IT Security News Daily Summary 2025-05-28

209 posts were published in the last hour

• 20:36 : Microsoft Entra Design Lets Guest Users Gain Azure Control, Researchers Say
• 20:36 : Victoria’s Secret hit by outages as it battles security incident
• 20:36 : What Your Traffic Logs Aren’t Telling You About Cloud Security
• 20:7 : Google Gemini: Everything You Need to Know About Google’s Powerful AI
• 20:6 : MATLAB Maker MathWorks Recovering From Ransomware Attack
• 20:5 : IT Security News Hourly Summary 2025-05-28 21h : 12 posts
• 19:34 : Less is more: Meta study shows shorter reasoning improves AI accuracy by 34%
• 19:34 : Instagram Boss Warns of ‘Sophisticated’ Google Phishing Scam
• 19:34 : Randall Munroe’s XKCD ‘Mass Spec’
• 19:34 : BSidesLV24 – PasswordsCon – CVE Hunting: Wi-Fi Routers, OSINT & ‘The Tyranny Of The Default’
• 19:2 : Attack on LexisNexis Risk Solutions exposes data on 300k +
• 18:31 : FTC Orders GoDaddy to Bolster its Security After Years of Attacks
• 18:6 : xAI Pays Telegram $300m To Deploy Its Grok AI Chatbot
• 18:6 : Zanubis Android Malware Harvests Banking Credentials and Executes Remote Commands
• 18:6 : Deepfake-posting man faces huge $450,000 fine
• 18:6 : Pakistan Arrests 21 in ‘Heartsender’ Malware Service
• 18:6 : Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry
• 18:5 : Check Point to Acquire Veriti to Transform Threat Exposure Management
• 18:5 : The Insidious Effort to Privatize Public Airwaves | EFFector 37.5
• 18:5 : Fake AI video generator tools lure in Facebook and LinkedIn users to deliver malware
• 18:5 : Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack
• 18:5 : Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore
• 17:32 : Fake AI Video Tool Ads on Facebook, LinkedIn Spread Infostealers
• 17:32 : 3 SOC Metrics Improved With Sandbox Analysis
• 17:9 : Trotz abgelaufener Frist: So könnt ihr dem KI-Training auf Facebook und Instagram noch teilweise widersprechen
• 17:9 : KI-Modelle wollen nicht abgeschaltet werden: Was hinter dem Verhalten steckt
• 17:9 : Firefox zeigt euch, was sich hinter Links verbirgt: So aktiviert ihr das Feature
• 17:9 : Wie viel Energie verbraucht KI wirklich? Hier kommt die große Berechnung
• 17:9 : ChatGPT für Biologen: Diese KI erschafft maßgeschneiderte Proteine per Texteingabe
• 17:9 : Anzeige: Microsoft Copilot strategisch im Unternehmen einsetzen
• 17:8 : Worldwide Operation Shuts Down Hundreds of Ransomware Servers and Domains, Ending Key Attack Infrastructure
• 17:8 : Cybercriminals Are Turning Ordinary Citizens Into Money Mules in a New ‘Rent-a-Bank-Account’ Scam
• 17:8 : Cortex XDR Named 2025 Gartner Customers’ Choice for Endpoint Security
• 17:8 : XenServer VM Tools for Windows Vulnerability Let Attackers Execute Arbitrary Code
• 17:8 : The Future of Cybersecurity – Trends Shaping the Industry
• 17:8 : 364,000 Impacted by Data Breach at LexisNexis Risk Solutions
• 17:8 : How HealthTech Startups Can Build Scalable Data Governance Frameworks from Day One
• 17:7 : Your Mobile Apps May Not Be as Secure as You Think… – FireTail Blog
• 17:7 : FTC Orders GoDaddy to Bolster Its Security After Years of Attacks
• 17:7 : Malware Discovered in Procolored Printer Software, Users Advised to Update Immediately
• 17:5 : IT Security News Hourly Summary 2025-05-28 18h : 7 posts
• 16:33 : Militärfunk: Motorola kauft Silvus für 4,4 Milliarden US-Dollar
• 16:32 : Amazon Software Deal With Stellantis ‘Winding Down’ – Report
• 16:32 : Apple Blocked 2 million Malicious App & $9 Billion in Fraudulent Transactions
• 16:9 : Malware Hidden in AI Models on PyPI Targets Alibaba AI Labs Users
• 16:9 : DragonForce Ransomware Actors Exploits RMM Tools to Gain Access to Organizations
• 16:9 : Czech Government Condemns Chinese Hack on Critical Infrastructure
• 16:9 : Crypto Crime Shocker: DOJ Charges 27 In $263 Million Crypto Theft
• 15:33 : Tesla Sales In Europe Continue To Plummet
• 15:32 : Earth Lamia Hackers Exploits Vulnerabilities in Web Applications to Attack Multiple Industries
• 15:32 : Guide for delivering frequently software features that matter (series)
• 15:32 : BSidesLV24 – PasswordsCon – Zero Downtime Credential Rotation
• 15:32 : Klarna Scales Back AI-Led Customer Service Strategy, Resumes Human Support Hiring
• 15:32 : Surge in Skitnet Usage Highlights Evolving Ransomware Tactics
• 15:32 : Ivanti Vulnerability Exploit Could Expose UK NHS Data
• 15:4 : XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code
• 15:4 : Russian APT28 Hackers Attacking NATO-aligned Organizations to Steal Sensitive Data
• 15:4 : Evertz SDN Vulnerabilities Enable Unauthenticated Arbitrary Command Execution
• 15:4 : Is that extension safe? This free tool lets you know before you install
• 15:4 : Comparing Windows Hello vs. Windows Hello for Business
• 15:4 : New PumaBot targets Linux IoT surveillance devices
• 15:4 : WordPress TI WooCommerce Wishlist Plugin Vulnerability Exposes 100,000+ Websites To Cyberattack
• 15:4 : 93+ Billion Stolen Users’ Cookies Flooded by Hackers on the Dark Web
• 15:4 : Incident Response Planning – Preparing for Data Breaches
• 15:4 : Threat Actors Impersonate Fake Docusign Notifications To Steal Corporate Data
• 15:3 : 251 Malicious IPs Attacking Cloud-Based Devices Leveraging 75 Exposure Points
• 15:3 : Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File
• 15:3 : Fake Bitdefender Site Spreads Trio of Malware Tools
• 14:33 : #55 – Tatort digitaler Raum: Hilfe bei Gewalt im Netz
• 14:32 : Texas Signs Online Safety Law Opposed By Apple, Google
• 14:32 : Zscaler to Acquire Red Canary, Enhancing AI-Powered Security Operations
• 14:32 : Threat Actors Weaponize Fake AI-Themed Websites to Deliver Python-based infostealers
• 14:32 : Data broker giant LexisNexis says breach exposed personal information of over 364,000 people
• 14:5 : [Guest Diary] Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack, (Wed, May 28th)
• 14:5 : Mark Your Calendar: APT41 Innovative Tactics
• 14:5 : 251 Malicious IPs Target Cloud-Based Device Exploiting 75 Exposure Points
• 14:5 : App Store Security: Apple stops $2B in fraud in 2024 alone, $9B over 5 years
• 14:5 : New warning issued over toll fee scams
• 14:5 : Czech Republic Accuses China of Government Hack
• 14:5 : IT Security News Hourly Summary 2025-05-28 15h : 14 posts
• 13:33 : SpaceX Starship Test Flight Ends After Breaking Apart
• 13:33 : Accelerate your Operations with AI Powered Security Management and Quantum Smart-1 Management 700/7000 Series Appliances
• 13:33 : Quantum Force Firewalls Bring Lightning-Fast Cyber Security to the Branch Office
• 13:33 : Recompiling Your “Self”: A Cybersecurity-Inspired Guide to Resilience
• 13:33 : Hackers Allegedly Claim AT&T Data Leak – 31M Records Exposed
• 13:33 : Cybersecurity Budgeting – Prioritizing Investments in 2025
• 13:33 : Hackers Exploiting Craft CMS Vulnerability To Inject Crypto Miner Malware
• 13:33 : Zscaler Expands AI-Driven Security Operations with Red Canary Acquisition
• 13:33 : Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites
• 13:33 : Cerby Raises $40 Million for Identity Automation Platform
• 13:33 : PlainID announces Policy Management for Agentic AI
• 13:32 : Microsoft OneDrive Flaw Exposes Users to Data Overreach Risks
• 13:9 : Thermalbasierte Brandfrüherkennung für kritische Umgebungen
• 13:8 : SilentWerewolf Attack Combines Legitimate Tools with Code Obfuscation for Stealthy Infiltration
• 13:8 : VenomRAT Malware Introduces New Tools for Password Theft and Stealthy Access
• 13:8 : Threat Actors Weaponizing DCOM to Harvest Credentials on Windows Systems
• 13:8 : The latest in phishing scams: stealing your information through fake online forms
• 13:8 : How crypto is changing the game for financial scammers
• 13:8 : Bitdefender vs McAfee: Which Antivirus Is Right for You?
• 13:8 : Working with INTERPOL and the World Economic Forum to Continue Driving Cyber Resilience in Latin America
• 13:8 : RadiantOne platform enhancements prevent identity-based attacks
• 13:8 : From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign
• 13:8 : New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
• 12:33 : Emerging FormBook Malware Threatens Windows Users with Complete System Takeover
• 12:33 : MATLAB With Over 5 Million Customers Suffers Ransomware Attack
• 12:33 : Robinhood Ransomware Operator Charged for Attacking Government and Private Networks
• 12:33 : APT36 & Sidecopy Hackers Attacks India’s Critical Infrastructure To Deploy Malware
• 12:33 : Securing Supply Chains – Mitigating Third-Party Risks
• 12:33 : Hackers Mimic Popular Antivirus Site to Deliver VenomRAT & Steal Finance Data
• 12:32 : Russian IT pro sentenced to 14 years forced labor for sharing medical data with Ukraine
• 12:32 : BalkanID IGA Lite reduces identity risk and ensures compliance
• 12:6 : Mozilla Firefox und Thunderbird: Mehrere Schwachstellen
• 12:6 : Getränkekonzern unter Druck: Hacker erpressen Coca-Cola und leaken interne Daten
• 12:6 : [NEU] [hoch] Mozilla Firefox und Thunderbird: Mehrere Schwachstellen
• 12:5 : Regulatory Compliance – Navigating Cybersecurity Laws
• 12:5 : Iranian Cyber Toufan Hackers Targeting Organizations To Steal Login Credentials
• 12:5 : Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities
• 12:5 : OneDrive Gives Web Apps Full Read Access to All Files
• 11:35 : Google Chrome: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
• 11:35 : iPhone-Diebe nutzen Spear-Phishing, um Entsperr-PIN abzugreifen
• 11:35 : [NEU] [mittel] Xen: Mehrere Schwachstellen ermöglichen Privilegieneskalation
• 11:35 : [NEU] [mittel] binutils: Mehrere Schwachstellen ermöglichen Codeausführung
• 11:35 : [NEU] [mittel] Google Chrome: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
• 11:34 : [NEU] [mittel] Arista EOS: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
• 11:32 : Hackers Circulate Over 93 Billion Stolen User Cookies on the Dark Web
• 11:32 : Location Tracking App for Foreigners in Moscow
• 11:32 : Mental Denial of Service: Narrative Malware and the Future of Resilience
• 11:32 : Attackers hit MSP, use its RMM software to deliver ransomware to clients
• 11:32 : Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
• 11:6 : Adobe Firefly im Test: Die Bild-KI soll Unternehmen Sicherheit bieten – aber ist sie auch gut?
• 11:6 : Claude spricht jetzt mit euch: Was der neue Voice Mode kann – und was nicht
• 11:5 : IT Security News Hourly Summary 2025-05-28 12h : 13 posts
• 11:4 : Robinhood Ransomware Operator Arrested for Attacks on Government and Private Networks
• 11:4 : Proposed HIPAA Update Makes Yearly Pen Testing Mandatory
• 10:33 : Umzugshilfe von Windows 10 mit “Windows Backup for Organizations”
• 10:32 : CISA Releases Executive Guide on SIEM and SOAR Platforms for Rapid Threat Detection
• 10:32 : Cybersecurity Skills Gap – Training the Next Generation
• 10:32 : CISA Releases ICS Advisories Covering Vulnerabilities & Exploits
• 10:32 : 251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
• 10:32 : How ‘Browser-in-the-Middle’ Attacks Steal Sessions in Seconds
• 10:6 : MCP Server: Github-Tool ermöglicht Datenklau aus privaten Code-Repos
• 10:6 : [NEU] [mittel] IBM Security Guardium: Mehrere Schwachstellen
• 10:5 : Salesforce Acquires Informatica For $8 Billion
• 10:5 : How to disable ACR on your TV (and why you shouldn’t wait to do it)
• 10:5 : The cost of compromise: Why password attacks are still winning in 2025
• 10:5 : Crooks use a fake antivirus site to spread Venom RAT and a mix of malware
• 10:5 : Zanubis in motion: Tracing the active evolution of the Android banking malware
• 10:5 : The Root of AI Hallucinations: Physics Theory Digs Into the ‘Attention’ Flaw
• 10:5 : Vulnerabilities in CISA KEV Are Not Equally Critical: Report
• 10:5 : Adidas Customer Data Stolen in Third-Party Attack
• 9:32 : New Phishing Campaign Uses DBatLoader to Drop Remcos RAT: What Analysts Need to Know
• 9:32 : $223 Million Stolen in Cetus Protocol Hack
• 9:8 : D-LINK Access Point (AP): Schwachstelle ermöglicht Codeausführung
• 9:8 : [NEU] [mittel] IBM App Connect Enterprise: Schwachstelle ermöglicht Denial of Service
• 9:7 : [NEU] [mittel] D-LINK Access Point (AP): Schwachstelle ermöglicht Codeausführung
• 9:5 : MATLAB, Serving Over 5 Million Users, Hit by Ransomware Attack
• 9:5 : Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks
• 9:5 : INE Security Partners with RedTeam Hacker Academy to Elevate Cybersecurity Expertise in the Middle East
• 9:5 : CISA Publishes SIEM & SOAR Implementation Guide Exclusively for Cybersecurity Executives
• 9:5 : Top Tools for Enterprise Security Monitoring
• 9:5 : Critical Firefox 0-Interaction libvpx Vulnerability Let Attackers Execute Arbitrary Code
• 9:5 : Uber’s Secret Management Platform – Scaling Secrets Security Across Multi-Cloud
• 9:5 : Vietnam-Nexus Hackers Distribute Malware Via Fake AI Video Generator Websites
• 8:34 : Sicherheitslücken: IBM Guardium Data Protection als Einfallstor für Angreifer
• 8:34 : [UPDATE] [hoch] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
• 8:34 : [NEU] [hoch] Redis: Schwachstelle ermöglicht Codeausführung
• 8:34 : [NEU] [mittel] libcurl: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
• 8:32 : CISA Publishes ICS Advisories Highlighting New Vulnerabilities and Exploits
• 8:32 : New Russian State Hacking Group Hits Europe and North America
• 8:6 : Sicherheitsupdates für Chrome, Firefox und Thunderbird
• 8:6 : Verdächtige verhaftet: Geldautomatensprenger erbeuten 1,2 Millionen Euro
• 8:6 : [NEU] [hoch] Icinga: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
• 8:5 : [UPDATE] [hoch] GIMP: Mehrere Schwachstellen ermöglichen Codeausführung
• 8:5 : [UPDATE] [hoch] Python: Mehrere Schwachstellen
• 8:5 : [UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen
• 8:5 : IT Security News Hourly Summary 2025-05-28 09h : 6 posts
• 8:3 : Chrome Security Patch Addresses High-Severity Vulnerabilities Enabling Code Execution
• 8:2 : Velvet Chollima APT Hackers Attacking Government Officials With Weaponized PDF
• 8:2 : INE Security and RedTeam Hacker Academy Announce Partnership to Advance Cybersecurity Skills in the Middle East
• 7:32 : Digitale Verteidigung: Cyberresilienz durch Cyberreservisten
• 7:32 : Verdächtige verhaftet: Geldautomatensprenger haben 1,2 Millionen Euro erbeutet
• 7:32 : MathWorks confirms ransomware attack, Adidas has data breach, Dutch intelligence warns of cyberattack
• 7:3 : Zero-Interaction libvpx Flaw in Firefox Allows Attackers to Run Arbitrary Code
• 7:3 : DragonForce double-whammy: First hit an MSP, then use RMM software to push ransomware
• 7:2 : Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats
• 7:2 : Phishing Scams, DNS Hijacking, and Cybersecurity Leadership Shakeup
• 6:32 : Silver RAT Malware With New Anti-virus Bypass Techniques Executes Malicious Activities
• 6:32 : LogicGate brings risk management to individual business units
• 6:4 : Why data provenance must anchor every CISO’s AI governance strategy
• 5:32 : Security Trends Analysis – Emerging Risks for 2025
• 5:5 : IT Security News Hourly Summary 2025-05-28 06h : 2 posts
• 5:2 : GitHub becomes go-to platform for malware delivery across Europe
• 5:2 : Woodpecker: Open-source red teaming for AI, Kubernetes, APIs
• 4:32 : Hottest cybersecurity open-source tools of the month: May 2025
• 4:4 : Chrome Security Update – High-Severity Vulnerabilities Leads to Code Execution
• 4:4 : Cybercriminals Are Dividing Tasks — Why That’s a Big Problem for Cybersecurity Teams
• 3:2 : Cybersecurity-Behörde der USA erleidet massiven Schwund von Führungskräften
• 2:32 : ASUS to chase business PC market with free AI, or no AI – because nobody knows what to do with it
• 2:2 : ISC Stormcast For Wednesday, May 28th, 2025 https://isc.sans.edu/podcastdetail/9468, (Wed, May 28th)
• 0:4 : Don’t click on that Facebook ad for a text-to-AI-video tool
• 23:5 : Andor im echten Leben: CIA kommunizierte über Star-Wars-Fanseite
• 23:5 : IT Security News Hourly Summary 2025-05-28 00h : 3 posts
• 23:5 : Anthropic Future-Proofs New AI Model With Rigorous Safety Rules
• 23:4 : Understanding the Cookie-Bite MFA Bypass Risk
• 22:55 : IT Security News Daily Summary 2025-05-27
• 22:32 : Security leaders lose visibility as consultants deploy shadow AI copilots to stay employed
• 22:32 : Introducing new regional implementations of Landing Zone Accelerator on AWS to support digital sovereignty
• 22:7 : DragonForce operator chained SimpleHelp flaws to target an MSP and its customers
• 22:6 : Zscaler to Acquire MDR Specialist Red Canary