Aggregator

CISA, in partnership with the U.S. Coast Guard (USCG), released a joint Cybersecurity Advisory aimed at helping critical infrastructure organizations improve their cyber hygiene. This follows a proactive threat hunt engagement conducted at a U.S. critical infrastructure facility.

During this engagement, CISA and USCG did not find evidence of malicious cyber activity or actor presence on the organization’s network but did identify several cybersecurity risks. CISA and USCG are sharing their findings and associated mitigations to assist other critical infrastructure organizations identify potential similar issues and take proactive measures to improve their cybersecurity posture. The mitigations include best practices such as not storing passwords or credentials in plaintext, avoiding sharing local administrator account credentials, and implementing comprehensive logging.

For more detailed mitigations addressing the identified cybersecurity risks, review joint Cybersecurity Advisory: CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization. 

Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thorium, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams' capabilities by automating analysis workflows through seamless integration of commercial, open-source, and custom tools. It supports various mission functions, including software analysis, digital forensics, and incident response, allowing analysts to efficiently assess complex malware threats.

Thorium enables teams that frequently analyze files to achieve scalable automation and results indexing within a unified platform. Analysts can integrate command-line tools as Docker images, filter results using tags and full-text search, and manage access with strict group-based permissions.  

Designed to scale with hardware using Kubernetes and ScyllaDB, Thorium can ingest over 10 million files per hour per permission group while maintaining rapid query performance. It also allows users to define event triggers and tool execution sequences, control the platform via RESTful API, and aggregate outputs for further analysis or integration with downstream processes.

CISA encourages cybersecurity teams to use Thorium and provide feedback to enhance its capabilities. For more information on Thorium and how it can improve your cybersecurity operations, see CISA’s Thorium resource webpage. 

CISA released two Industrial Control Systems (ICS) advisories on July 31, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-212-01 Güralp FMUS Series Seismic Monitoring Devices
• ICSA-25-212-02 Rockwell Automation Lifecycle Services with VMware

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Impurities in these drugs can cause undesirable immune responses in patients and can significantly drive up costs for drug manufacturers.

Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper

Over the past three months, our threat analysts have noticed a significant spike in attackers abusing Microsoft 365’s Direct Send feature—a tool intended for devices like printers or scanners to send internal emails without authentication. Unfortunately, threat actors have found a way to exploit this convenience, slipping past critical email security checks like SPF, DKIM, and DMARC.

The post Inside Job: Attackers Are Spoofing Emails with M365’s Direct Send appeared first on Security Boulevard.

Man in the Prompt attack shows how browser extensions can exploit ChatGPT, Gemini and other AI tools to steal data or inject hidden prompts.

Intel 471 has launched Verity471, a next-generation cyber threat intelligence (CTI) platform. It brings together all of Intel 471’s solutions into one place, making it easier for security teams to work together, improve workflows, and get more from their threat intelligence. The platform extends beyond the provisioning of CTI by furnishing actionable insights that can be operationalized CTI out of the box. With Verity471, security teams are not only informed of potential threats but are … More →

The post Intel 471 unveils Verity471, a unified platform for next-gen cyber threat intelligence appeared first on Help Net Security.

A vulnerability was found in MB Connect Line mbNET HW1, mbNET and mbNET.rokey and classified as critical. This issue affects some unknown processing of the component LUA Sandbox. The manipulation leads to improper isolation or compartmentalization. The identification of this vulnerability is CVE-2025-41688. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Phoenix Contact AXL F BK PN TPS, AXL F BK PN TPS XC, AXL F BK PN, AXL F BK PN XC, AXL F BK SAS, AXL F BK ETH, AXL F BK ETH XC, AXL F BK EIP, AXL F BK EIP EF, AXL F BK EIP XC, IL PN BK-PAC, IL ETH BK-PAC, IL ETH BK DI8 DO4 2TX-PAC and IL EIP BK DI8 DO4 2TX-PAC and classified as critical. This vulnerability affects unknown code of the component HTTP Service. The manipulation leads to allocation of resources. This vulnerability was named CVE-2025-2813. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in UltimateFosters UltimatePOS 6.4;. This affects an unknown part of the file /products//edit of the component Query Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-40980. It is possible to initiate the attack remotely. There is no exploit available.

Это могло быть адом. А оказалось ключом к выживанию человечества.

Outpost24 has launched the Outpost24 Credential Checker, a free tool that provides organizations with a sneak peek into exposed credentials leaked on the dark web. Timely visibility into credential exposure can mean the difference between a contained incident and a full-scale data breach for organizations of all sizes. The Outpost24 Credential Checkerhelps solve this issue by checking whether an organization’s email domain is linked to any credentials leaked on the dark web. “Our goal in … More →

The post Outpost24 launches Credential Checker to spot leaked credentials on the dark web appeared first on Help Net Security.

根据发表在《PLOS One》期刊上的一项研究，人类每天在室内环境吸入逾 7 万个微塑料。塑料是当代最严重的环境问题之一，其中纳米大小的颗粒能吸入肺部。法国图卢兹大学的科学家量化了每天可能吸入的塑料粉尘量。研究小组从自家公寓和汽车中采集了 16 个室内空气样本，使用拉曼光谱学(Raman Spectroscopy)测量微塑料浓度。结果显示我们每天的塑料颗粒吸入量非常大。公寓空气样本的中值浓度为每立方米 528 个微塑料颗粒，汽车内微塑料颗粒浓度则高达每立方米 2238 个。这些颗粒 94% 直径小于 10 微米，足以吸入后深入肺组织。研究团队估计，成年人每天从室内环境中吸入大约 7.1 万个微塑料颗粒，其中 6.8 万个小于 10 微米。人类平均 90% 的时间处于室内，包括家、工作场所、商店、交通工具等，会在不自觉中吸入微塑料污染物。

Spanish authorities have successfully apprehended a sophisticated cybercriminal who allegedly stole sensitive data from major financial institutions, educational organizations, and private companies across the country. The arrest represents a significant victory in the ongoing battle against cybercrime targeting Spanish citizens and businesses. A collaborative effort between the Mossos d’Esquadra (Catalan police) and Spain’s National Police […]

The post Hacker Arrested for Data Theft Targeting Spanish Bank Customers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Russian state-sponsored threat actor APT28, also known as Fancy Bear or Forest Blizzard, has deployed LameHug, the first publicly documented malware leveraging large language models (LLMs) for automated command generation and execution. According to a recent CERT-UA report, this campaign targeted Ukraine’s security and defense sectors earlier this month, initiating with spearphishing emails dispatched […]

The post LAMEHUG: First AI-Powered Malware Targets Organizations via Compromised Official Email Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

建议发行人参考最新指引，确保合规体系的完整性与有效性。

Троян Auto-Color целых три дня терзал американское предприятие изнутри.

The arrest of members of the Scattered Spider cyber-attack group have temporarily halted new intrusions, however, similar threat actors continue to pose risks