IT Security News Daily Summary 2025-06-13

175 posts were published in the last hour

• 21:36 : News brief: Gartner Security and Risk Management Summit recap
• 21:3 : ‘No Kings’ Protests, Citizen-Run ICE Trackers Trigger Intelligence Warnings
• 21:3 : LinuxFest Northwest: Chaos Testing Of A Postgres Cluster On Kubernetes
• 21:2 : Week in Review: Google and Cloudflare outages, Copilot Zero-Click, Cloudflare’s Claude flair
• 20:5 : IT Security News Hourly Summary 2025-06-13 21h : 5 posts
• 20:4 : What a smart contract audit is, and how to conduct one
• 20:4 : How to write a risk appetite statement: Template, examples
• 19:2 : CISO’s guide to building a strong cyber-resilience strategy
• 18:34 : Do you trust Xi with your ‘private’ browsing data? Apple, Google stores still offer China-based VPNs, report says
• 18:34 : How to create post-quantum signatures using AWS KMS and ML-DSA
• 18:5 : Understanding the Fundamentals of Cryptography
• 18:5 : Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web
• 17:38 : Meta AI is a ‘Privacy Disaster’ — OK Boomer
• 17:38 : AI security strategies from Amazon and the CIA: Insights from AWS Summit Washington, DC
• 17:10 : Reich durch KI: Wie OpenAI-Mitarbeiter Milliarden mit Aktien verdienen
• 17:10 : Whatsapp: Diese Neuerungen erwarten euch ab sofort im Messenger
• 17:10 : Liquid Glass in macOS: So aktivierst ihr den Look auch in Windows
• 17:9 : Kritik an Palantir im Polizeieinsatz: Hat Staatsschutz Vorrang vor Privatsphäre?
• 17:9 : The cloud broke Thursday and it’ll happen again – how to protect your business before then
• 17:8 : China and Taiwan Accuse Each Other for Cyberattacks Against Critical Infrastructure
• 17:8 : US Seizes $7.7 Million From Crypto Linked to North Korea’s IT Worker Scam
• 17:5 : IT Security News Hourly Summary 2025-06-13 18h : 11 posts
• 16:39 : Anzeige: Microsoft-Defender-Werkzeuge effektiv einsetzen
• 16:38 : Mitigating prompt injection attacks with a layered defense strategy
• 16:38 : How identity management is shifting into the agent era
• 16:38 : Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks
• 16:38 : FBI Issues Alert as BADBOX 2.0 Malware Infects Over 1 Million Devices, Hijacking Home Networks Worldwide
• 16:9 : Meta Sues Developer of CrushAI ‘Nudify’ App
• 16:9 : First Known Zero-Click AI Exploit: Microsoft 365 Copilot’s ‘EchoLeak’ Flaw
• 16:9 : INTERPOL-Led Effort Dismantles Infostealer Malware Network in 26 Countries Across Asia-Pacific Region
• 16:9 : CBP’s Predator Drone Flights Over LA Are a Dangerous Escalation
• 16:9 : Kali Linux 2025.2 Released: Smartwatch Wi-Fi Injection, Android Radio, and Hacking Tools
• 16:9 : Your Meta AI chats might be public, and it’s not a bug
• 16:9 : Predator Spyware Activity Resurfaces in Mozambique Using Novel Techniques
• 16:9 : Massive Data Leak Exposes Billions of Records in Suspected Chinese Surveillance Database
• 15:37 : Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added
• 15:37 : Toxic trend: Another malware threat targets DeepSeek
• 15:37 : What Can Schools Expect When Choosing Heimdal?
• 15:37 : Securing the Connected Factory Floor
• 15:37 : Apple fixes zero-click exploit underpinning Paragon spyware attacks
• 15:37 : Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names
• 15:37 : AWS CIRT announces the launch of the Threat Technique Catalog for AWS
• 15:8 : Global analysis of Adversary-in-the-Middle phishing threats
• 15:8 : First Known ‘Zero-Click’ AI Exploit: Microsoft 365 Copilot’s EchoLeak Flaw
• 15:8 : Argusee and Agentic AI in Cybersecurity
• 15:8 : Envilder – Secure AWS SSM CLI for Environment Variable Management
• 14:36 : Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
• 14:8 : Phishing und Passwort-Klau: Bösartige Skripte im Mail-Anhang als Vektorgrafik
• 14:7 : Google Resolves Global Cloud Outage
• 14:6 : Discover Check Point’s AI-powered, cloud-delivered security solutions at AWS re:Inforce 2025
• 14:6 : Here’s What Marines and the National Guard Can (and Can’t) Do at LA Protests
• 14:6 : Microsoft 365 Authentication Issues Disrupt User Access Across Multiple Regions
• 14:6 : Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection
• 14:6 : Wanted: Junior cybersecurity staff with 10 years’ experience and a PhD
• 14:6 : In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost
• 14:5 : IT Security News Hourly Summary 2025-06-13 15h : 11 posts
• 13:36 : Sicherheitskonzepte für Brandschutz und KRITIS
• 13:35 : API Security Under Federal Scrutiny: A Wake-Up Call for CIOs
• 13:35 : Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header
• 13:35 : NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures
• 13:34 : Paragon Spyware Used to Spy on European Journalists
• 13:34 : Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale
• 13:3 : E-Mail-Sicherheit: Verstärkte Angriffe mit SVG
• 13:3 : Red team AI now to build safer, smarter models tomorrow
• 13:3 : New GitHub Device Code Phishing Attacks Targeting Developers to Steal Tokens
• 13:3 : Acer Control Center Vulnerability Let Attackers Execute Malicious Code as a Privileged User
• 13:2 : New SmartAttack Steals Sensitive Data From Air-Gapped Systems via Smartwatches
• 12:37 : TeamFiltration Abused in Entra ID Account Takeover Campaign
• 12:37 : iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)
• 12:5 : Meta Invests $14.3bn In AI Firm Scale, Poaches CEO
• 12:5 : Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access
• 12:5 : The New AI Attack Surface — How Cortex Cloud Secures MCP
• 12:5 : Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday
• 11:37 : Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
• 11:37 : Amazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network Traffic
• 11:37 : Heimdal for Schools: Why IT Teams Are Making the Switch
• 11:37 : Beyond Cyber Essentials: How to Go Beyond Compliance and Achieve Comprehensive Security
• 11:36 : Cyber Attacks on Schools: How Educational Institutions Are Tackling Cyber Threats
• 11:36 : When Schools Choose Heimdal: What to Expect
• 11:36 : Microsoft Defender Spoofing Vulnerability Allows Privilege Escalation and AD Access
• 11:36 : PoC Exploit Released for Windows Disk Cleanup Tool Elevation of Privilege Vulnerability
• 11:36 : New TokenBreak Attack Bypasses AI Model’s with Just a Single Character Change
• 11:36 : HashiCorp Nomad Vulnerability Allows Privilege Escalation via ACL Policy Lookup Exploit
• 11:36 : CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
• 11:36 : Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
• 11:36 : European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms
• 11:7 : KI, hilf mir bei der Urlaubsplanung: MIT-Forscher entwickeln „Problemlöser“ für Sprachmodelle
• 11:7 : KI als eigenes Werk verkauft: Autorin vergisst Chatbot-Antwort im fertigen Buch
• 11:7 : Nach über 100 Jahren: Cyberangriff drängt deutsche Firma in die Insolvenz
• 11:7 : [NEU] [hoch] xwiki: Mehrere Schwachstellen
• 11:6 : Developers Beware – Sophisticated Phishing Scams Exploit GitHub Device Code Flow to Hijack Tokens
• 11:6 : Apple confirmed that Messages app flaw was actively exploited in the wild
• 11:6 : January 2025 Cyber Attacks Statistics
• 11:6 : SimpleHelp Vulnerability Exploited Against Utility Billing Software Users
• 11:6 : Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage
• 11:5 : IT Security News Hourly Summary 2025-06-13 12h : 12 posts
• 10:35 : [NEU] [mittel] Red Hat Satellite: Schwachstelle ermöglicht Denial of Service
• 10:34 : Serverless Tokens in the Cloud: Exploitation and Detections
• 10:34 : Unpatched IT Tool Opens Door – Hackers Breach Billing Software Firm via SimpleHelp RMM
• 10:34 : HashiCorp Nomad ACL Lookup Flaw Allows Privilege Escalation
• 10:34 : Paragon Spyware used to Spy on European Journalists
• 10:34 : Fog Ransomware Attack Employs Unusual Tools
• 10:34 : SAML vs. OAuth 2.0: Mastering the Key Differences
• 10:6 : [UPDATE] [hoch] Apache Commons BeanUtils: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
• 10:5 : Fog Ransomware Uses Pentesting Tools to Steal Data and Launch Attacks
• 10:5 : Graphite Spyware Uses iOS Zero-Click Flaw to Target Journalists
• 10:4 : Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing Firm
• 10:4 : Google “strongly encourages” its users to stop using passwords
• 9:33 : [NEU] [mittel] Python: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
• 9:33 : [NEU] [mittel] VMware Tanzu Spring Framework: Schwachstelle ermöglicht Manipulation von Dateien
• 9:33 : [NEU] [hoch] Tenable Security Nessus: Mehrere Schwachstellen
• 9:32 : JSFireTruck Obfuscation Helps Cybercriminals Hijack Trusted Sites with Malicious JavaScript
• 9:32 : Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware
• 9:32 : Ransomware Actors Exploit Unpatched SimpleHelp RMM to Compromise Billing Software Provider
• 9:32 : Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows Corporate Data Theft
• 9:5 : iPhone-Nutzer attackiert: Zero-Click-Lücke in iOS für Spyware-Attacken missbraucht
• 8:34 : Hintertürpflicht für britische Lauscher: WhatsApp will Apple helfen
• 8:34 : [NEU] [hoch] xwiki: Schwachstelle ermöglicht SQL Injection
• 8:33 : PoC Exploit Unveiled for Windows Disk Cleanup Elevation Vulnerability
• 8:33 : Slapped wrists for Financial Conduct Authority staff who emailed work data home
• 8:33 : Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption
• 8:33 : Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking
• 8:33 : Qilin Ransomware Actors Take Advantage of Newly Discovered Fortinet Bugs
• 8:7 : Sicherheitslücken in GitLab: Angreifer können Accounts übernehmen
• 8:7 : Großbritanien: WhatsApp springt Apple im Kryptokrieg zur Seite
• 8:7 : [NEU] [mittel] Dell integrated Dell Remote Access Controller: Schwachstelle ermöglicht Privilegieneskalation
• 8:6 : Major Outage Hits Google Cloud and Linked Cloudflare Services, Thousands Affected
• 8:6 : Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer
• 8:6 : Ualabee – 472,296 breached accounts
• 8:5 : StackHawk Sensitive Data Identification provides visibility into high-risk APIs
• 8:5 : Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
• 8:5 : IT Security News Hourly Summary 2025-06-13 09h : 12 posts
• 7:36 : Cybersicher aufstellen, Cyberangriffe verhindern
• 7:36 : Nutzer gefährdet: Sicherheitslücke in Thunderbird kann Anmeldedaten leaken
• 7:36 : [UPDATE] [hoch] Python: Mehrere Schwachstellen
• 7:36 : [UPDATE] [mittel] Golang Go (x/net/html): Schwachstelle ermöglicht Denial of Service
• 7:36 : [UPDATE] [mittel] Red Hat Advanced Cluster Security: Schwachstelle ermöglicht Denial of Service
• 7:36 : [UPDATE] [mittel] Red Hat Enterprise Linux (opentelemetry-collector): Schwachstelle ermöglicht Denial of Service
• 7:36 : [UPDATE] [hoch] GStreamer: Schwachstelle ermöglicht Denial of Service
• 7:35 : WebDAV Remote Code Execution 0-Day Actively Exploited — PoC Released
• 7:35 : TokenBreak Exploit Tricks AI Models Using Minimal Input Changes
• 7:35 : Graphite Spyware Exploits Apple iOS Zero-Click Vulnerability to Attack Journalists
• 7:35 : PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers
• 7:35 : ZeroRISC Raises $10 Million for Open Source Silicon Security Solutions
• 7:34 : Microsoft Entra attack, Thursday’s Cloud outages, Mark Green retires
• 7:4 : [UPDATE] [niedrig] QT: Schwachstelle ermöglicht Denial of Service
• 7:4 : [UPDATE] [hoch] Perl: Schwachstelle ermöglicht Denial of Service und potentiell Codeausführung
• 7:4 : [UPDATE] [mittel] Oracle Java SE: Mehrere Schwachstellen
• 7:4 : [UPDATE] [hoch] Red Hat Enterprise Linux (libsoup): Mehrere Schwachstellen
• 7:3 : [UPDATE] [mittel] PostgreSQL: Schwachstelle ermöglicht Denial of Service
• 7:2 : Does working from home come with cybersecurity challenges?
• 6:38 : Threat Actors Compromise 270+ Legitimate Websites With Malicious JavaScript Using JSFireTruck Obfuscation
• 6:38 : NSFOCUS Earns ISO 27701:2019 Privacy Information Management System Certification
• 6:38 : AI Security Threats: Echo Leak, MCP Vulnerabilities, Meta’s Privacy Scandal, and the ‘Peep Show’
• 6:9 : Smartwatches Potential Air-Gap Attack Vectors in “SmartAttack” Research
• 6:9 : What CISOs need to know about agentic AI
• 6:8 : Unpacking the security complexity of no-code development platforms
• 5:37 : Anzeige: Professionelle Incident Response mit BSI-Zertifizierung
• 5:36 : Security flaws in government apps go unpatched for years
• 5:7 : Industry Veterans and New Talent Recognised at European Cybersecurity Blogger Awards 2025
• 5:7 : Keeper Security Named Overall Leader on GigaOm Radar Report for Enterprise Password Management
• 5:7 : 7 Steps to Developing a Cybersecurity Strategy
• 5:7 : 19 ways to build zero trust: NIST offers practical implementation guide
• 4:7 : Auslegungssache 136: Bayerischer Datenschutz im Fokus
• 4:6 : New infosec products of the week: June 13, 2025
• 3:4 : Google Cloud and Cloudflare Suffers Massive Widespread Outages
• 2:9 : ISC Stormcast For Friday, June 13th, 2025 https://isc.sans.edu/podcastdetail/9492, (Fri, Jun 13th)
• 2:5 : IT Security News Hourly Summary 2025-06-13 03h : 2 posts
• 0:34 : [Guest Diary] Anatomy of a Linux SSH Honeypot Attack: Detailed Analysis of Captured Malware, (Fri, Jun 13th)
• 0:5 : Ransomware scum disrupted utility services with SimpleHelp attacks
• 23:35 : Assured Compliance Through Effective NHI Management
• 23:35 : Freedom to Choose Your NHI Security Approach
• 23:5 : IT Security News Hourly Summary 2025-06-13 00h : 2 posts
• 22:55 : IT Security News Daily Summary 2025-06-12
• 22:34 : Inside a Dark Adtech Empire Fed by Fake CAPTCHAs