Threatline

Cyber Security News From Around The World

Latest news as of 7/10/2025, 11:12:00 AM

Dark Reading

6 months ago

1Password’s Trelica Buy Part of Broader Shadow IT Play

The acquisition of Trelica accelerates 1Password's ongoing efforts to expand the role of the password manager with secure SaaS management

The Hacker News

6 months ago

The High-Stakes Disconnect For ICS/OT Security

Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn’t just ineffective—it’s high risk. In the rapidly evolving domain of cybersecurity, the specific challenges and needs for Industrial Control Systems (ICS) and Operational Technology (OT) security distinctly stand out from traditional IT security. ICS/OT

The Hacker News

6 months ago

Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool

As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an advisory. "Sensitive data, such as SSH keys,

Bleeping Computer

6 months ago

FBI deletes Chinese PlugX malware from thousands of US computers

​The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. [...]

The Hacker News

6 months ago

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation." PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the People's Republic of China (PRC

The Hacker News

6 months ago

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows -

The Hacker News

6 months ago

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned

Dark Reading

6 months ago

As Tensions Mount With China, Taiwan Sees Surge in Cyberattacks

In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms.

The Register

6 months ago

Microsoft fixes under-attack privilege-escalation holes in Hyper-V

Plus: Excel hell, angst for Adobe fans, and life's too Snort for Cisco The first Patch Tuesday of 2025 has seen Microsoft address three under-attack privilege-escalation flaws in its Hyper-V hypervisor, plus plenty more problems that deserve your attention.… Patch Tuesday

Dark Reading

6 months ago

Microsoft Rings in 2025 With Record Security Update

Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.