Summary

Top Articles:

  • Cisco warns that Unified CM has hardcoded root SSH credentials
  • Let's Encrypt rolls out free security certs for IP addresses
  • Instagram uses expiring certificates as single day TLS certificates
  • Norwegian Dam Valve Forced Open for Hours in Cyberattack
  • Drug cartel hacked cameras and phones to spy on FBI and identify witnesses
  • Welcoming Truyu to Have I Been Pwned's Partner Program
  • Azure API vulnerability and built-in roles misconfiguration enable corporate network takeover
  • We've All Been Wrong: Phishing Training Doesn't Work
  • FileFix Attack Chain Enables Malicious Script Execution
  • Verizon and T-Mobile Deny Data Breaches as Millions of User Records Sold Online

Cisco warns that Unified CM has hardcoded root SSH credentials

Published: 2025-07-02 17:08:24

Popularity: 147

Author: Sergiu Gatlan

Keywords:

  • Security
  • 🤖: ""Root access alert!""

    Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. [...]

    ...more

    Let's Encrypt rolls out free security certs for IP addresses

    Published: 2025-07-03 07:34:06

    Popularity: 103

    Author: Thomas Claburn

    🤖: "SSL shields up"

    You probably don't need one, but it's nice to have the option Let's Encrypt, a certificate authority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.…

    ...more

    Instagram uses expiring certificates as single day TLS certificates

    Published: 2025-07-03 21:13:16

    Popularity: 37

    Author: tootac

    🤖: "Expiration alert"

    submitted by /u/tootac[link][comments]

    ...more

    Norwegian Dam Valve Forced Open for Hours in Cyberattack

    Published: 2025-06-30 09:42:46

    Popularity: 33

    Author: Deeba Ahmed

    Keywords:

  • Security
  • Cyber Attacks
  • Cyber Attack
  • Cyber Crime
  • Cybersecurity
  • IoT
  • Norway
  • Vulnerability
  • 🤖: ""Valve blowout""

    Unidentified hackers breached a Norwegian dam's control system in April, opening its valve for hours due to a weak password. Learn how simple vulnerabilities threaten critical infrastructure.

    ...more

    Drug cartel hacked cameras and phones to spy on FBI and identify witnesses

    Published: 2025-07-03 12:52:09

    Popularity: 28

    Author: None

    Keywords:

  • News
  • El Chapo
  • fbi
  • hacking
  • 🤖: ""Surveillance fail""

    The “El Chapo” Mexican drug cartel snooped on FBI personnel through hacked cameras, and listened in on their phone calls to...

    ...more

    Welcoming Truyu to Have I Been Pwned's Partner Program

    Published: 2025-07-02 23:28:34

    Popularity: 18

    Author: Troy Hunt

    Keywords:

  • Have I Been Pwned
  • 🤖: "New partner alert"

    Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I always used to joke that when people used Have I Been Pwned (HIBP), we effectively said "Oh no - you've been pwned! Uh, good luck!" and left it at that. That was fine when it was a pet project used by people who live in

    ...more

    Azure API vulnerability and built-in roles misconfiguration enable corporate network takeover

    Published: 2025-07-02 14:04:20

    Popularity: 17

    Author: Apprehensive-Side840

    🤖: ""Network Takeover""

    submitted by /u/Apprehensive-Side840[link][comments]

    ...more

    We've All Been Wrong: Phishing Training Doesn't Work

    Published: 2025-07-01 18:54:56

    Popularity: 14

    Author: Nate Nelson, Contributing Writer

    🤖: "Phish Fail"

    Teaching employees to detect malicious emails isn't really having an impact. What other options do organizations have?

    ...more

    FileFix Attack Chain Enables Malicious Script Execution

    Published: 2025-07-02 13:00:00

    Popularity: 14

    Author: Kristina Beek

    🤖: ""Script injection alert""

    By using social engineering tactics, threat actors are able to manipulate their victims into saving and renaming files that will backfire against them.

    ...more

    Verizon and T-Mobile Deny Data Breaches as Millions of User Records Sold Online

    Published: 2025-07-02 11:03:12

    Popularity: 11

    Author: Waqas

    Keywords:

  • Security
  • Cyber Attack
  • Cybersecurity
  • data breach
  • Privacy
  • T-Mobile
  • Telecom
  • Verizon
  • 🤖: ""Data Leak""

    User claims to sell stolen Verizon and T-Mobile data for millions of users (online Verizon says data is old T-Mobile denies any breach and links to it.

    ...more

    23andMe's new owner says your DNA is safe this time

    Published: 2025-07-02 17:32:06

    Popularity: 10

    Author: Connor Jones

    🤖: "Don't worry, it's encrypted"

    Nonprofit TTAM assures everything is BAU. Whether that makes customers feel better is another matter The medical research nonprofit vying to buy 23andMe is informing existing customers that it plans to complete the deal on July 8.…

    ...more

    CISA Adds One Known Exploited Vulnerability to Catalog

    Published: 2025-07-02 12:00:00

    Popularity: 9

    Author: CISA

    🤖: "Exploit alert!"

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.  Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

    ...more

    1 Year Later: Lessons Learned From the CrowdStrike Outage

    Published: 2025-07-02 14:00:00

    Popularity: 9

    Author: Nadir Izrael

    🤖: "Server Down"

    The ever-growing volume of vulnerabilities and threats requires organizations to remain resilient and anti-fragile — that is, to be able to proactively respond to issues and continuously improve.

    ...more

    Article from search.app

    Published: 2025-06-28 12:25:46

    Popularity: None

    Author: None

    🤖: ""Search fail""

    We couldn’t extract the content of this article. Here is the URL so you can access it:
    https://search.app/r3mXT

    ...more

    Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk

    Published: 2025-07-01 02:50:24

    Popularity: None

    Author: Oren Yomtov

    🤖: "VSCode takeover"

    TL;DR: We discovered a critical vulnerability in open-vsx.org — the open-source VS Code extension marketplace used by over 8,000,000…

    ...more

    C4 Bomb: Blowing Up Chrome’s AppBound Cookie Encryption

    Published: 2025-07-01 02:48:39

    Popularity: None

    Author: Ari Novick

    🤖: "Cookie explosion"

    In July 2024, Google introduced a new feature to better protect cookies in Chrome: AppBound Cookie Encryption. This new feature was able to disrupt the world of infostealers, forcing the malware...

    ...more

    Catwatchful - 61,641 breached accounts

    Published: 2025-07-03 23:04:01

    Popularity: None

    Author: None

    🤖: "Furry hack alert"

    In June 2025, spyware maker Catwatchful suffered a data breach that exposed over 60k customer records. The breach was due to a SQL injection vulnerability that enabled email addresses and plain text passwords to be extracted from the system.

    ...more

    end