Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state's capital, on Friday. [...]
( 8
min )
Aeroflot, Russia's flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights. [...]
( 9
min )
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. [...]
( 9
min )
Microsoft has introduced Copilot Mode, an experimental feature designed to transform Microsoft Edge into a web browser powered by artificial intelligence (AI). [...]
( 9
min )
Orange, a French telecommunications company and one of the world's largest telecom operators, revealed that it detected a breached system on its network on Friday. [...]
( 9
min )
FBI Dallas has seized almost 23 Bitcoins from a cryptocurrency address belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas companies. [...]
( 9
min )
Think passkeys make you phishing-proof? Think again. Attackers are using downgrade attacks, device-code phishing, and OAuth tricks to sneak past modern MFA. See how Push Security shuts them down. [...]
( 12
min )
The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member's email address simply by knowing their username, putting them at risk of doxxing and harassment. [...]
( 11
min )
After the initial uproar about leaked images, a researcher was able to access Tea Dating app private messages
( 10
min )
Allianz notified authorities about a data breach that exposed the information about almost all its US customers
( 9
min )
This week on the Lock and Code podcast, we revisit an interview with Joseph Cox about the largest FBI sting operation ever carried out.
( 9
min )
The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members. [...]
( 9
min )
A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs. [...]
( 9
min )
Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse hosted on the official website between June 26 and July 9, 2025. [...]
( 9
min )
Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data. [...]
( 9
min )
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). [...]
( 8
min )
Chainalysis has identified the cryptocurrency payments infrastructure of one of the largest child sexual abuse material (CSAM) websites operating on…
The post Chainalysis Identifies Large CSAM Website Using Cryptocurrency appeared first on Chainalysis.
( 9
min )
Organizations are facing an increasing number of security threats, especially in the form of compromised user accounts. Manually monitoring and acting on suspicious activities is not only time-consuming but also prone to human error. The lack of automated responses to security incidents can lead to disastrous consequences, such as data breaches and financial loss. In […]
( 23
min )
A list of topics we covered in the week of July 21 to July 27 of 2025
( 8
min )
A cybercriminal managed to insert malicious files leading to info stealers in a pre-release of a game on the Steam platform
( 9
min )
Phishers are using legitimate looking Instagram emails in order to scam users.
( 10
min )
Amazon Web Services (AWS) has released substantial updates to its AWS User Guide to Financial Services Regulations and Guidelines in Australia to help financial services customers in Australia accelerate their use of AWS. The updates reflect the Australian Prudential Regulation Authority’s (APRA) publication of the Prudential Standard CPS 230 Operational Risk Management (CPS 230), which […]
( 14
min )
Organizations face mounting challenges in building and maintaining effective security incident response programs. Studies from IBM and Morning Consult show security teams face two major challenges: over 50 percent of security alerts go unaddressed because of resource constraints and alert fatigue, while false positives consume 30 percent of investigation time, delaying responses to true positive threats […]
( 25
min )
With more platforms and governments asking for age verification, we look at the options and the implications.
( 11
min )
Lower rates for creating unique passwords, buying items from known websites, and using protection software leave iPhone users at risk to online scams.
( 13
min )
Malwarebytes Trusted Advisor has had an update, and it's now sharper, smarter, and more helpful than ever.
( 8
min )
The battle to fight misinformation continues.
( 10
min )
We’re excited to announce the release of our latest whitepaper, AICPA SOC 2 Compliance Guide on AWS, which provides in-depth guidance on implementing and maintaining SOC 2-aligned controls using AWS services. Building and operating cloud-native services in alignment with the AICPA’s Trust Services Criteria requires thoughtful planning and robust implementation. This new whitepaper helps cloud architects, […]
( 14
min )
Proton, known for its privacy focused set of services, announced the introduction of Lumo, a privacy-first Artificial Intelligence (AI) chatbot. It...
( 10
min )
The AWS Security Reference Architecture (AWS SRA) provides prescriptive guidance for deploying AWS security services in a multi-account environment. However, validating that your implementation aligns with these best practices can be challenging and time-consuming. Today, we’re announcing the open source release of SRA Verify, a security assessment tool that helps you assess your organization’s alignment […]
( 14
min )
French | German At Amazon Web Services (AWS), customer privacy and security are our top priority. We provide our customers with industry-leading privacy and security when they use the AWS Cloud anywhere in the world. In recent months, we’ve noticed an increase in inquiries about how we manage government requests for data. While many of […]
( 34
min )
A tech startup is using personal data stolen by infostealer malware that it has found on the dark web, and then selling access to that data.
( 10
min )
A woman in Florida was tricked into giving thousands of dollars to a scammer after her daughter's voice was AI-cloned and used in a scam.
( 10
min )
TL;DR International law enforcement coordinated to take down BreachForum, arresting five administrators including IntelBroker (Kai West). Breakthrough came when IntelBroker…
The post Following the Bitcoin Trail: The IntelBroker Takedown appeared first on Chainalysis.
( 10
min )
When it comes to AWS authentication, relying on long-term credentials, such as AWS Identity and Access Management (IAM) access keys, introduces unnecessary risks; including potential credential exposure, unauthorized sharing, or theft. In this post, I present five common use cases where AWS customers traditionally use IAM access keys and present more secure alternatives that you […]
( 16
min )
Ring users on TikTok, Reddit, and X are reporting multiple unauthorized device logins all dating back to May 28.
( 10
min )
At Bishop Fox, thinking like an adversary comes naturally. So it’s no surprise that comics—where power, perspective, and outsider thinking collide—resonate deeply with our team. Ahead of Comic-Con 2025, we asked our Foxes: what comics still stick with you?
( 8
min )
Amazon Web Services (AWS) has completed its annual Collaborative Cloud Audit Group (CCAG) audit engagement with leading European financial institutions. At AWS, security remains our highest priority. As customers continue to embrace the scalability and flexibility of the cloud, we support them in evolving security, identity, and compliance into core business enablers. The AWS Compliance […]
( 15
min )
Amazon Web Services (AWS) is pleased to announce that the Spring 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 184 services over the 12-month period from April 1, 2024, to March 31, 2025, giving customers a full year of assurance. The reports demonstrate our continuous commitment to […]
( 15
min )
Last month, we announced new sovereign controls and governance structure for the AWS European Sovereign Cloud. The AWS European Sovereign Cloud is a new, independent cloud for Europe, designed to help customers meet their evolving sovereignty needs, including stringent data residency, operational autonomy, and resiliency requirements. Launching by the end of 2025, the AWS European […]
( 15
min )
Conventional pen testing methods fall short with LLMs. Static prompt tests miss adversarial context manipulation and latent model behaviors. Explore how to test AI systems like an attacker.
( 7
min )
Amazon Web Services (AWS) is pleased to announce that three new AWS services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Amazon Verified Permissions AWS B2B Data Interchange AWS Resource Explorer This certification means that customers can use these services while maintaining PCI DSS compliance, enabling […]
( 14
min )
We’re excited to announce that AWS has completed the CyberVadis assessment of its security posture with the highest score (Mature) in all assessed areas. This demonstrates our continued commitment to meet the heightened expectations for cloud service providers. Customers can now use the 2025 AWS CyberVadis report and scorecard to reduce their supplier due-diligence burden. With […]
( 14
min )
Amazon Web Services (AWS) customers can enable secure remote access to their cloud resources, supporting business operations with both speed and agility. As organizations embrace flexible work environments, employees can safely connect to AWS resources from various locations using different devices. AWS provides comprehensive security solutions that help organizations maintain strong protection of corporate resources, […]
( 22
min )
July 2, 2025: We’ve updated this post to include an FAQ section at the end. This includes our response to changing validity periods and associated certificate price points. AWS Certificate Manager (ACM) simplifies the provisioning, management, and deployment of public and private TLS certificates for AWS services and your on-premises and hybrid applications. To further […]
( 23
min )
