urges users to patch. Proof-of-concept (PoC) exploits for CVE-2025-25257 in Fortinet FortiWeb (CVSS 9.8) en...
Wing FTP Server flaw actively exploited shortly after technical details were made public
[Security Affairs] [13 Jul 25 @ 17:50]
Hackers exploit critical Wing FTP flaw (CVE-2025-47812) for remote code execution with root/system rights after details leaked on June 30. Threat actors are exploiting a critical flaw, tracked as C...
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53
[Security Affairs] [13 Jul 25 @ 15:53]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Datacarry Ransomware DRAT V2: Updated DRAT Emerges in TAG-140’s...
You have a fake North Korean IT worker problem - here's how to stop it
[The Register - Security] [13 Jul 25 @ 13:02]
Thick resumes with thin LinkedIn connections are one sign. Refusing an in-person interview is another By now, the North Korean fake IT worker problem is so ubiquitous that if you think you don't ha...
Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION
[Security Affairs] [13 Jul 25 @ 11:42]
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityA...
Consumentenbond adviseert adblocker uBlock Origin, raadt Chrome af
[Security.NL maakt Nederland veilig] [13 Jul 25 @ 09:59]
Internetgebruikers die online trackers en advertenties willen blokkeren kunnen het beste van adblocker uBlock Origin ...
WordPress-plug-in Gravity Forms waarschuwt voor backdoor in packages
[Security.NL maakt Nederland veilig] [13 Jul 25 @ 09:43]
De populaire WordPress-plug-in Gravity Forms, die naar eigen zeggen op meer dan één miljoen websites actief is, is door ...
Rijksoverheid vooral actief op LinkedIn, X, Instagram en YouTube
[Security.NL maakt Nederland veilig] [13 Jul 25 @ 09:22]
De Rijksoverheid is als het om het gebruik van socialmediaplatforms gaat vooral actief op LinkedIn, X, Instagram en YouTube. ...
ICE Campaign of Violence Will Lead to More Deaths
[The Intercept] [13 Jul 25 @ 01:12]
Jaime Alanis' death shows the horrific consequences of a secret police force behaving with utter impunity. The post ICE Campaign of Violence Will Lead to More Deaths appeared first on The Intercept .
GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs
[THN : The Hacker News] [12 Jul 25 @ 19:14]
NVIDIA is urging customers to enable System-level Error Correction Codes (ECC) as a defense against a variant of a RowHammer attack demonstrated against its graphics processing units (GPUs). "Risk ...
McDonald’s job app exposes data of 64 Million applicants
[Security Affairs] [12 Jul 25 @ 19:03]
Vulnerabilities in McDonald’s McHire chatbot exposed data from 64 million job applicants due to insecure internal APIs. Security researchers Ian Carroll and Sam Curry discovered multiple vulnerabil...
Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub
[THN : The Hacker News] [12 Jul 25 @ 14:45]
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. "Lara...
What to Do When You See ICE in Your Neighborhood
[The Intercept] [12 Jul 25 @ 12:00]
How can you deter the Trump administration's immigrant deportation machine when it pops up in your community? Follow these steps. The post What to Do When You See ICE in Your Neighborhood appeared ...
Athlete or Hacker? Russian basketball player accused in U.S. ransomware case
[Security Affairs] [12 Jul 25 @ 01:11]
Russian basketball player arrested in France over alleged ties to a ransomware group accused of targeting U.S. firms and federal institutions. Russian basketball player Daniil Kasatkin (26) was arr...
Grok Is the Latest in a Long Line of Chatbots to Go Full Nazi
[The Intercept] [11 Jul 25 @ 23:37]
Grok’s recent antisemitic turn is not an aberration, but part of a pattern of AI chatbots churning out hateful drivel. The post Grok Is the Latest in a Long Line of Chatbots to Go Full Nazi appeare...
House Democrat Calls on Kristi Noem To Resign Over ICE Lies
[The Intercept] [11 Jul 25 @ 21:08]
Bernie Sanders, Delia Ramirez, Ilhan Omar, Pramila Jayapal, and Rashida Tlaib reacted with outrage to The Intercept's investigation. The post House Democrat Calls on Kristi Noem To Resign Over ICE ...
CVSS 10 RCE in Wing FTP exploited within 24 hours, security researchers warn
[The Register - Security] [11 Jul 25 @ 20:15]
Intruders looked up how to use curl mid-attack - rookie errors kept damage minimal Huntress security researchers observed exploitation of the CVSS 10.0 remote code execution (RCE) flaw in Wing FTP ...
Tradecraft in the Information Age
[Schneier on Security] [11 Jul 25 @ 18:06]
Long article on the difficulty (impossibility?) of human spying in the age of ubiquitous digital surveillance.
Ministeries moeten 230.000 documenten met namen ambtenaren opschonen
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 17:04]
Afgelopen april werd bekend dat allerlei documenten van ministeries die op open.overheid.nl, Rijksoverheid.nl en Overheid.nl ...
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
[THN : The Hacker News] [11 Jul 25 @ 16:38]
Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE...
Callcenter achter internationale Microsoft-helpdeskfraude opgerold
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 16:01]
De Indiase autoriteiten hebben in samenwerking met de FBI, het Britse National Crime Agency (NCA) en Microsoft een callcenter ...
AP wil dat overheidsinstanties algoritmes verplicht gaan registreren
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 14:20]
Overheidsinstanties moeten de algoritmes waarvan ze gebruikmaken verplicht registreren, zo vindt de Autoriteit Persoonsgegevens ...
PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
[THN : The Hacker News] [11 Jul 25 @ 14:10]
Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of tra...
McDonald's lekt persoonlijke gegevens van 64 miljoen sollicitanten
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 13:58]
McDonald's heeft via een 'chatbot recruitment platform' de persoonlijke gegevens van meer dan 64 miljoen sollicitanten gelekt. ...
Fortinet FortiWeb-firewall via kritiek lek op afstand over te nemen
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 13:30]
Een kritieke kwetsbaarheid in de Fortinet FortiWeb web application firewall (WAF) maakt het mogelijk voor ongeauthenticeerde ...
Securing Data in the AI Era
[THN : The Hacker News] [11 Jul 25 @ 13:00]
The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help. As businesses increasingly re...
Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
[THN : The Hacker News] [11 Jul 25 @ 12:58]
A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812...
Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
[THN : The Hacker News] [11 Jul 25 @ 12:46]
An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks a...
UK Online Safety Act 'not up to scratch' on misinformation, warn MPs
[The Register - Security] [11 Jul 25 @ 12:31]
Last summer's riots show how some content can be harmful but not illegal The Online Safety Act fails to tackle online misinformation, leaving the UK in need of further regulation to curb the viral ...
Franse tabakswinkels schenden AVG met camera's die leeftijd schatten
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 12:31]
Tabakswinkels in Frankrijk die gebruik maken van augmented camera's om de leeftijd van klanten te schatten overtreden de AVG. ...
Trans People Have Disappeared From ICE Records, Against Congressional Orders
[The Intercept] [11 Jul 25 @ 12:30]
The Trump administration has made efforts to "erase" transgender people, who face violence and medical neglect behind bars. The post Trans People Have Disappeared From ICE Records, Against Congress...
AP onderzoekt onrechtmatig opvragen persoonsgegevens door ambtenaren
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 12:07]
De Autoriteit Persoonsgegevens (AP) doet een verkennend onderzoek naar het onrechtmatig opvragen van persoonsgegevens door ...
The Great American Heist You’re Paying For
[The Intercept] [11 Jul 25 @ 12:00]
Rep. Summer Lee, D-Pa., on how Trump’s megabill is the biggest wealth transfer in history and how money in politics is fueling America's slide into plutocratic authoritarianism. The post The Great ...
Overheid vraagt bij aanbestedingen te weinig om verplichte open standaarden
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 11:32]
Nederlandse overheidsinstanties vragen bij aanbestedingen te weinig om verplichte open standaarden, zo blijkt uit de Monitor ...
Amerikaanse overheid opgedragen aangevallen Citrix-lek meteen te patchen
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 10:56]
Het Amerikaanse cyberagentschap CISA heeft overheidsinstanties opgedragen om een actief aangevallen kwetsbaarheid in Citrix ...
U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
[Security Affairs] [11 Jul 25 @ 10:19]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Inf...
Politie houdt phishing-verdachten op heterdaad aan op vakantiepark
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 10:15]
De politie heeft afgelopen dinsdag drie mannen en twee vrouwen op een vakantiepark in Hellevoetsluis op heterdaad wegens ...
Fiscus krijgt geen boete voor ernstige privacyovertredingen RAM-systeem
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 10:01]
De Belastingdienst krijgt geen boete of andere sancties opgelegd wegens ernstige overtredingen met het RAM-systeem, zo heeft de ...
Kritieke kwetsbaarheid in Wing FTP Server actief misbruikt bij aanvallen
[Security.NL maakt Nederland veilig] [11 Jul 25 @ 09:36]
Een kritieke kwetsbaarheid in Wing FTP Server wordt actief misbruikt bij aanvallen en laat aanvallers kwetsbare servers ...
Security company hired a used car salesman to build a website, and it didn't end well
[The Register - Security] [11 Jul 25 @ 09:29]
First came the dodgy lawyer, then the explosively angry HR person, leaving a whistleblower techie to save his career On Call Welcome once again to On Call, The Register 's Friday column that shar...
French cops cuff Russian pro basketball player on ransomware charges
[The Register - Security] [11 Jul 25 @ 08:29]
'He's useless with computers and can't even install an application' says lawyer A Russian professional basketball player is cooling his heels in a French detention center after being arrested and a...
Chinese censorship-busters claim Tencent is trying to kill its WeChat archive
[The Register - Security] [11 Jul 25 @ 07:44]
Alleges Singaporean infosec outfit sent feeble legal demands to hosting company, which caved Anti-censorship organization GreatFire.org has accused Singapore infosec outfit Group-IB of helping Chin...
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
[THN : The Hacker News] [11 Jul 25 @ 06:25]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) c...
Lovestruck US Air Force worker admits leaking secrets on dating app
[The Register - Security] [11 Jul 25 @ 01:58]
Oh my sweet secret informant lover, what happened in that NATO meeting today? A lovestruck US Air Force employee has pleaded guilty to conspiring to transmit confidential national defense informati...
Now everybody but Citrix agrees that CitrixBleed 2 is under exploit
[The Register - Security] [11 Jul 25 @ 00:13]
Add CISA to the list The US Cybersecurity and Infrastructure Security Agency has added its weighty name to the list of parties agreeing that CVE-2025-5777, dubbed CitrixBleed 2 by one researcher, h...
UK NCA arrested four people over M&S, Co-op cyberattacks
[Security Affairs] [10 Jul 25 @ 23:13]
NCA arrested four people in UK, including three teens, over cyberattacks on M&S, Co-op, and Harrods, per its investigation. The British National Crime Agency (NCA) arrested four individuals in ...
Ex-ASML engineer who stole chip tech for Russia gets three years in Dutch prison
[The Register - Security] [10 Jul 25 @ 22:29]
'Whether those files were allowed to go to Russia? I didn't ask' A former ASML and NXP semiconductor engineer will spend three years in a Dutch prison after stealing secret chip technology from his...
PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda
[Security Affairs] [10 Jul 25 @ 20:28]
Researchers found critical PerfektBlue flaws in OpenSynergy BlueSDK, allowing remote code execution to hack millions of vehicles’ systems. Researchers at PCA Cyber Security identified a set o...