CyberPulse

Unknown threat actors have reportedly breached the National Nuclear Security Administration's (NNSA) network in attacks exploiting a recently patched Microsoft SharePoint zero-day vulnerability chain. [...]

OpenAI is testing a new 'Study together' feature, and today, a new announcement within the ChatGPT web app confirms it. [...]

Kerberoasting gives attackers offline paths to crack service account password, without triggering alerts. Learn from Specops Software how to protect your Active Directory with stronger SPN password policies and reduced attack surfaces. [...]

OpenAI has had enough of Google's Veo 3 dominating generative AI videos and is now working on Sora 2, the successor to Sora. [...]

The suspected administrator of the Russian-speaking hacking forum XSS.is was arrested by the Ukrainian authorities yesterday at the request of the Paris public prosecutor's office. [...]

CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. [...]

AI voice clones can impersonate people in a way that Altman said is increasingly “indistinguishable from reality” and will require new methods for verification. The post OpenAI’s Sam Altman Warns of AI Voice Fraud Crisis in Banking appeared first on SecurityWeek.

npm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. [...]

Experts unpack the risks of trusting agentic AI, arguing that fallibility, hype, and a lack of transparency demand caution—before automation outpaces our understanding. The post Should We Trust AI? Three Approaches to AI Fallibility appeared first on SecurityWeek.

French authorities announced that an alleged admin of XSS.is, one of the longest-running cybercrime forums, has been arrested in Ukraine. The post France Says Administrator of Cybercrime Forum XSS Arrested in Ukraine appeared first on SecurityWeek.

Critics warn that a ban on ransomware payments may lead to dangerous unintended consequences, including forcing victims into secrecy or incentivizing attackers to shift tactics. The post UK’s Ransomware Payment Ban: Bold Strategy or Dangerous Gamble? appeared first on SecurityWe...

Akamai’s analysis of the Coyote malware revealed that it abuses Microsoft’s UIA accessibility framework to obtain data. The post Coyote Banking Trojan First to Abuse Microsoft UIA appeared first on SecurityWeek.

The ringleader of the Jetflicks illegal paid streaming operation, a massive service with tens of thousands of subscribers, was sentenced to seven years in prison. [...]

The US government has issued an alert on the Interlock ransomware, which targets organizations via drive-by download attacks. The post Organizations Warned of Interlock Ransomware Attacks appeared first on SecurityWeek.

Microsoft has resolved a known issue that triggers invalid Windows Firewall errors after rebooting Windows 11 24H2 systems with the June 2025 preview update installed. [...]

Sophos has patched five vulnerabilities in Sophos Firewall that could allow remote attackers to execute arbitrary code. The post Critical Vulnerabilities Patched in Sophos Firewall appeared first on SecurityWeek.

Fresh security updates for Chrome and Firefox resolve multiple high-severity memory safety vulnerabilities. The post High-Severity Flaws Patched in Chrome, Firefox appeared first on SecurityWeek.

The Lumma Stealer is back after Microsoft and law enforcement took action to significantly disrupt the malware’s infrastructure. The post Lumma Stealer Malware Returns After Takedown Attempt appeared first on SecurityWeek.

Cisco says it is aware of attempted exploitation of critical ISE vulnerabilities leading to unauthenticated remote code execution. The post Hackers Start Exploiting Critical Cisco ISE Vulnerabilities appeared first on SecurityWeek.

The Lumma infostealer malware operation is gradually resuming activities following a massive law enforcement operation in May, which resulted in the seizure of 2,300 domains and parts of its infrastructure. [...]

​​Microsoft has released the KB5062660 preview cumulative update for Windows 11 24H2 with twenty-nine new features or changes, with many gradually rolling out, such as the new Black Screen of Death and Quick Machine Recovery tool. [...]

Microsoft is rolling out significant changes to Windows 11 24H2 as part of the Windows Resilience Initiative, designed to reduce downtime and help devices recover from serious failures, as well as an overhaul of the all-too-familiar BSOD crash screens. [...]

A new variant of the banking trojan 'Coyote' has begun abusing a Windows accessibility feature, Microsoft's UI Automation framework, to identify which banking and cryptocurrency exchange sites are accessed on the device for potential credential theft. [...]

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the Sharepoint flaw to breach U....

Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence based...

Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fil...

Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft's most-dire "critical" ratin...

In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of Americ...

Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of ...

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website h...

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this...

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity servi...