Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited to seize controlRead More »Microsoft Patch Tuesday, July 2025 Edition
Adobe patches were also released for medium-severity flaws in After Effects, Audition, Dimension, Experience Manager Screens, FrameMaker, Illustrator, Substance 3D Stager, and Substance 3D Viewer. The post Adobe Patches Critical Code Execution Bugs appeared first on SecurityWeek.
Patch Tuesday July 2025: Microsoft rolled out fixes for 130 vulnerabilities, including a zero-day in SQL Server. The post Microsoft Patches 130 Vulnerabilities for July 2025 Patch Tuesday appeared first on SecurityWeek.
The warning came after the department discovered that an impostor attempted to reach out to at least three foreign ministers, a U.S. senator and a governor. The post Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials appeared first on SecurityWeek.
In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased Shellter Elite licenses leaked their copy,Read More »Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware
A stolen copy of Shellter Elite shows how easily legitimate security tools can be repurposed by threat actors when vetting and oversight fail. The post Legitimate Shellter Pen-Testing Tool Used in Malware Attacks appeared first on SecurityWeek.
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google’s official app marketplace. The malware, disguised as a “PDF Update” to a document viewer app, has been caught serving a deceptive overlayRead More »Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play
LLMs have been observed leading users to phishing links.
As organizations rush to adopt agentic AI, security leaders must confront the growing risk of invisible threats and new attack vectors. The post The Wild Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore appeared first on SecurityWeek.
Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025.Read More »Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension
