Third of Exploited Vulnerabilities Weaponized Within a Day of Disclosure
32.1% of vulnerabilities listed in VulnCheck’s Known Exploited Vulnerabilities catalog were weaponized before being detected or within the following day
Why Supply Chain Visibility is a CFO Imperative in 2025 - interos.ai
72% of surveyed CFOs anticipated the North American economy would improve this year, according to Deloitte’s fourth quarter North American CFO Signals Survey.
Measuring the Attack/Defense Balance - Schneier on Security
“Who’s winning on the internet, the attackers or the defenders?” I’m asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain’s latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all doing collectively—and not just how an individual network is doing. Healey wrote to me in email: The work rests on three key insights: (1) defenders need a framework (based in threat, vulnerability, and consequence) to categorize the flood of potentially relevant security metrics; (2) trends are what matter, not specifics; and (3) to start, we should avoid getting bogged down in collecting data and just use what’s already being reported by amazing teams at Verizon, Cyentia, Mandiant, IBM, FBI, and so many others...
Vos chèques vacances ANCV vont bientôt expirer ? Un mail d’arnaque à coup sûr
Une campagne d’arnaque aux chèques-vacances ANCV circule dans les boîtes mail des Français, en ce mois de juillet 2025. Prétextant l’expiration imminente des titres, des cybercriminels essaient de piéger leurs victimes en les redirigeant vers un site frauduleux. Ah, l’été… le temps des verres en terrasse, des clubs
US Tops Hit List as 396 SharePoint Systems Compromised Globally
A total of 396 compromised Microsoft SharePoint systems have been identified globally, affecting 145 organizations across 41 countries in the wake of the ToolShell zero-day vulnerability
Cobalt Strike Beacon delivered via GitHub and social media
A campaign targeting Russian entities leveraged social media, Microsoft Learn Challenge, Quora, and GitHub as intermediate C2 servers to deliver Cobalt Strike Beacon.
Minnesota governor activates National Guard after cyberattack on state capital
Mayor Melvin Carter said during a press conference on Tuesday that the city is most concerned about the data it holds on government employees, arguing that the city does not carry much information on city residents.
Minnesota activates National Guard after St. Paul cyberattack
Minnesota Governor Tim Walz has activated the National Guard in response to a crippling cyberattack that struck the City of Saint Paul, the state's capital, on Friday.
Scattered Spider is targeting victims' Snowflake data storage for quick exfiltration
The latest guidance on Scattered Spider from the FBI and agencies in the U.K., Canada and Australia says the cybercrime group is often looking for Snowflake data storage credentials when it picks a company to attack.
Russian airline Aeroflot grounds dozens of flights after cyberattack
Aeroflot, Russia's flag carrier, has suffered a cyberattack that resulted in the cancellation of more than 60 flights and severe delays on additional flights.
Palo Alto, Calif., July 29, 2025, CyberNewswire — Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security indicator. The recent Geco Colorpick case exemplifies how these certifications provide nothing more than a false sense