IT Security News Daily Summary 2025-06-27

167 posts were published in the last hour

• 21:38 : Friday Squid Blogging: What to Do When You Find a Squid “Egg Mop”
• 21:5 : The Untold Costs of Automation: Are We Sacrificing Security for Speed?
• 21:5 : Week in Review: Qilin adds lawyers, Iranian spearphishing campaign, Microsoft Direct Send hack
• 20:35 : Threat Actors Use Clickfix Tactics to Deploy Malicious AppleScripts for Stealing Login Credentials
• 20:35 : Cloudflare blocks largest DDoS attack – here’s how to protect yourself
• 20:35 : Taking over millions of developers exploiting an Open VSX Registry flaw
• 20:35 : Red Hat Advanced Cluster Security 4.8 simplifies management, enhances workflows and offers deeper external IP visibility
• 20:35 : Unveiling RIFT: Enhancing Rust malware analysis through pattern matching
• 20:5 : IT Security News Hourly Summary 2025-06-27 21h : 4 posts
• 20:4 : How runtime attacks turn profitable AI into budget black holes
• 20:4 : ESET Threat Report H1 2025
• 20:4 : Prolific cybercrime gang now targeting airlines and the transportation sector
• 20:4 : 25 Best Managed Security Service Providers (MSSP) in 2025
• 19:40 : Exploitation of Microsoft 365 Direct Send to Deliver Phishing Emails as Internal Users
• 19:40 : Threat Actors Leverage Windows Task Scheduler to Embed Malware and Maintain Persistence
• 19:39 : What is phishing? Understanding enterprise phishing threats
• 19:39 : Can AI run a physical shop? Anthropic’s Claude tried and the results were gloriously, hilariously bad
• 19:39 : AI-fueled fake IDs and identity theft: What you need to know
• 19:39 : Troubleshooting SCIM Provisioning Issues: Your Complete Debug Guide
• 18:35 : Anthropic has a plan to combat AI-triggered job losses predicted by its CEO
• 18:35 : From Packets to Protection: How Network Observability Powers Security and Forensics
• 18:7 : How Anthropic’s new initiative will prepare for AI’s looming economic impact
• 18:7 : The Early Stage Growth Trap: How Smart Startups Escape the Marketing Catch-22
• 17:35 : Anzeige: Von CRA bis ISO – neue IT-Sicherheitsregularien meistern
• 17:34 : How to build a cybersecurity RFP
• 17:34 : How to turn on Android’s Private DNS mode – and why turning it off is a big mistake
• 17:34 : How to turn off ACR on your TV (and why it make such a big difference)
• 17:34 : Cisco punts network-security integration as key for agentic AI
• 17:5 : IT Security News Hourly Summary 2025-06-27 18h : 14 posts
• 17:2 : Aloha, you might’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’
• 16:37 : New Stealthy Remcos Malware Campaigns Target Businesses and Schools
• 16:36 : SBOM formats explained: Guide for enterprises
• 16:36 : 12 DevSecOps tools to secure each step of the SDLC
• 16:36 : Beware of Trending TikTok Videos That Promotes Pirated Apps Deliver Stealer Malware
• 16:36 : Threat Actors Behind GIFTEDCROOK Stealer Coverted It To an Intelligence-Gathering Tool
• 16:36 : Threat Actors Exploiting Windows & Linux Servers Vulnerability to Deploy Web Shell
• 16:36 : ESET Warns of NFC Data for Contactless Payments Emerges as Cybercrime Target
• 16:36 : Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black
• 16:36 : Keylogger Injection Targets Microsoft Exchange Servers
• 16:36 : Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
• 16:3 : DeepSeek Faces App Store Ban In Germany, After Data Transfer Criticism
• 16:2 : US Supreme Court Upholds Texas Porn ID Law
• 16:2 : Fake DocuSign email hides tricky phishing attempt
• 15:39 : AI and collaboration tools: how cyberattackers are targeting SMBs in 2025
• 15:38 : Fortinet Training Institute Wins Industry Accolades
• 15:38 : So you CAN turn an entire car into a video game controller
• 15:7 : Is classic Outlook crashing when you open or start an email? There’s now a fix for that
• 15:7 : Defining Cyber Resilience: Industry Leaders Meet in London as AI Threats Accelerate
• 15:6 : Microsoft Teams to Set Employee’s Work Locations Based on Organization’s Wi-Fi Network
• 15:6 : Weaponized DeepSeek Installers Delivers Sainbox RAT and Hidden Rootkit
• 15:6 : In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update
• 15:6 : When Infostealer Frontiers Meet Identity-Centric Defense: Lessons from BSides SATX 2025
• 15:6 : Unwanted Emails Are Annoying But Unsubscribing Can Be Riskier
• 15:6 : Meta.ai Privacy Lapse Exposes User Chats in Public Feed
• 14:7 : Microsoft To Replace ‘Blue Screen Of Death’ With Refreshed Restart Screen
• 14:7 : Data spill in aisle 5: Grocery giant Ahold Delhaize says 2.2M affected after cyberattack
• 14:7 : PUBLOAD and Pubshell Malware Used in Mustang Panda’s Tibet-Specific Attack
• 14:5 : IT Security News Hourly Summary 2025-06-27 15h : 11 posts
• 13:36 : Digital Market Act: Apple überarbeitet das App-Store-Modell erneut – was bald gilt
• 13:36 : Benchmark-Krise: Wie können wir KI wirklich sinnvoll bewerten?
• 13:35 : Microsoft wirft Antivirensoftware aus dem Windows-Kernel
• 13:34 : Microsoft Sued By Authors In Latest AI Copyright Lawsuit
• 13:34 : World SMB Day: Eight Network Tech Essentials Every Small Business Needs
• 13:34 : OneClik APT campaign targets energy sector with stealthy backdoors
• 13:34 : CVE-2024-39914 – Unauthenticated Command Injection in FOG Project’s export.php
• 13:34 : KC Man Hacked Computers to Pitch For Cybersecurity Services Pleaded Guilty
• 13:34 : Let’s Encrypt to Issue Certificate for IP Address With 6-Day Validity
• 13:34 : Cybercriminals Leveraging CapCut Popularity to Harvest Apple ID Credentials & Credit Card Data
• 13:3 : Neues Gesetz gegen Deepfakes: Die Verbreitung könnte für Plattformen bald teuer werden
• 13:3 : WIderstandsfähiges Windows: Antivirensoftware fliegt aus dem Kernel
• 12:36 : Kommission: Mindestlohn soll 2026 auf 13,90 Euro steigen
• 12:36 : Intelbroker: FBI enttarnt prominenten Hacker mittels Bitcoin-Transaktion
• 12:34 : Leeds United And Reflectiz Partner To Share Insights On Proactive Web Security After Cyber Attack
• 12:34 : Microsoft Teams to Auto-Detect Work Location Using Company Wi-Fi
• 12:34 : Hawaiian Airlines Hit by Cybersecurity Incident
• 12:5 : Hawaiian Airlines Targeted in Cyberattack, Systems Compromised
• 12:5 : Let’s Encrypt Launches 6-Day Certificates for IP-Based SSL Encryption
• 12:5 : SparkKitty Spyware Targets iOS and Android Through Fake Apps and Crypto Scams
• 12:5 : Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage
• 11:40 : Microsoft Edge: Mehrere Schwachstellen
• 11:40 : Phishing-Welle: Betrüger geben sich als Paypal aus
• 11:40 : [NEU] [mittel] Microsoft Edge: Mehrere Schwachstellen
• 11:40 : [UPDATE] [hoch] OpenSSH: Mehrere Schwachstellen
• 11:39 : Hunt Electronic DVR Vulnerability Leaves Admin Credentials Unprotected
• 11:38 : How to Protect Your Drupal Site From Cyberattacks
• 11:38 : The Age of Integrity
• 11:38 : Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
• 11:38 : Business Case for Agentic AI SOC Analysts
• 11:10 : Datenkrake statt Hype: Warum die Berliner Datenschutzbeauftragte Deepseek aus den Stores verbannen will
• 11:10 : Vorbereiten auf Einschlag: Microsoft warnt vor Secure-Boot-Zertifikat-Update
• 11:10 : SparkKitty: ein neuer Stealer im App Store und bei Google Play | Offizieller Blog von Kaspersky
• 11:10 : [NEU] [mittel] GStreamer: Schwachstelle ermöglicht Codeausführung und DoS
• 11:10 : [NEU] [UNGEPATCHT] [kritisch] D-LINK Router DIR-815, DIR-815 und DIR-867: Mehrere Schwachstellen
• 11:10 : [NEU] [mittel] Red Hat OpenShift Container Platform: Schwachstelle ermöglicht Denial of Service und Offenlegung
• 11:10 : [NEU] [UNGEPATCHT] [hoch] Linksys Router: Schwachstelle ermöglicht Codeausführung
• 11:10 : [NEU] [mittel] MongoDB: Mehrere Schwachstellen
• 11:9 : Is my phone infected with spyware? How to tell
• 11:9 : Researchers Warn Free VPNs Could Leak US Data to China
• 11:9 : Threat Actors Employ Clickfix Tactics to Deliver Malicious AppleScripts That Steal Login Credentials
• 11:8 : MongoDB Server Pre-Authentication Vulnerability Let Attackers Trigger DoS Condition
• 11:5 : IT Security News Hourly Summary 2025-06-27 12h : 5 posts
• 10:34 : Wenn niemand mithören soll: Mit dieser neuen Smartphone-Funktion telefonierst du, ohne ein Wort zu sagen
• 10:32 : Quantum computers just got an upgrade – and it’s 10× more efficient
• 10:32 : RevEng.ai Raises $4.15 Million to Secure Software Supply Chain
• 10:10 : Datenklau kam später: Studentin hackt Uni, um günstiger zu parken
• 10:10 : [UPDATE] [mittel] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifischen Angriff
• 10:8 : ClickFix Attacks Soar by 500%: Hackers Intensify Use of This Manipulative Technique to Deceive Users
• 10:8 : Windows 11 Retires Blue Screen of Death Error Replaces With Black Screen
• 10:8 : Threat Actors Embed Malware on Windows System’s Task Scheduler to Maintain Persistence
• 10:8 : Chinese Hackers Target Chinese Users With RAT, Rootkit
• 9:44 : Disney, Universal und News Corp denken bei ihren KI-Klagen nur an sich selbst
• 9:42 : APT-C-36 Hackers Launching Cyberattacks on Government Entities, Financial Sectors, and Critical Systems
• 9:42 : Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability
• 9:42 : CitrixBleed 2 Vulnerability Exploited, Recalling Earlier CitrixBleed Fallout
• 9:5 : Historischer Fund: James Webb entdeckt erstmals eigenen Exoplaneten – und schreibt Geschichte
• 9:3 : Your Android phone is getting a big security upgrade for free – here’s what’s new
• 8:39 : APT42 impersonates cyber professionals to phish Israeli academics and journalists
• 8:38 : Vulnerability Exposed All Open VSX Repositories to Takeover
• 8:38 : MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
• 8:9 : Seit 40 Jahren gefürchtet: Darum wird Windows bald keinen blauen Bildschirm mehr anzeigen
• 8:9 : Jetzt patchen! DoS-Attacken auf Citrix NetScaler ADC und Gateway beobachtet
• 8:8 : Mitsubishi Electric AC Flaw Lets Hackers Remotely Control Systems
• 8:8 : Windows Says Goodbye to Blue Screen of Death, Introduces Black Screen
• 8:7 : Microsoft 365 Direct Send Abused for Phishing
• 8:7 : Abstract Security Adds Data Lake to Reduce Storage Costs
• 8:7 : MOVEit Transfer Systems Face Fresh Attack Risk Following Scanning Activity Surge
• 8:5 : IT Security News Hourly Summary 2025-06-27 09h : 5 posts
• 7:40 : Cybersicherheit bleibt bei Verbrauchern auf der Strecke
• 7:40 : Phishing-Welle zielt auf Apobank ab: Praxen und Apotheken müssen aufpassen
• 7:40 : Sony, Bose und mehr: Unzählige Bluetooth-Kopfhörer anfällig für Lauschangriffe
• 7:38 : ClickFix Attack Emerges by Over 500% – Hackers Actively Using This Technique to Trick Users
• 7:38 : OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
• 7:37 : Iranian-backed spearphishing campaign, Microsoft Outlook fix, Glasgow suffers cyberattack
• 7:37 : Max Severity Flaws, Massive Exploits, and AI Security: A Cybersecurity Briefing
• 7:12 : Attacken auf Fernwartungsfirmware von Servern laufen
• 7:10 : University Student Charged for Alleged Hacking and Data Theft
• 7:10 : Pre-Auth Flaw in MongoDB Server Allows Attackers to Cause DoS
• 7:10 : APT-C-36 Hackers Attacking Government Institutions, Financial Organizations, and Critical Infrastructure
• 7:10 : Money mule networks evolve into hierarchical, business-like criminal enterprises
• 6:31 : Attacken auf Fernwartungslücke in Servern von HPE, Lenovo und Co.
• 6:31 : [UPDATE] [mittel] Red Hat Enterprise Linux: Schwachstelle ermöglicht Codeausführung
• 6:7 : Google Chrome / Microsoft Edge: Mehrere Schwachstellen
• 6:7 : [UPDATE] [mittel] Google Chrome / Microsoft Edge: Mehrere Schwachstellen
• 6:6 : Managing through chaos to secure networks
• 5:38 : [UPDATE] [hoch] WinRAR: Schwachstelle ermöglicht Codeausführung
• 5:37 : 2025-06-26: Lumma Stealer infection with follow-up malware
• 5:37 : Critical Vulnerability in VSCode Marketplace Forks Exposed: Millions of Developers at Risk
• 5:10 : Anzeige: Methodik, Standards und Prüfung zum IT-Grundschutz-Praktiker
• 5:10 : [UPDATE] [hoch] McAfee Agent: Mehrere Schwachstellen
• 5:8 : Kansas City Man Pleads Guilty After Hacking to Promote His Cybersecurity Services
• 5:8 : Open VSX Marketplace Flaw Enables Millions of Developers at Risk of Supply Chain Attacks
• 5:8 : Best SAST Solutions: How to Choose Between the Top 11 Tools in 2025
• 5:8 : After a hack many firms still say nothing, and that’s a problem
• 5:5 : IT Security News Hourly Summary 2025-06-27 06h : 2 posts
• 4:35 : We know GenAI is risky, so why aren’t we fixing its flaws?
• 4:6 : Hunderte Multifunktionsdrucker verschiedener Hersteller mit Sicherheitslücken
• 4:5 : Auslegungssache 137: Ohne Unterschrift kein Geld!
• 4:4 : Infosec products of the month: June 2025
• 3:34 : Mitsubishi Electric AC Systems Vulnerability Allows Remote Control Without User Interaction
• 2:5 : IT Security News Hourly Summary 2025-06-27 03h : 2 posts
• 2:4 : ISC Stormcast For Friday, June 27th, 2025 https://isc.sans.edu/podcastdetail/9508, (Fri, Jun 27th)
• 1:4 : AI vs. AI: How Deepfake Attacks Are Changing Authentication Forever
• 0:34 : AI Bug Hunter Sets Milestone By Claiming Top Spot on HackerOne’s Leaderboard
• 0:2 : How an Email, Crypto Wallet and YouTube Activity Led the FBI to IntelBroker
• 23:5 : IT Security News Hourly Summary 2025-06-27 00h : 5 posts
• 22:55 : IT Security News Daily Summary 2025-06-26
• 22:2 : Program Execution, follow-up pt II