Latest news as of 8/6/2025, 4:36:20 AM
Dark Reading
An employee inadvertently downloaded a malicious version of the legitimate RVTools utility, which launched an investigation into an attempted supply chain attack aimed at delivering the recently revived initial-access loader.
The Register
Update before that proof-of-concept comes to bite Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed.…
Bleeping Computer
A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS). [...]
Dark Reading
The threat group games IT help desks to gain entry into retailer networks, and signs show it has shifted its attention from the UK to US targets.
The Hacker News
An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. "The actor creates websites that masquerade as legitimate services, productivity tools, ad and media creation or analysis
Dark Reading
Since December 2023, the threat group has preyed on domains belonging to the US Centers for Disease Control and Prevention (CDC) and numerous other reputable organizations worldwide to redirect users to malicious sites.
Bleeping Computer
Service desks are on the front lines of defense—and attackers know it. Attackers are using social engineering attacks to trick agents into changing passwords, disabling MFA, and granting access. Learn more from Specops Software on how to secure your service desk. [...]
Bleeping Computer
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack where hackers replaced a DLL in the distributed installer to drop the Bumblebee malware loader on users' machines. [...]
Dark Reading
Organizations that stay ahead of attacks won't be the most compliant ones — they'll be the ones most honest about what actually works.
Graham Cluley
In episode 51 of The AI Fix, a Greek man's marriage is destroyed after ChatGPT reads his coffee, a woman dumps her husband to marry an AI called Leo, and Graham wonders whether it's time to upload his brain into a lunchbox-packing robot. Meanwhile, a humanoid robot goes full Michael Crawford in a Chinese factory, the UK government launches an AI to read angry public consultations, and Mark dreams of a world where robots finally have common sense - and swear like sailors. Plus Graham uncovers how AI is wrecking relationships and inventing soulmates, and Mark explains why Google's Gemini-powered bots might be smarter, more dexterous, and more emotionally stable than most of your exes. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.