Security News

A perfect cybersecurity startup idea - good blog on what to consider when doing a security startup. Like ideas around wireguard, eBPF, OSQuery.

65-year-old 'never had money' as a kid—and says that helped him become a CEO worth $11 billion Zscalar Jay Chaudhary - Security Founders

Microsoft finds default Kubernetes Helm charts can expose data

Kube-Policies: Guardrails for Apps Running in Kubernetes

AI Domination: RSAC 2025 Social Media Roundup [[RSAC2025]]

Hundreds of e-commerce sites hacked in supply-chain attack Example of Persistence!

Hacker Conversations: John Kindervag, a Making not Breaking Hacker Minds and motivations of a hacker -- To demonstrate Kindervag’s alignment with Wark’s definition of hacking, although not for that purpose, he described the creation of Unix as ‘a hack’.

How we’re using AI to combat the latest scams

SCIM Hunting - Beyond SSO · Doyensec's Blog

Tutorial: Sliver C2 with BallisKit MacroPack and ShellcodePack

Reviewing RSA 2025 with Jason Haddix [[RSAC2025]]

Mithra LLM Scanner Mithra is a new security scanner specifically designed to test REST APIs that use LLMs, checking for both traditional vulnerabilities and LLM-specific risks like prompt injection and context leakage

system_prompts_leaks/claude.txt at main · asgeirtj/system_prompts_leaks Leaked Claude Prompt

Installing Proxmox on a Laptop and Building a Cybersecurity Lab

Document My Pentest: you hack, the AI writes it up!

Bug Hunters Methodology learning

Protecting Our Customers - Standing Up to Extortionists

Over 3 Million Records, Including PII of Student-Athletes and College Coaches Exposed in a Data Breach

Building Uber’s Multi-Cloud Secrets Management Platform to Enhance Security

The iOS book app just opened its pages to hackers

You're Invited: Delivering malware via Google Calendar invites and PUAs

Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025

Krebs hit with6.3 TBPS DDoS attack

Jailbreak prompts

MCP for Threat hunting

Essential OSINT tools for journalists investigating air pollution

Forget IPs: using cryptography to verify bot and agent traffic

cybench

Dynamic Incident Response Platform An easy company to start?

Root in prod: The most important security analysis you will never do on your AWS accounts Working with AWS Accounts.

MCP vulnerabilities

aicyberchallenge.com

How to automate incident response for Amazon EKS on Amazon EC2

trimstray/the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. Security Links

Most security tools are too theoretical Security programs are often adept at discussing theoretical threats but struggle to demonstrate actual attack prevention. Therefore, there's a need for security leaders to agree on concrete risks and for tools to be geared towards preventing those specific issues.

CIS Snowflake Benchmarks Snowflake introduces shared destiny after Santander and Ticketmaster breaches

AI Hallucination Cases Database – Damien Charlotin This database tracks legal decisions1 in cases where generative AI produced hallucinated content – typically fake citations, but also other types of arguments. It does not track the (necessarily wider) universe of all fake citations or use of AI in court filings.

Cybersecurity jobs available right now: May 20, 2025 Cybersecurity jobs available right now.

Unit 42 Develops Agentic AI Attack Framework Agentic AI Attack Chain [[gensh]] features.

Velvet Chollima APT Hackers Attacking Government Officials With Weaponized PDF

[https://www.oreilly.com/content/cracking-security-misconceptions/](https://www.oreilly.com/content/cracking-security-misconceptions/)

[https://media-publications.bcg.com/BCG-Executive-Perspectives-CEO-Guide-to-Cybersecurity.pdf](https://media-publications.bcg.com/BCG-Executive-Perspectives-CEO-Guide-to-Cybersecurity.pdf) beginner presentation

[https://open.substack.com/pub/srajangupta/p/security-is-just-engineering-tech?r=1xgaxy&utm_medium=ios](https://open.substack.com/pub/srajangupta/p/security-is-just-engineering-tech?r=1xgaxy&utm_medium=ios)

[https://hyperproof.io/it-compliance-benchmarks/](https://hyperproof.io/it-compliance-benchmarks/)

R3dShad0w7/PromptMe: PromptMe is an educational project that showcases security vulnerabilities in large language models (LLMs) and their web integrations. It includes 10 hands-on challenges inspired by the OWASP LLM Top 10, demonstrating how these vulnerabilities can be discovered and exploited in real-world scenarios.

CrowdStrike Partners with DOJ to Disrupt DanaBot Malware Operators Technical details of DanaBot takedown.

Vanta bug exposed customers' data to other customers

Getting the Most Value Out of the OSCP: After the Exam [HackTricks - HackTricks](https://book.hacktricks.wiki/en/index.html)

How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation Using o3 to find a zero-day in Linux Kernel.

How to deploy AI safely Treat AI components like inexperienced new hires, implementing checks and balances, and dedicate significantly more time to thorough testing than coding.

High Leverage Security Decisions To minimize long-term security risks in an early-stage startup, prioritize selecting an identity provider and enforcing the use of hardware security keys for strong authentication. Embrace Infrastructure as Code (IaC) and managed infrastructure services to build a secure, auditable, and scalable foundation. Finally, implement a Mobile Device Management (MDM) solution early to secure endpoints and simplify future software deployment and device management.

Ransomware gang claims responsibility for Kettering Health hack

EKS vs. GKE — Security

Cyber Security Pricing & Packages - Start Your Free Trial | Guardz

Autonomous Bug Bounty - XBow, Ethiack

OSINT Tool Directory

Disrupting malicious uses of AI: June 2025 AI Threat Intel Report

Top Red Team Tools & C2 Frameworks for 2025: Active Directory &…

High Leverage Security Decisions

How Security Teams Can Turn Hype Into Opportunity Utilize 'Mission-Aligned Transparency' with Protection Level Agreements (PLAs) and Outcome-Driven Metrics (ODMs)

LLM Vulnerability - Echoleak

BSides Seattle 2025: Rebuilding Trust in Systems In The Age Of NHIs

The Future of Cloud & Security Operations: Analyzing PANW’s Cortex Cloud Bet

Cyber Security Company CEO Arrested for Installing Malware Onto Hospital Computers

Microsoft CEO says up to 30% of the company's code was written by AI #ai-news

When /etc/h*sts Breaks Your Substack Editor: An Adventure in Web Content Filtering

Vulnerability Exploitation Is Shifting in 2024-25

My SIEM-Agnostic Creative Process to Detection Engineering

Vibe Hacking: Finding Auth Bypass and RCE in Open Game Panel

5%- report- OX 2025 Application Security Benchmark Report

RSA Day #3 Summary RSA2025

Exclusive: Dating app Raw exposed users' location data and personal information

Signal v. Noise in the RSA Innovation Sandbox Sandbox was won by Nuclei creators. However they have to take controversial $5 million funding to be a finalist. Blackhat finalists dont have to RSA2025 Link to visual

More than 560,000 people were impacted across four healthcare data breaches involving Hillcrest Convalescent Center, Gastroenterology Associates of Central Florida, Community Care Alliance, and Sunflower Medical Group.

US cities warn of wave of unpaid parking phishing texts I got one of these!

Google Pays Out Nearly $12M in 2024 Bug Bounty Program Lets to bug hunting!

Undocumented commands found in Bluetooth chip used by a billion devices Hardware Hacking

Ethereum private key stealer on PyPI downloaded over 1,000 times Supply chain attack!

Malicious Code Hits ‘tj-actions/changed-files’ in 23,000 GitHub Repos

Tomcat Vulnerability and a analysis by Wallarm Labs

Attack on Car dealerships

Juniper Routers by China Nexus

Fake Captcha

Supply chain attacks by Lazarus to steal crypto

US Treasury got hidden messages in Emojis

Major leak: sperm bank California Cryobank suffers data breach

Use one Virtual Machine to own them all — active exploitation of ESXicape

New Vulnerability in GitHub Copilot and Cursor: How Hackers Can Weaponize Code Agents

The Great CNAPP Re-bundle

New npm attack poisons local packages with backdoors

New Atlantis AIO platform automates credential stuffing on 140 services

macOS Users Warned of New Versions of ReaderUpdate Malware

Scaling Threat Modeling with AI: Generating 1000 Threat Models Using Gemini 2.0 and AI Security Analyzer

Security on the path to AGI

DarkwebDaily.live

Digital Safety - How to protect your online identity

A Free OSINT Lesson: Search Indexes, Record Shops, and Flipping through Vinyl

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

Over 3 million applicants’ data leaked on NYU’s website

BountySecurity/BountyPrompt: Bounty Prompt is an Open-Source Burp Suite extension by Bounty Security that leverages advanced AI via Burp AI and Groq AI

DryRun Security vs. Traditional SAST Vendors in Ruby on Rails

Securing AI agents: authentication patterns for Operator and computer using models — WorkOS

Oracle Health breach compromises patient data at US hospitals

CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog

CVE-2025-29927

iOS Dating App compromise

Pillage registry

TMBench

CVE-2024-27564 Actively Exploited in the Wild OpenAI vulnerability (SSRF) exploited for Healthcare hacking, this video shows the exploit in action.

Hackers abuse WordPress MU-Plugins to hide malicious code Wordpress plugins - rabbit hole.

Microsoft Opensources Red Teaming Agent

AI Agents for Detection EngineeringOriginal post 06.Q2 CIS-60

TracecatHQ/tracecat

MCP and Security Operations

Becoming a Detection Engineering Contractor Part II: The Preparation

SOC AI Agents

The Return of the Baby ASO: Why SOCs Still Suck

Must read books in tech and IT book-summarizer

Texas State Bar Breach👩‍⚖️, Outlaw Linux Malware 🐧, Scattered Spider Members Pleads Guilty 🕷️ TLDR Expand

Security Weekly

Google Announces Sec Gemini v1 #ai-news

Slow Collapse of Critical Thinking in OSINT due to AI #ai-news

Underage Deepfakes Exposed 👶, Finding Evil in Memory 😈, AI Finds GRUB2 Flaws 🤖

Oracle Second Hack 👁️‍🗨️, Taming ML Wild West 🤠, ChatGPT Creates Fake Passport 🛂

Autonomous SOC Analyst Product

Story of signal from Increment @ Stripe CTI

Ghidra MCP #ai-news

Program: Cybersecurity Intelligence and Information Security, M.S. - University of South Florida - Modern Campus Catalog™ 06.Q2 CIS-60

Internship Opportunities 06.Q2 CIS-60

Tailscale raises $160M.

francisconeves97/jxscout: jxscout superpowers JavaScript analysis for security researchers #tools

1.6 Million People Impacted by Data Breach at Laboratory Services Cooperative

Defeating Prompt Injections by Design

Flightradar24 experiences ongoing DDoS cyberattack.

New 'polyglot' malware targets aviation and satellite communication firms.

Apartment buildings are been broken into within minutes using IoT-connected intercoms with default credentials, leaving them vulnerable to anyone with Google.

ByBit (1.5 Billion Hack) linked to North Korea.

Skybox Security shuts down and lays off entire workforce.

Black Basta ransomware group's internal chats leaked.

LLM dataset found to contain over 12,000 API keys and passwords.

New 'Pass-the-cookie' exploit bypasses multi-factor authentication.

ChatGPT vulnerable to operator prompt injection.

LLM injection attacks highlighted by 'Indiana Jones jailbreak' approach.

Russian threat groups targeting Ukraine's Signal communications.

Apple and UK government clash over end-to-end encryption.

Russia's Sandworm conducting 'BadPilot campaign' targeting US and European organizations in energy and telecommunications sectors, exploiting vulnerabilities to maintain access and support military objectives

Trump Hotels guest information leaked on hacker forum by threat actor 'FutureSeeker', known for similar data dumps

Vulnerability (CVE-2025-0994) in Trimble Cityworks tool used by local governments discovered, potentially allowing RCE against customer IIS servers

Researchers detail $50K software supply chain hack involving exposed NPM_TOKEN in Docker image build layers

Research highlights ongoing security concerns with PDF features and potential attack vectors

JPMorgan Chase announces plans to block Zelle payments to social media contacts to combat rising online payment fraud

Elon Musk's Dogecoin website discovered to be vulnerable to defacement due to unrestricted editing capabilities

Pig Butchering cryptocurrency scams show 40% year-over-year revenue growth with increased sophistication

Security researchers identify malicious machine learning models uploaded to Hugging Face platform

Russian state-sponsored threat actor reportedly shifting focus to targeting US and UK assets

Slop and Flop attacks emerge as a new security threat, though details on their execution and impact remain scarce.

Cryptocurrency and blockchain hacker report highlights that bug bounties in the sector outpay other industries. Around 10% of vulnerabilities stem from business logic flaws, compared to 2% in other sectors. Crypto.com runs $2 million in bug bounties.

Apple patches a zero-day vulnerability related to USB Restricted Mode, which was actively exploited in highly sophisticated attacks.

Ken Huang releases Maestro, a seven-layer threat modeling tool for Agentic AI, designed for continuous security assessment.

A WatchTowr researcher discovered over 150 abandoned sensitive S3 buckets from software companies, governments, and infrastructure pipelines, exposing critical data.

Over 12,000 KerioControl firewalls remain vulnerable to an RCE flaw despite GFI Software's security update on December 19, 2024. According to Censys, over 23,800 instances are still at risk.

Toll booth scammers continue to exploit users through fraudulent SMS messages, tricking victims into making false payments.

A massive brute-force attack, utilizing 2.8 million IPs—mostly from Brazil—targets VPN devices, highlighting ongoing security risks.

More than 560,000 people were impacted across four healthcare data breaches involving Hillcrest Convalescent Center, Gastroenterology Associates of Central Florida, Community Care Alliance, and Sunflower Medical Group.

US cities warn of a surge in phishing scams involving fake unpaid parking tickets. Attackers are sending fraudulent SMS messages to steal payment details.

Google paid nearly $12 million in bug bounties during 2024, highlighting the importance of vulnerability research and responsible disclosure.

Undocumented commands were discovered in a widely used Bluetooth chip, potentially impacting over a billion devices and raising concerns about hardware security vulnerabilities.

A malicious Ethereum private key stealer was found in a PyPI package, downloaded over 1,000 times, demonstrating ongoing supply chain attacks in open-source ecosystems.

Hackers are spoofing Microsoft ADFS login pages in a phishing campaign targeting education, healthcare, and government organizations to steal credentials.

A vulnerability in Cisco Webex Chat allowed unauthorized access to chat histories across multiple organizations, raising concerns over data security.

AI red teaming research compares jailbreak results of various LLMs, including DeepSeek, Qwen, O1, O3, Claude, and Kimi, highlighting security weaknesses.

Multiple security flaws found in the DeepSeek iOS app, including sending unencrypted data, exposing users to potential privacy risks.

CIA mistakenly sent an unclassified email containing names of some employees to the Trump administration, raising security concerns.

An IT trainer and YouTuber claims DeepSeek is misleading users, exposing alleged discrepancies in its AI operations.

Zero-day vulnerabilities in Microsoft Sysinternals allow attackers to execute DLL injection on Windows, posing a significant security threat.

WhatsApp accuses surveillance firm Paragon of hacking, escalating concerns over the misuse of spyware in global surveillance.

OverTheWire's Bandit wargame is a highly recommended gamified tool for improving Linux command-line skills.

Claude uses AI to identify new security threats by leveraging advanced natural language processing to analyze patterns and anomalies in real-time, providing proactive threat detection.

Chinese APT exploited a BeyondTrust API key to gain unauthorized access to U.S. Treasury systems, extracting sensitive documents in a significant cybersecurity breach.

New HIPAA rules mandate healthcare providers to restore critical data within 72 hours and conduct annual compliance audits to enhance patient data protection.

North Korean threat actors deployed OtterCookie malware in the Contagious Interview campaign. This JavaScript malware uses Socket.IO to communicate with a C2 server, enabling shell commands for data theft, including files, clipboard data, and cryptocurrency wallet keys.

Russia has pioneered a new model of drug trafficking using darknet markets and cryptocurrency for payment, with physical 'dead drops' for delivery. Russian platforms like Kraken and Mega now dominate 93% of global darknet markets, generating $1.5 billion in revenue in 2023.

Attackers are distributing corrupted Word documents that bypass security scans, only to show QR codes leading to credential theft sites after user or automated recovery processes assemble the malware.

UPenn researchers demonstrated how language model-powered robots could be manipulated into dangerous behaviors using automated jailbreak prompts, such as planning explosions and driving off bridges.

President Yoon Suk Yeol of South Korea has declared emergency martial law, citing opposition-controlled parliament and alleged North Korean sympathies.

Attackers compromised a GitHub account to publish backdoored versions of Solana's Web3.js library, which could steal private keys from decentralized apps.

Threat actors are abusing Cloudflare's pages.dev and workers.dev domains for phishing campaigns, leveraging their trusted reputation and built-in SSL.

iVerify's new spyware detection tool uncovered Pegasus infections in 7 out of 2,500 customer device scans, targeting not just activists but also business leaders and government officials.

The FBI reports criminals are increasingly using AI to enhance scams, creating realistic text, images, and videos for romance, investment, and job fraud.

Russian agents planted spyware on a programmer's Android phone during a forced detention in Moscow, using a trojanized version of Cube Call Recorder with surveillance capabilities.

OpenAI is collaborating with Anduril to develop AI-powered anti-drone systems for the U.S. military, building on Anduril's recent defense contract win.

US Special Forces have ordered 10 NERVA-LG robotic systems for tactical missions, marking their first major investment in unmanned ground vehicles.

Apple secured a patent for a system capable of identifying individuals without visible facial features, using data such as walking style and clothing.

Russia's Gamaredon hacking group is using Cloudflare Tunnels to conceal infrastructure while deploying GammaDrop malware against Ukrainian targets.

SailPoint found a critical directory traversal vulnerability (CVE-2024-10905) in their IdentityIQ platform that scores 10/10 CVSS and allows unauthorized file access.

Matt Johansen has launched Vulnerable Media, a technical marketing agency specializing in cybersecurity content and campaigns, after taking Vulnerable U full-time.

Cybersecurity journalist Brian Krebs continues investigating cybercrime despite years of threats and harassment, including swatting attempts and malicious mail.

Russian courts sentenced 15 members of the Hydra dark web marketplace, including a life sentence for its creator, after the site facilitated $5 billion in cryptocurrency transactions.

China has deeply compromised thousands of US telco networks according to Senator Mark Warner. The attack, carried out by "Salt Typhoon," involves persistent access requiring device replacements and may include wiretapping capabilities.

Volexity uncovered Russian APT28 hackers targeting neighboring organizations to exploit WiFi networks. Using password spraying and lateral movement, the group bypassed MFA-less systems to infiltrate high-value targets.

Apple issued urgent patches for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day vulnerabilities, CVE-2024-44308 and CVE-2024-44309, addressing potential code execution and XSS risks.

The Danish Navy detained the Chinese bulk carrier Yi Peng 3 for allegedly damaging undersea telecom cables in the Baltic Sea, affecting connections between Finland, Germany, Sweden, and Lithuania.

Crowdstrike reported that China-linked group Liminal Panda has targeted telecom networks in South Asia and Africa since 2020, exploiting protocols like SIGTRAN and GSM for intelligence collection.

Crum & Forster launched a new liability insurance policy for CISOs, covering consulting work and even pro bono IT security activities, protecting against personal liability.

Google blocked over 1,000 pro-China propaganda websites operated by "Glassbridge," a network of four Chinese firms masquerading as legitimate news outlets.

Researchers uncovered Russia scaling up disinformation campaigns using AI-generated Western personas. Techniques include fake profile pictures and coordinated posts to disseminate anti-Ukraine narratives more effectively.

Palo Alto Networks has released Indicators of Compromise (IoCs) for a new zero-day vulnerability affecting their firewalls.

VMware confirmed that threat actors are exploiting two vCenter Server vulnerabilities, CVE-2024-38812 and CVE-2024-38813, which were first disclosed at the 2024 Matrix Cup hacking competition.

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system. Tracked as CVE-2024-10979 with a CVSS score of 8.8, the flaw could allow unprivileged users to alter environment variables, potentially leading to code execution or information disclosure.

Six critical flaws have been found in the Ollama AI framework, potentially allowing denial-of-service, model theft, and poisoning attacks.

The FBI is warning about a rise in hacked police emails being used to send fake subpoenas and emergency data requests (EDRs) to U.S. tech companies. Attackers target low-security organizations with high trust, compromising them to gain access to data, permissions, and restricted authorization.

Google's AI security assessment tool, Big Sleep, found a zero-day vulnerability in the SQLite database engine, marking the first instance where AI uncovered a flaw missed by traditional testing.

The FBI is asking the public for help in identifying Chinese hackers in groups like APT31 and APT41.

CrowdStrike has launched new AI Red Team Services to identify vulnerabilities in AI systems and provide guidance on how to fix them.

Synology is telling users to patch a critical zero-click RCE bug, CVE-2024-10443, affecting millions of DiskStation and BeePhotos NAS devices. Synology advises caution about exposing NAS devices to the internet.

Nokia is investigating a potential breach after a hacker, IntelBroker, claimed to have stolen their source code from a third-party vendor. The data includes SSH keys, source code, and RSA keys, accessed via default credentials on a SonarQube server.

Canada has ordered TikTok Technology Canada to shut down, citing national security risks. This decision closes the company’s Canadian operations but does not restrict Canadians from using TikTok.

Researchers from George Mason University have introduced Mantis, a framework using prompt injections to counterattack against prompt injection attacks, potentially misdirecting or compromising attackers' systems.

The U.S. is tightening rules on foreign real estate deals near military bases, adding 60 installations to the CFIUS scrutiny list. This follows the forced closure of a Chinese-owned crypto mine near F.E. Warren Air Force Base.

An investigation by French newspaper Le Monde revealed that bodyguards of leaders such as Joe Biden and Donald Trump have used the Strava fitness app, inadvertently disclosing sensitive locations. For instance, the app revealed a San Francisco hotel where President Biden met with Chinese President Xi Jinping.

Password manager LastPass has alerted users to scammers promoting a fraudulent support number, 805-206-2892, through 5-star reviews on its Chrome extension. Calling this number directs users to download a remote support program that is actually malware.

Researchers have successfully created voice-based financial scams, like unauthorized bank transfers and credential theft, using the new real-time API in ChatGPT-4o. The scams showed success rates ranging from 20-60%.

Cisco Talos discovered five out-of-bounds vulnerabilities in NVIDIA's shader processing technology and eleven separate issues affecting LevelOne routers.

Okta has patched a critical issue allowing logins without a password if a username exceeded 52 characters. How this passed through extensive testing remains baffling.

The US has charged Russian national Maxim Rudometov for creating the RedLine infostealer, following access to the malware's source code and infrastructure.

The U.S. military has confirmed its first purchase of OpenAI products for AFRICOM, signifying a step towards integrating AI into national security operations.

Bellingcat identified the location where Hamas leader Yahya Sinwar was killed in southern Gaza's Tal as-Sutlan area, using IDF footage and distinct visual markers such as a gazebo and residential tower.