news
Security and Windows TCO Leftovers
-
NVISO Labs ☛ Detection Engineering: Practicing Detection-as-Code – Introduction – Part 1
In this first part we are going through the basic terminology and concepts of a Detection-as-Code approach in Detection Engineering. Throughout this series, we’ll dive deep into a wide range of concepts, strategies, and practical blueprints that you can adapt to fit your own workflows. From building a detection engineering repository to validating detections, automating documentation, and delivering them at scale to numerous managed environments. We’ll also explore how to effectively test and monitor your detections to ensure they stay reliable.
-
Security Week ☛ Adobe Patches Critical Code Execution Bugs
Adobe patches were also released for medium-severity flaws in After Effects, Audition, Dimension, Experience Manager Screens, FrameMaker, Illustrator, Substance 3D Stager, and Substance 3D Viewer.
-
Security Week ☛ SAP Patches Critical Flaws That Could Allow Remote Code Execution, Full System Takeover
SAP has released patches for multiple insecure deserialization vulnerabilities in NetWeaver that could lead to full system compromise.
-
Security Week ☛ Exploits, Technical Details Released for CitrixBleed2 Vulnerability
Researchers released technical information and exploit code targeting a critical vulnerability (CVE-2025-5777) in Citrix NetScaler.
-
Security Week ☛ Qantas Hit with Extortion Demand After Data Breach
The Australian airline says a cybercriminal attempted to extort it after customer data was stolen from a contact center.
-
Silicon Angle ☛ Morphisec warns of Iran-backed ransomware campaign driven by political motives
A new report out today from endpoint security firm Morphisec Inc. reveals the resurgence of Pay2Key, a ransomware operation with ties to Iran’s Fox Kitten advanced persistent threat group, now rebranded as Pay2Key.I2P.
-
LWN ☛ A set of Git security-fix releases
Versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1 and
v2.50.1 of the Git source-code management system have been released.
"This is a set of coordinated security fix releases. Please update at
your earliest convenience". See the announcement for details;
many of the vulnerabilities have to do with tricks buried in untrusted
repositories.
-
OpenSSF (Linux Foundation) ☛ Recap: OpenSSF Community Day Japan 2025
OpenSSF Community Day Japan returned to Tokyo for its third consecutive year in 2025, bringing together a diverse group of developers, researchers, government representatives, and industry experts to focus on securing the open source ecosystem.
-
Tom's Hardware ☛ Popular industry security tool repurposed by cybercriminals to deploy infostealer malware — Shellter developer blasts 'reckless and unprofessional' researchers for not disclosing issue for months
The developers behind a popular industry security tool say it has been repurposed by hackers, but blame a research group for not disclosing a vulnerability months earlier.
-
Silicon Angle ☛ Splunk uncovers surge in social engineering through fake CAPTCHA attacks
A new report out today from big data company Splunk Inc. warns of a new trend in cybercrime: a surge in sophisticated social engineering campaigns that use fake CAPTCHA systems to deliver malware without relying on any traditional software vulnerabilities.
-
Security Week ☛ Legitimate Shellter Pen-Testing Tool Used in Malware Attacks
A stolen copy of Shellter Elite shows how easily legitimate security tools can be repurposed by threat actors when vetting and oversight fail.
-
Windows TCO / Windows Bot Nets
-
Scoop News Group ☛ Microsoft Patch Tuesday addresses 130 vulnerabilities, none actively exploited
Researchers are especially concerned about a high-severity defect in SQL Server and a critical vulnerability in SPNEGO, a foundational protocol.
-
Google ☛ Isolated Recovery Environments: A Critical Layer in Modern Cyber Resilience
As adversaries grow faster, stealthier, and more destructive, traditional recovery strategies are increasingly insufficient. Mandiant's M-Trends 2025 report reinforces this shift, highlighting that ransomware operators now routinely target not just production systems but also backups. This evolution demands that organizations re-evaluate their resilience posture. One approach gaining traction is the implementation of an isolated recovery environment (IRE)—a secure, logically separated environment built to enable reliable recovery even when an organization's primary network has been compromised.
This blog post outlines why IREs matter, how they differ from conventional disaster recovery strategies, and what practical steps enterprises can take to implement them effectively.
-
The Register UK ☛ Iranian ransomware crew promises big bucks for US attacks
In a June 23 post screenshotted by the security firm and shared in a Tuesday report [PDF], the ransomware crew that now uses the name “Pay2Key.I2P” promised a "favorable percentage (80 percent instead of 70 percent) for anyone engaged in an attack against enemies of Iran. This is primarily Israel and the United States. Write in support."
-
Meduza ☛ At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
A court in Paris has jailed Russian basketball player Daniil Kasatkin on suspicion of involvement in a hacker group’s extortion activities. The 26-year-old was arrested on June 21 at Charles de Gaulle airport at the request of the United States, which has charged him with conspiracy to commit computer fraud. According to American investigators, Kasatkin acted as an accomplice in a hacker group’s ransomware attacks on roughly 900 companies, including two federal institutions, between 2020 and 2022. Officials believe that Kasatkin participated in negotiations for ransom payments on behalf of the hacker group. He denies this.
-