In order to provide you the best services, DrGlenn regularly posts articles and new security concerns. Check back often!

The advent of COVID-19 made remote work far more palatable for many. Even though the virus no longer poses a global threat, people now find the concept of remote work much more acceptable and appealing. This situation has opened the doors for threat actors to impersonate false employers, and the deception usually begins with a simple text message. A significant percentage of people list their employment information on valid job sites. They may indicate that they seek remote work and even add comments on their social media. Criminals specifically target these individuals, and they have become fairly sophisticated in their approach and successful in stealing people’s money. Anatomy of a Task Scam Whether solicited or unsolicited, the individual receives a text message offering the...

Generative AI (GenAI) is getting ahead of enterprises and changing them faster than even some of the most revolutionary technologies. GenAI has the potential to deliver scale in operations and the ability to be creative: automating the creation of marketing content, expanding software-development capability, reimagining customer service, and analysis of risks. Yet, beneath this promise lies a stark new reality: GenAI workloads are introducing complex security risks that CISOs can no longer ignore. The old concept of enterprise security perimeter has already become divided due to hybrid cloud, remote workforce, and SaaS sprawl. The risk that AI introduces is novel, probabilistic, and opaque and it may occur in the form of third-party models. To Chief Information Security Officers,...

A multi-stage malware attack delivered via infected USB devices has been identified, raising concerns over the persistence of cryptomining threats in 2025. Analysts from CyberProof’s Managed Detection and Response (MDR) team discovered that the campaign used DLL search order hijacking and PowerShell to bypass security controls before attempting to install a cryptominer. The malware was linked to earlier Zephyr (XMRig) activity and was ultimately blocked during the final stage by endpoint detection and response (EDR) tools. The attack begins with a Visual Basic script concealed on USB drives. Once executed, the script initiates a chain of processes, including xcopy.exe, to move files into the Windows System32 directory. These files then enable the side-loading of a malicious DLL...

Microsoft on Tuesday announced 109 patches affecting 16 product families. Eighteen of the addressed issues are considered by Microsoft to be of Critical severity, and 31 have a CVSS base score of 8.0 or higher, including a “perfect” 10.0 affecting Azure. None are known to be under active exploit in the wild, though two Windows issues (CVE-2025-53786 and CVE-2025-53779) are already publicly disclosed. At patch time, nine CVEs are judged more likely to be exploited in the next 30 days by the company’s estimation. Various of this month’s issues are amenable to direct detection by Sophos protections, and we include information on those in a table below. In addition, eight CVEs included in this month’s set, mostly involving cloud-centric product families such as Azure and 365, are...

Does your business truly understand its dependencies, and how to mitigate the risks posed by an attack on them? 12 Aug 2025  •  , 4 min. read A panel discussion at DEF CON 33 last week, titled “Adversaries at war: Tactics, technologies, and lessons from modern battlefields”, offered several thought-provoking points, as well as a clear takeaway: while digital tactics such as misinformation and influence campaigns are useful in modern conflict, they are not going to win a war. That’s because when bombs start dropping and the physical elements of war are under way, the misinformation spreading through digital channels becomes less important. Understandably, the victims of conflict and those displaced have more urgent priorities: food, shelter and staying alive. Turning the...

In the case of GPT-5, “Storytelling” was used to mimic the prompt-engineering tactic where the attacker hides their real objective inside a fictional narrative and then pushes the model to keep the story going.“Security vendors pressure test each major release, verifying their value proposition, and inform where and how they fit into that ecosystem,” said Trey Ford, chief strategy and trust officer at Bugcrowd. “They not only hold the model providers accountable, but also inform enterprise security teams about protecting the instructions informing the originally intended behaviors, understanding how untrusted prompts will be handled, and how to monitor for evolution over time.” Echo Chamber + Storytelling to trick GPT-5 The researchers break the method into two discrete steps. The...

A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients. The documentary, “Most Wanted: Teen Hacker,” explores the 27-year-old Kivimäki’s lengthy and increasingly destructive career, one that was marked by cyber attacks designed to result in real-world physical impacts on their targets. By the age of 14, Kivimäki had fallen in with a group of criminal hackers who were mass-compromising websites and milking them for customer payment card data. Kivimäki and his friends enjoyed harassing...

Tea, the woman-only dating advice app where users can anonymously rate and review men, has made quite a name for itself in recent weeks.Firstly it stirred controversy with its unpleasant take on digital vigilantism, providing a platform through which anyone could damage the reputation of a man with unverified claims, and no apparent method for them to have any comeback.And then, as we recently reported, Tea proved itself to be riddled with security problems that exposed sensitive user information, including images and private messages.Nonetheless, Tea managed to achieve a prime position towards the top of the app store charts.And so its perhaps no surprise to see that knock-off apps like TeaOnHer have suddenly popped up on smartphones, offering to give men the chance to share...

Aug 06, 2025The Hacker NewsCompliance / Security Operations As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and MSSPs see high demand for vCISO services among SMBs. How are service providers scaling to meet this demand? Which business upside can they expect to see? And where does AI fit in? The answers can be found in "The 2025 State of the vCISO Report". This newly-released report offers a deep dive into the vCISO market evolution and the broader shift toward advanced cybersecurity services. The bottom...

CVE-2023-40101 Detail Modified This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes. Description In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Metrics   CVSS Version 4.0 CVSS Version 3.x CVSS Version 2.0 NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also ...

In the dependent world on digital infrastructure, cyber security has become the cornerstone of organizational flexibility. Nevertheless, despite the billions spent on sophisticated systems and strategies, violations are often frightening. The notion that “cyber security is broken” is not just a dramatic declaration – this is a reality. While the Zero Trust Architecture (ZTA) has emerged as a promising outline to combat the dangers developed, it can not alone address the outfits of complex and versatile challenges. A comprehensive reconsideration of cyber security solutions is mandatory to navigate this uncertain landscape. The State of Cybersecurity: A Fractured Landscape The foundation of cyber security lies in preventing and reacting. However, from the growing...

A sophisticated Android banking Trojan, dubbed “DoubleTrouble,” has recently expanded both its delivery methods and technical capabilities, posing a significant threat to users across Europe. Initially spread through phishing websites impersonating major banks, the malware now distributes its payload via Discord-hosted APKs, making detection and prevention more difficult. Researchers at Zimperium have analyzed nine samples from the current campaign and 25 from earlier variants. In an advisory published on Wednesday, they reported that the latest version of the Trojan offers several new functions designed to steal sensitive data, manipulate device behavior and evade traditional mobile defenses. Advanced Features Enable Real-Time Surveillance Once installed, DoubleTrouble disguises...

Sophos analysts are investigating a new infection chain for the GOLD BLADE cybercriminal group’s custom RedLoader malware, which initiates command and control (C2) communications. The threat actors leverage a LNK file to remotely execute and sideload a benign executable, which loads the RedLoader stage 1 payload that is hosted on GOLD BLADE infrastructure. The threat actors previously used these techniques individually: the use of WebDAV to execute remotely hosted DLLs was observed in September 2024, and the sideloading of a renamed ADNotificationManager.exe file was observed in March 2025. However, the combination observed in July 2025 represents a method for initial execution that has not been publicly reported. Execution chain Figure 1 illustrates the execution chain. The...

The ToolShell bugs are being exploited by cybercriminals and APT groups alike, with the US on the receiving end of 13 percent of all attacks 25 Jul 2025 The ESET research team has released their findings about exploitation of CVE-2025-53770 and CVE‑2025‑53771, zero-day vulnerabilities in on-premises Microsoft SharePoint servers dubbed ToolShell. ESET's data shows that attacks hit victims globally, with the US (13.3% of attacks) being the most-targeted country. What else is there to know about the incursions and what should organizations do to stay safe? Watch the video with ESET Chief Security Evangelist Tony Anscombe and make sure to read the blogpost itself, Connect with us on Facebook, X, LinkedIn and Instagram. Source...

The malware registers itself as a background service, sets up recurring scheduled tasks, and evades detection by concealing its processes from standard monitoring tools. Its adaptive logic, including proxy-checking routines, an intelligent selection among 18 cryptocurrency miners, and fallback behaviors, is likely a borrowed AI function, Morag noted in the blog. Aqua recommended monitoring unauthorized bash modifications, unexpected DNS rewrites, and using runtime protection telemetry to spot anomalous shell behavior. Additionally, blocking execution of polyglot file payloads and hidden rootkits (with drift prevention) was advised. The blog shared a few indicators of compromise (IOCs), including IP addresses, URLs, and filenames used in the attacks. Source link

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the SharePoint flaw to breach U.S. federal and state agencies, universities, and energy companies. Image: Shutterstock, by Ascannio. In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, 2025 security update. The Cybersecurity & Infrastructure Security Agency (CISA) concurred, saying CVE-2025-53770 is a variant on a flaw Microsoft patched...

A pro-Kremlin cybercrime network has been taken offline after an international law enforcement operation disrupted over 100 of its servers, detained two gang members, and issued arrest warrants for seven more.The hacking group NoName057(16) has been operating since 2022, launching cyber attacks on government organisations, media bodies, critical infrastructure, and private companies in Ukraine, America, Canada, and across Europe in a seeming attempt to silence voices that the group considers anti-Russian.Operating largely through Telegram channels, NoName057(16) has gained a reputation for itself by launching distributed denial-of-service (DDoS) attacks For instance, earlier this year, the National Cyber Security Center (NCSC) in the Netherlands described how several Dutch...

Jul 18, 2025Ravie LakshmananSurveillance / Mobile Security Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as Meiya Pico. It specializes in the research, development, and sale of electronic data forensics and network information security technology products. According to a report published by Lookout, Massistant works in conjunction with a corresponding desktop software, allowing for access to the device's GPS location data, SMS messages, images, audio, contacts, and phone...

TikTok has become one of the most popular social media platforms on the net. As we have learned, the more the user base, the more that hackers will try to break in to steal sensitive information. While there might be many more mature users, the user base including younger people is increasing. These are generations that feel free to share just about everything online, and hackers see them as perfect to target.  The criminals are also aware that a majority of these users have mobile accounts as their main communication methods and online use, and have specifically targeted mobile passwords. Cybercriminals have become quite sophisticated in their approaches for hacking. Many are in groups that include well-educated and well-funded hackers. TikTok’s popularity includes a lot of...

India’s Digital Personal Data Protection (DPDP) Act is reshaping how companies collect, process, store, and share personal data. For digital lenders — NBFCs, banks, and fintechs — this means adapting quickly to new compliance norms while balancing growth, customer trust, and innovation. The Changing Landscape Over the past decade, digital lending in India has grown exponentially. Easy credit, instant approvals, and innovative fintech models have made loans accessible to millions. But this rapid digitization has also raised concerns around misuse of personal data, aggressive data harvesting, and inadequate safeguards. The DPDP Act, notified in 2023, aims to fix this by giving data principals (individuals) more rights and putting strict obligations on data fiduciaries (companies)....