Gateway security guidance package: Gateway operations and management | Cyber.gov.au
This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s Gateway security guidance package written for audiences responsible for the operation and management of gateways.
This guidance is one part of a package of documents that forms the gateway security guidance package. When designing, procuring, operating, maintaining or disposing of a gateway, it is important to consider all the documents from the gateway security guidance package at different stages of governance, design and implementation, and not to consume this guidance in isolation.
The purpose of this guidance is to inform decision-makers at the executive level of their responsibilities, the appropriate considerations needed to make informed risk-based decisions, and to meet policy obligations when leading the design or consumption of their organisation’s gateway services.
Lovense sex toy app flaw leaks private user email addresses
The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member's email address simply by knowing their username, putting them at risk of doxxing and harassment.
MY TAKE: The signal vs. the noise: email messaging in the era of my AI talking to your AI
Not long ago, I found myself staring at a reply that could’ve come from a bot. Related: Microsoft purges 'knowledge workers' It was a polite follow-up from a PR rep reiterating a pitch I had already acknowledged — and responded to with a thoughtful, clearly outlined counter-offer. My reply wasn’t off-the-shelf. It was a handcrafted
Tea app leak worsens with second database exposing user chats
The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members.
Researchers flag flaw in Google’s AI coding assistant that allowed for ‘silent’ code exfiltration | CyberScoop
Researchers have disclosed a vulnerability in Gemini Command Line Interface (CLI), Google’s latest piece of “agentic” AI software for code development.
Flaw in Gemini CLI AI coding assistant allowed stealthy code execution
A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs.
Endgame Gear mouse config tool infected users with malware
Gaming peripherals maker Endgame Gear is warning that malware was hidden in its configuration tool for the OP1w 4k v2 mouse hosted on the official website between June 26 and July 9, 2025.
Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data
Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data.
Exploit available for critical Cisco ISE bug exploited in attacks
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE).
Chennai, India, July 25, 2025, CyberNewswire — xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly. Built by the team behind XposedOrNot, an open-source breach detection tool used by thousands,
Senator presses Musk on Starlink ‘misuse’ by Southeast Asian scammers
Democrat Maggie Hassan says Starlink should acknowledge the use of its satellite internet tech for scams originating in Southeast Asia and do more to explain its response.
CISA flags PaperCut RCE bug as exploited in attacks, patch now
CISA warns that threat actors are exploiting a high-severity vulnerability in PaperCut NG/MF print management software, which can allow them to gain remote code execution in cross-site request forgery (CSRF) attacks.
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information cached by Apple Intelligence.
Des hackeurs promettent « la destruction totale de l’infrastructure informatique » d’Aeroflot, compagnie aérienne russe
Chaos dans les aéroports russes ce lundi 28 juillet : la compagnie nationale Aeroflot a été contrainte d’annuler et de reprogrammer plus d’une cinquantaine de vols. La raison ? Une cyberattaque d'une ampleur inédite revendiquée par le groupe de hackers ukrainiens « Silent Crow » La liste s'allonge et aucun signe de
Sen. Hassan wants to hear from SpaceX about scammers abusing Starlink | CyberScoop
Maggie Hassan cited evidence accumulating over the past two years that some Southeast Asian fraudsters scamming billions of dollars from U.S. citizens have leaned on Starlink.