Latest news as of 6/17/2025, 1:42:07 AM
Dark Reading
The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same.
The Register
Trump-pardoned hacker Chris Wade will join the company as CTO Cellebrite has announced a $170 million deal to buy Corellium, bringing together two companies that have made names for themselves by helping law enforcement break into encrypted devices.…
The Register
Plus: Plankey's confirmation process 'temporarily delayed' Sean Cairncross, President Donald Trump's nominee to serve as national cyber director, doubled down on taking offensive cyber actions against foreign adversaries during a Senate homeland security committee nomination hearing on Thursday, and refused to condemn the president's proposed cuts to the main US cyber defense agency.…
Dark Reading
Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022.
Bleeping Computer
A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. [...]
The Register
Dark web crime platform raked in $17M+ over three years of operation Uncle Sam has seized 145 domains tied to BidenCash, the notorious dark web market that trafficked in more than 15 million stolen credit cards.…
Bleeping Computer
Designing a security-focused Windows Service? Learn more from ThreatLocker about the core components for real-time monitoring, threat detection, and system hardening to defend against malware and ransomware. [...]
Bleeping Computer
Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. [...]
Dark Reading
A group that Google is tracking as UNC6040 has been tricking users at many organizations into installing a malicious version of a Salesforce app to gain access and steal data from the platform.
The Hacker News
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response