The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. [...]
( 9
min )
Microsoft has released the KB5062660 preview cumulative update for Windows 11 24H2 with twenty-nine new features or changes, with many gradually rolling out, such as the new Black Screen of Death and Quick Machine Recovery tool. [...]
( 13
min )
Microsoft is rolling out significant changes to Windows 11 24H2 as part of the Windows Resilience Initiative, designed to reduce downtime and help devices recover from serious failures, as well as an overhaul of the all-too-familiar BSOD crash screens. [...]
( 9
min )
A new variant of the banking trojan 'Coyote' has begun abusing a Windows accessibility feature, Microsoft's UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. [...]
( 9
min )
CISA and the FBI warned on Tuesday of increased Interlock ransomware activity targeting businesses and critical infrastructure organizations in double extortion attacks. [...]
( 9
min )
AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information. [...]
( 8
min )
Cisco is warning that three recently patched critical remote code execution vulnerabilities in Cisco Identity Services Engine (ISE) are now being actively exploited in attacks. [...]
( 9
min )
The United Kingdom's government is planning to ban public sector and critical infrastructure organizations from paying ransoms after ransomware attacks. [...]
( 9
min )
Hackers with ties to the Chinese government have been linked to a recent wave of widespread attacks targeting a Microsoft SharePoint zero-day vulnerability chain. [...]
( 9
min )
Microsoft is asking businesses to reach out for support to mitigate a known issue causing Cluster service and VM restart issues after installing this month's Windows Server 2019 security updates. [...]
( 8
min )
The AWS Security Reference Architecture (AWS SRA) provides prescriptive guidance for deploying AWS security services in a multi-account environment. However, validating that your implementation aligns with these best practices can be challenging and time-consuming. Today, we’re announcing the open source release of SRA Verify, a security assessment tool that helps you assess your organization’s alignment […]
( 25
min )
French | German At Amazon Web Services (AWS), customer privacy and security are our top priority. We provide our customers with industry-leading privacy and security when they use the AWS Cloud anywhere in the world. In recent months, we’ve noticed an increase in inquiries about how we manage government requests for data. While many of […]
( 45
min )
A tech startup is using personal data stolen by infostealer malware that it has found on the dark web, and then selling access to that data.
( 10
min )
A woman in Florida was tricked into giving thousands of dollars to a scammer after her daughter's voice was AI-cloned and used in a scam.
( 10
min )
We’re evolving our industry-leading Security Incidents and Event Management solution (SIEM), Microsoft Sentinel, to include a modern, cost-effective data lake. By unifying all your security data, Microsoft Sentinel data lake, in public preview, accelerates AI adoption and drives unparalleled visibility, empowering teams to detect and respond faster. With Sentinel data lake, you’re no longer forced to choose between retaining critical data and staying within budget.
The post Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI appeared first on Microsoft Security Blog.
( 22
min )
TL;DR International law enforcement coordinated to take down BreachForum, arresting five administrators including IntelBroker (Kai West). Breakthrough came when IntelBroker…
The post Following the Bitcoin Trail: The IntelBroker Takedown appeared first on Chainalysis.
( 10
min )
When it comes to AWS authentication, relying on long-term credentials, such as AWS Identity and Access Management (IAM) access keys, introduces unnecessary risks; including potential credential exposure, unauthorized sharing, or theft. In this post, I present five common use cases where AWS customers traditionally use IAM access keys and present more secure alternatives that you […]
( 27
min )
The Clear Linux OS team has announced the shutdown of the project, marking the end of its 10-year existence in the open-source ecosystem. [...]
( 8
min )
Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th. [...]
( 10
min )
ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. [...]
( 9
min )
Ring users on TikTok, Reddit, and X are reporting multiple unauthorized device logins all dating back to May 28.
( 10
min )
A list of topics we covered in the week of July 14 to July 20 of 2025
( 8
min )
Today marks a defining moment for U.S. crypto policy. After years of regulatory limbo, Congress has taken a major step…
The post Chainalysis POV: What the GENIUS and CLARITY Act Bills Really Mean for Crypto Compliance appeared first on Chainalysis.
( 12
min )
Meta executives settled a shareholders' lawsuit alleging continuous disregard of privacy regulations for the price of $8 billion.
( 10
min )
Microsoft will spotlight its AI-first, end-to-end security platform at Black Hat USA 2025. Read our blog post for details on how to connect with us there and what to expect from our participation.
The post Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense appeared first on Microsoft Security Blog.
( 35
min )
Microsoft believes in transparently sharing performance data from Microsoft Defender for Office 365, and other ecosystem providers, to help customers evaluate email security solutions and make decisions to layer for defense in depth.
The post Transparency on Microsoft Defender for Office 365 email security effectiveness appeared first on Microsoft Security Blog.
( 21
min )
The database contained 1,115,061 records including the names of children, birth parents, adoptive parents, and other potentially sensitive information like case notes.
( 10
min )
A researcher has disclosed how he found a—now fixed—vulnerability in Meta AI that could have allowed others to see private questions and answers.
( 9
min )
File sharing site WeTransfer has rolled back language that allowed it to train machine learning models on any files that its users uploaded.
( 11
min )
Google has released an update for its Chrome browser to patch six security vulnerabilities including one zero-day.
( 9
min )
Key findings Stolen funds With over $2.17 billion stolen from cryptocurrency services so far in 2025, this year is more…
The post 2025 Crypto Crime Mid-year Update: Stolen Funds Surge as DPRK Sets New Records appeared first on Chainalysis.
( 17
min )
Amazon Web Services (AWS) has completed its annual Collaborative Cloud Audit Group (CCAG) audit engagement with leading European financial institutions. At AWS, security remains our highest priority. As customers continue to embrace the scalability and flexibility of the cloud, we support them in evolving security, identity, and compliance into core business enablers. The AWS Compliance […]
( 26
min )
TL;DR A UK law enforcement officer stole approximately 50 BTC from assets seized in the Silk Road 2.0 investigation. Despite…
The post How Chainalysis Helped Uncover an NCA Officer’s Theft of Seized Bitcoin appeared first on Chainalysis.
( 10
min )
We are honored to be recognized once again as a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms—our sixth consecutive time. Microsoft was recognized for its completeness of vision and ability to execute, which we believe underscores the effectiveness of Defender for Endpoint in the face of an ever-shifting threat environment.
The post Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.
( 21
min )
To help protect and inform customers, Microsoft highlights protection coverage across the Microsoft Defender security ecosystem to protect against threat actors like Octo Tempest.
The post Protecting customers from Octo Tempest attacks across multiple industries appeared first on Microsoft Security Blog.
( 22
min )
A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.
( 10
min )
Amazon has emailed 200 million customers to warn them about a rather convincing phishing campaign.
( 9
min )
This week on the Lock and Code podcast, we speak with Anna Brading and Zach Hinkle about whether using AI is damaging for our health.
( 11
min )
Cybercriminals are using sponsored ads and fake news websites to lure victims to investment scams.
( 10
min )
A list of topics we covered in the week of July 7 to July 13 of 2025
( 8
min )
Announcing the general availability of Microsoft Security Copilot capabilities for IT with Microsoft Intune and Microsoft Entra, offering AI-powered efficiency and enhanced security for your operations.
The post Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra appeared first on Microsoft Security Blog.
( 22
min )
Amazon Web Services (AWS) is pleased to announce that the Spring 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 184 services over the 12-month period from April 1, 2024, to March 31, 2025, giving customers a full year of assurance. The reports demonstrate our continuous commitment to […]
( 26
min )
Employing a Zero Trust strategy is an effective way to modernize security infrastructure to protect against ever evolving security challenges.
The post Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report appeared first on Microsoft Security Blog.
( 20
min )
Last month, we announced new sovereign controls and governance structure for the AWS European Sovereign Cloud. The AWS European Sovereign Cloud is a new, independent cloud for Europe, designed to help customers meet their evolving sovereignty needs, including stringent data residency, operational autonomy, and resiliency requirements. Launching by the end of 2025, the AWS European […]
( 26
min )
Deepfake attacks aren't just for recruitment and banking fraud; they've now reached the highest levels of government.
( 9
min )
The job applicants' personal information could be accessed by simply guessing a username and using the password “12345.”
( 10
min )
The Microsoft Zero Trust workshop has been expanded to cover all six pillars of Zero Trust security, providing a comprehensive guide for organizations to modernize their security posture.
The post Microsoft expands Zero Trust workshop to cover network, SecOps, and more appeared first on Microsoft Security Blog.
( 21
min )
Researchers have discovered a campaign of malicious browser extensions that were available in the official Chrome and Edge web stores.
( 10
min )
Amazon Web Services (AWS) is pleased to announce that three new AWS services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Amazon Verified Permissions AWS B2B Data Interchange AWS Resource Explorer This certification means that customers can use these services while maintaining PCI DSS compliance, enabling […]
( 25
min )
Google says its Gemini AI will soon be able to access your messages, WhatsApp, and utilities on your phone. But we're struggling to see that as a good thing.
( 11
min )
If someone is going to negotiate with criminals for you, that person should at least be on your side.
( 10
min )
We’re excited to announce that AWS has completed the CyberVadis assessment of its security posture with the highest score (Mature) in all assessed areas. This demonstrates our continued commitment to meet the heightened expectations for cloud service providers. Customers can now use the 2025 AWS CyberVadis report and scorecard to reduce their supplier due-diligence burden. With […]
( 25
min )
Let's Encrypt has started rolling out certificates for IP addresses. Although it's a security solution it also offers cybercriminals opportunities.
( 10
min )
Amazon Web Services (AWS) customers can enable secure remote access to their cloud resources, supporting business operations with both speed and agility. As organizations embrace flexible work environments, employees can safely connect to AWS resources from various locations using different devices. AWS provides comprehensive security solutions that help organizations maintain strong protection of corporate resources, […]
( 34
min )
July 2, 2025: We’ve updated this post to include an FAQ section at the end. This includes our response to changing validity periods and associated certificate price points. AWS Certificate Manager (ACM) simplifies the provisioning, management, and deployment of public and private TLS certificates for AWS services and your on-premises and hybrid applications. To further […]
( 34
min )
We continue to expand the scope of our assurance programs at Amazon Web Services (AWS) and are pleased to announce that 122 services are now certified as adherent to the Cloud Infrastructure Services Providers in Europe (CISPE) Data Protection Code of Conduct. This alignment with the CISPE requirements demonstrates our ongoing commitment to adhere to the heightened expectations for […]
( 25
min )
