Exploit available for critical Cisco ISE bug exploited in attacks
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE).
Chennai, India, July 25, 2025, CyberNewswire — xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly. Built by the team behind XposedOrNot, an open-source breach detection tool used by thousands,
Senator presses Musk on Starlink ‘misuse’ by Southeast Asian scammers
Democrat Maggie Hassan says Starlink should acknowledge the use of its satellite internet tech for scams originating in Southeast Asia and do more to explain its response.
CISA flags PaperCut RCE bug as exploited in attacks, patch now
CISA warns that threat actors are exploiting a high-severity vulnerability in PaperCut NG/MF print management software, which can allow them to gain remote code execution in cross-site request forgery (CSRF) attacks.
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
Microsoft Threat Intelligence has discovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), including the ability to extract and leak sensitive information cached by Apple Intelligence.
Sen. Hassan wants to hear from SpaceX about scammers abusing Starlink | CyberScoop
Maggie Hassan cited evidence accumulating over the past two years that some Southeast Asian fraudsters scamming billions of dollars from U.S. citizens have leaned on Starlink.
Internet Archive is now a US federal depository library
The Internet Archive has become an official U.S. federal depository library, providing online users with access to archived congressional bills, laws, regulations, presidential documents, and other U.S. government documents.
Hundreds of registered data brokers ignore user requests around personal data | CyberScoop
Researchers in California contacted data brokers in their state to exercise their rights under the California Privacy Protection Act. Many didn’t reply, while others threw up barriers.
FBI alerts tie together threats of cybercrime, physical violence from The Com | CyberScoop
Officials said thousands of people, typically between 11 and 25 years old, are engaged in a growing and evolving online threat to commit crime for money, retaliation, ideology, sexual gratification and notoriety.
Free Tool Autoswagger Finds The API Flaws Attackers Hope You Miss
Exposed API documentation is a gift-wrapped roadmap for threat actors. The free Autoswagger tool from Intruder scans for exposed docs and flags endpoints with broken access controls—before attackers find them.
CSA’s CCM includes cloud security monitoring and logging controls. Implement effective incident response, audit log security, clock synchronization, and more.
Tea app data theft scandal worsens as stolen IDs leaked to cybercriminal forum
Makers of the app for women called Tea are continuing to respond to an intrusion into a "legacy data storage system" that exposed photos of users, including images of driver's licenses.