Latest news as of 7/12/2025, 9:22:12 PM
The Hacker News
Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky
Dark Reading
As AI technologies continue to advance at a rapid pace, privacy, security and governance teams can't expect to achieve strong AI governance while working in isolation.
The Register
Hundreds of thousands of users potentially vulnerable Password manager 1Password is warning that all Mac users running versions before 8.10.36 are vulnerable to a bug that allows attackers to steal vault items.…
Bleeping Computer
ADT Inc. disclosed via a Form 8-K filing at the U.S. Securities and Exchange Commission (SEC) that hackers have gained access to its systems, which hold customer order details. [...]
Dark Reading
Black Hat presentation reveals adversaries don't need to complete all seven stages of a traditional kill chain to achieve their objectives.
The Register
Election is fine – it's all thise idiots buying into the propaganda that's worrying Jen Easterly tech US Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly and her counterparts from the UK and EU want the world to know that, when it comes to securing elections, they've never been more prepared.… Black Hat
Dark Reading
Researchers at Aqua Security discovered the “Shadow Resource” attack vector, and the “Bucket Monopoly” problem, where threat actors can guess the name of S3 buckets based on their public account IDs.
The Hacker News
The last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker’s perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale. ASV is an important element
The Hacker News
Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information. "The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements,
The Hacker News
Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302 (CVSS