Latest news as of 8/5/2025, 10:27:28 AM
The Register
Let the games begin Ransomware has officially entered the Microsoft SharePoint exploitation ring.…
Bleeping Computer
A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. [...]
The Hacker News
Cybersecurity researchers have shed light on a new versatile malware loader called CastleLoader that has been put to use in campaigns distributing various information stealers and remote access trojans (RATs). The activity employs Cloudflare-themed ClickFix phishing attacks and fake GitHub repositories opened under the names of legitimate applications, Swiss cybersecurity company PRODAFT said in
The Register
Some coyotes hunt squirrels, this one hunts users' financial apps A new variant of the Coyote banking trojan abuses Microsoft's UI Automation (UIA), making it the first reported malware to use UIA for credential theft.…
The Register
Palantir, data brokers, and judicial overreach are all on the horizon, executive director Cindy Cohn warns In July 1990, before the World Wide Web even existed, an unusual alliance was formed to fight for the rights of the emerging online community.… Interview
Bleeping Computer
Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. [...]
The Hacker News
Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution. The two vulnerabilities impacting Sophos Firewall are listed below - CVE-2025-6704 (CVSS score: 9.8) - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature can lead
The Register
Malicious actor reportedly sought to expose AWS 'security theater' The official Amazon Q extension for Visual Studio Code (VS Code) was compromised to include a prompt to wipe the user's home directory and delete all their AWS resources.…
Dark Reading
When security leaders embrace this truth and learn to speak in the language of leadership, they don't just protect the enterprise, they help lead it forward.
Bleeping Computer
Hackers compromised Toptal's GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. [...]