Latest news as of 7/23/2025, 11:06:46 AM
Bleeping Computer
Microsoft has resolved a known issue that triggers invalid Windows Firewall errors after rebooting Windows 11 24H2 systems with the June 2025 preview update installed. [...]
The Hacker News
Google has announced the launch of a new initiative called OSS Rebuild to bolster the security of the open-source package ecosystems and prevent software supply chain attacks. "As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers," Matthew Suozzo, Google Open Source Security
The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two security flaws impacting SysAid IT support software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2025-2775 (CVSS score: 9.3) - An improper restriction of XML external entity (XXE) reference vulnerability in the
Have I Been Pwned
In May 2025, 160k records of customer data was allegedly obtained from Creams Cafe, "the UK's favourite dessert parlour". The data included email and physical addresses, names and phone numbers. Creams Cafe did not respond to repeated attempts to disclose the incident, however multiple impacted HIBP subscribers confirmed the legitimacy and accuracy of the data.
The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on July 22, 2025, added two Microsoft SharePoint flaws, CVE-2025-49704 and CVE-2025-49706, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. To that end, Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by July 23, 2025. "CISA is
The Register
Suggests buying local tech to avoid infosec worries China’s Ministry of State Security has spent the week warning of backdoored devices on land and at sea.…
Dark Reading
China officially rolled out a voluntary Internet identity system to protect citizens' online identities and personal information, but critics worry about privacy and surveillance.
Dark Reading
Hackers and cybercrime groups are part of a virtual feeding frenzy, after Microsoft's recent disclosure of new vulnerabilities in on-premises editions of SharePoint Server.
Bleeping Computer
The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. [...]
The Register
CyberSentry work grinds to a halt Government funding for a program that hunts for threats on America's critical infrastructure networks expired on Sunday, preventing Lawrence Livermore National Laboratory from analyzing activity that could indicate a cyberattack, the program director told Congress on Tuesday.…