VPN use is skyrocketing across the UK as the region's Online Safety Act places age verification controls on adult websites.
( 12
min )
Apple has released important security updates for iOS and iPadOS patching 29 vulnerabilities, mostly in WebKit.
( 9
min )
A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. [...]
( 11
min )
The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. [...]
( 9
min )
The SafePay ransomware gang is threatening to leak 3.5TB of data belonging to IT giant Ingram Micro, allegedly stolen from the company's compromised systems earlier this month. [...]
( 8
min )
Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve remote code execution and perform a full site takeover. [...]
( 8
min )
The UNC2891 hacking group, also known as LightBasin, used a 4G-equipped Raspberry Pi hidden in a bank's network to bypass security defenses in a newly discovered attack. [...]
( 9
min )
Apple has released security updates to address a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users. [...]
( 9
min )
Lenovo is warning about high-severity BIOS flaws that could allow attackers to potentially bypass Secure Boot in all-in-one desktop PC models that use customized Insyde UEFI (Unified Extensible Firmware Interface). [...]
( 9
min )
AI is reshaping vCISO services—and SMBs are fueling the surge. Cynomi's 2025 report shows 3x adoption growth and major workload drops as MSPs and MSSPs scale cybersecurity like never before. Learn more in the 2025 State of the vCISO Report. [...]
( 9
min )
July 30, 2025: This post has been republished to migrate the Amazon EC2 Oracle Transparent Data Encryption database encryption keystore to AWS CloudHSM using AWS CloudHSM Client SDK 5. Encrypting databases is crucial for protecting sensitive data, helping you to be aligned with security regulations and safeguarding against data loss. Oracle Transparent Data Encryption (TDE) […]
( 21
min )
Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state's capital, on Friday. [...]
( 8
min )
Aeroflot, Russia's flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights. [...]
( 8
min )
Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. [...]
( 9
min )
Microsoft has introduced Copilot Mode, an experimental feature designed to transform Microsoft Edge into a web browser powered by artificial intelligence (AI). [...]
( 9
min )
Orange, a French telecommunications company and one of the world's largest telecom operators, revealed that it detected a breached system on its network on Friday. [...]
( 9
min )
After the initial uproar about leaked images, a researcher was able to access Tea Dating app private messages
( 10
min )
Allianz notified authorities about a data breach that exposed the information about almost all its US customers
( 9
min )
This week on the Lock and Code podcast, we revisit an interview with Joseph Cox about the largest FBI sting operation ever carried out.
( 11
min )
Chainalysis has identified the cryptocurrency payments infrastructure of one of the largest child sexual abuse material (CSAM) websites operating on…
The post Chainalysis Identifies Large CSAM Website Using Cryptocurrency appeared first on Chainalysis.
( 9
min )
Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information cached by Apple Intelligence.
The post Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability appeared first on Microsoft Security Blog.
( 23
min )
Organizations are facing an increasing number of security threats, especially in the form of compromised user accounts. Manually monitoring and acting on suspicious activities is not only time-consuming but also prone to human error. The lack of automated responses to security incidents can lead to disastrous consequences, such as data breaches and financial loss. In […]
( 23
min )
A list of topics we covered in the week of July 21 to July 27 of 2025
( 8
min )
A cybercriminal managed to insert malicious files leading to info stealers in a pre-release of a game on the Steam platform
( 9
min )
Phishers are using legitimate looking Instagram emails in order to scam users.
( 10
min )
Amazon Web Services (AWS) has released substantial updates to its AWS User Guide to Financial Services Regulations and Guidelines in Australia to help financial services customers in Australia accelerate their use of AWS. The updates reflect the Australian Prudential Regulation Authority’s (APRA) publication of the Prudential Standard CPS 230 Operational Risk Management (CPS 230), which […]
( 14
min )
Organizations face mounting challenges in building and maintaining effective security incident response programs. Studies from IBM and Morning Consult show security teams face two major challenges: over 50 percent of security alerts go unaddressed because of resource constraints and alert fatigue, while false positives consume 30 percent of investigation time, delaying responses to true positive threats […]
( 25
min )
With more platforms and governments asking for age verification, we look at the options and the implications.
( 11
min )
Lower rates for creating unique passwords, buying items from known websites, and using protection software leave iPhone users at risk to online scams.
( 15
min )
Malwarebytes Trusted Advisor has had an update, and it's now sharper, smarter, and more helpful than ever.
( 8
min )
The battle to fight misinformation continues.
( 10
min )
This week, we’re sharing two articles focused on input validation best practices, exploring how weak validation can leave APIs exposed. We also take a closer look at some recent claims about API discovery that risk distracting from real security issues, plus a review of recent API security incidents reported at McDonald’s and Cisco. Article: How [...]
Read More...
The post Issue 276: API discovery hype, BOLA at McDonalds, Cisco APIs exploited, input validation best practices appeared first on API Security News.
( 8
min )
We’re excited to announce the release of our latest whitepaper, AICPA SOC 2 Compliance Guide on AWS, which provides in-depth guidance on implementing and maintaining SOC 2-aligned controls using AWS services. Building and operating cloud-native services in alignment with the AICPA’s Trust Services Criteria requires thoughtful planning and robust implementation. This new whitepaper helps cloud architects, […]
( 14
min )
Proton, known for its privacy focused set of services, announced the introduction of Lumo, a privacy-first Artificial Intelligence (AI) chatbot. It...
( 11
min )
The AWS Security Reference Architecture (AWS SRA) provides prescriptive guidance for deploying AWS security services in a multi-account environment. However, validating that your implementation aligns with these best practices can be challenging and time-consuming. Today, we’re announcing the open source release of SRA Verify, a security assessment tool that helps you assess your organization’s alignment […]
( 14
min )
French | German At Amazon Web Services (AWS), customer privacy and security are our top priority. We provide our customers with industry-leading privacy and security when they use the AWS Cloud anywhere in the world. In recent months, we’ve noticed an increase in inquiries about how we manage government requests for data. While many of […]
( 34
min )
A tech startup is using personal data stolen by infostealer malware that it has found on the dark web, and then selling access to that data.
( 10
min )
A woman in Florida was tricked into giving thousands of dollars to a scammer after her daughter's voice was AI-cloned and used in a scam.
( 10
min )
We’re evolving our industry-leading Security Incidents and Event Management solution (SIEM), Microsoft Sentinel, to include a modern, cost-effective data lake. By unifying all your security data, Microsoft Sentinel data lake, in public preview, accelerates AI adoption and drives unparalleled visibility, empowering teams to detect and respond faster. With Sentinel data lake, you’re no longer forced to choose between retaining critical data and staying within budget.
The post Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI appeared first on Microsoft Security Blog.
( 22
min )
TL;DR International law enforcement coordinated to take down BreachForum, arresting five administrators including IntelBroker (Kai West). Breakthrough came when IntelBroker…
The post Following the Bitcoin Trail: The IntelBroker Takedown appeared first on Chainalysis.
( 10
min )
When it comes to AWS authentication, relying on long-term credentials, such as AWS Identity and Access Management (IAM) access keys, introduces unnecessary risks; including potential credential exposure, unauthorized sharing, or theft. In this post, I present five common use cases where AWS customers traditionally use IAM access keys and present more secure alternatives that you […]
( 16
min )
In a submission to the United Nations Office of the High Commissioner of Human Rights, Citizen Lab researchers warn of the dangerous rhetoric of “birth registration and certification as a prerequisite for other rights” and the risks digital ID infrastructure could pose to human rights.
( 3
min )
Ring users on TikTok, Reddit, and X are reporting multiple unauthorized device logins all dating back to May 28.
( 10
min )
A list of topics we covered in the week of July 14 to July 20 of 2025
( 9
min )
Meta executives settled a shareholders' lawsuit alleging continuous disregard of privacy regulations for the price of $8 billion.
( 10
min )
Microsoft will spotlight its AI-first, end-to-end security platform at Black Hat USA 2025. Read our blog post for details on how to connect with us there and what to expect from our participation.
The post Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense appeared first on Microsoft Security Blog.
( 35
min )
Microsoft believes in transparently sharing performance data from Microsoft Defender for Office 365, and other ecosystem providers, to help customers evaluate email security solutions and make decisions to layer for defense in depth.
The post Transparency on Microsoft Defender for Office 365 email security effectiveness appeared first on Microsoft Security Blog.
( 21
min )
The database contained 1,115,061 records including the names of children, birth parents, adoptive parents, and other potentially sensitive information like case notes.
( 10
min )
A researcher has disclosed how he found a—now fixed—vulnerability in Meta AI that could have allowed others to see private questions and answers.
( 9
min )
Amazon Web Services (AWS) has completed its annual Collaborative Cloud Audit Group (CCAG) audit engagement with leading European financial institutions. At AWS, security remains our highest priority. As customers continue to embrace the scalability and flexibility of the cloud, we support them in evolving security, identity, and compliance into core business enablers. The AWS Compliance […]
( 15
min )
We are honored to be recognized once again as a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms—our sixth consecutive time. Microsoft was recognized for its completeness of vision and ability to execute, which we believe underscores the effectiveness of Defender for Endpoint in the face of an ever-shifting threat environment.
The post Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.
( 21
min )
To help protect and inform customers, Microsoft highlights protection coverage across the Microsoft Defender security ecosystem to protect against threat actors like Octo Tempest.
The post Protecting customers from Octo Tempest attacks across multiple industries appeared first on Microsoft Security Blog.
( 22
min )
In June 2025, MaReads, the website for readers and writers of Thai-language fiction and comics suffered a data breach that exposed 74k records. The breach included usernames, email addresses, phone numbers and dates of birth. MaReads is aware of the breach.
( 2
min )
Announcing the general availability of Microsoft Security Copilot capabilities for IT with Microsoft Intune and Microsoft Entra, offering AI-powered efficiency and enhanced security for your operations.
The post Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra appeared first on Microsoft Security Blog.
( 22
min )
Amazon Web Services (AWS) is pleased to announce that the Spring 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 184 services over the 12-month period from April 1, 2024, to March 31, 2025, giving customers a full year of assurance. The reports demonstrate our continuous commitment to […]
( 15
min )
Employing a Zero Trust strategy is an effective way to modernize security infrastructure to protect against ever evolving security challenges.
The post Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report appeared first on Microsoft Security Blog.
( 20
min )
Last month, we announced new sovereign controls and governance structure for the AWS European Sovereign Cloud. The AWS European Sovereign Cloud is a new, independent cloud for Europe, designed to help customers meet their evolving sovereignty needs, including stringent data residency, operational autonomy, and resiliency requirements. Launching by the end of 2025, the AWS European […]
( 15
min )
The Microsoft Zero Trust workshop has been expanded to cover all six pillars of Zero Trust security, providing a comprehensive guide for organizations to modernize their security posture.
The post Microsoft expands Zero Trust workshop to cover network, SecOps, and more appeared first on Microsoft Security Blog.
( 21
min )
Conventional pen testing methods fall short with LLMs. Static prompt tests miss adversarial context manipulation and latent model behaviors. Explore how to test AI systems like an attacker.
( 7
min )
Amazon Web Services (AWS) is pleased to announce that three new AWS services have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Amazon Verified Permissions AWS B2B Data Interchange AWS Resource Explorer This certification means that customers can use these services while maintaining PCI DSS compliance, enabling […]
( 14
min )
We’re excited to announce that AWS has completed the CyberVadis assessment of its security posture with the highest score (Mature) in all assessed areas. This demonstrates our continued commitment to meet the heightened expectations for cloud service providers. Customers can now use the 2025 AWS CyberVadis report and scorecard to reduce their supplier due-diligence burden. With […]
( 14
min )
This week, our theme is “how secure is your API security?”. We highlight two recent attacks targeting major financial platforms, along with a new industry survey that exposes significant gaps in API security practices. We also explore technical deep-dives into vulnerabilities such as JWT flaws and host header injection attacks. Plus, we share details on [...]
Read More...
The post Issue 275: API hackers strike gold, Malicious API drift at CoinMarketCap, Survey reveals major API security gaps appeared first on API Security News.
( 9
min )
Amazon Web Services (AWS) customers can enable secure remote access to their cloud resources, supporting business operations with both speed and agility. As organizations embrace flexible work environments, employees can safely connect to AWS resources from various locations using different devices. AWS provides comprehensive security solutions that help organizations maintain strong protection of corporate resources, […]
( 22
min )
