Latest news as of 8/17/2025, 1:29:09 AM
The Hacker News
In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that distinction can quietly create real exposure. This confusion isn’t just semantics. It reflects a deeper misunderstanding of the shared responsibility model, particularly in SaaS environments where the line between vendor and customer
The Register
These are the conference events to keep an eye on. You can even stream a few The security industry is hitting Vegas hard this week with three conferences in Sin City that bring the world's largest collection of security pros together for the annual summer camp.…
Bleeping Computer
Google has released security patches for six vulnerabilities in Android's August 2025 security update, including two Qualcomm flaws exploited in targeted attacks. [...]
The Hacker News
Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn’t adding more and more tools to SOC workflows but giving analysts the speed and visibility they need to catch real attacks before they cause damage. Here’s how
Bleeping Computer
Microsoft will offer up to $5 million in bounty awards at this year's Zero Day Quest hacking contest, which the company describes as the "largest hacking event in history." [...]
The Hacker News
Cybersecurity researchers have lifted the veil on a widespread malicious campaign that's targeting TikTok Shop users globally with an aim to steal credentials and distribute trojanized apps. "Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users," CTM360 said. "The core tactic involves a deceptive
The Hacker News
SonicWall said it's actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July 2025. "Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled," the network security vendor said in a
The Register
'Plague' malware has been around for months without tripping alarms Researchers at German infosec services company Nextron Threat have spotted malware that creates a highly-persistent Linux backdoor and say antivirus engines do not flag the code as malicious.…
The Register
Bypassing MFA and deploying ransomware…sounds like something that rhymes with 'schmero-day' SonicWall on Monday confirmed that it's investigating a rash of ransomware activity targeting its firewall devices, following multiple reports of a zero-day bug under active exploit in its VPNs.…
Dark Reading
The flaws in the company's Triton Inference Server enables model theft, data leaks, and response manipulation.