"350M cars, 1B devices exposed to 1-click Bluetooth RCE."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 12 July 2025, 1426 UTC.

Content and Source:  "Dark Reading."

Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please check subscription link or scroll down to read your selections.  Thanks for joining us today.  

Russ Roberts (http://www.hawaiicybersecurityjournal.net).

Dark Reading

141K followers32 articles per week

#security#tech

28

Most popular

350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE

4 TTPs

•

by Nate Nelson, Contributing Writer / 18h

Mercedes, Skoda, and Volkswagen vehicles, as well as untold industrial, medical, mobile, and consumer devices, may be exposed to a vulnerable Bluetooth implementation called "PerfektBlue."

New AI Malware PoC Reliably Evades Microsoft Defender

26by Nate Nelson, Contributing Writer / 2d

Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that.

Rubio Impersonator Signals Growing Security Threat From Deepfakes

AI impersonation targets diplomats

•

by Elizabeth Montalbano, Contributing Writer / 2d

An impostor who posed as the secretary of state in text and voice communications with diplomats and politicians demonstrates the increased sophistication of and national security threat posed by the AI technology.

Yesterday

Pay2Key Ransomware Gang Resurfaces With Incentives to Attack US, Israel

9 TTPs

•

by Rob Wright / 17h

The ransomware-as-a-service (RaaS) operation, which has been tied to an Iranian advanced persistent threat (APT) group, recently boosted its affiliate profit share to 80% for attacks on Western targets.

As Cyber-Insurance Premiums Drop, Coverage Is Key to Resilience

by Robert Lemos, Contributing Writer / 22h

Cyber-insurance premiums continue to decline from their explosive growth from 2020 to 2022, but coverage is more important than ever to manage risks, experts say.

Factoring Cybersecurity Into Finance's Digital Strategy

by Jeff Prelle / 1d

As financial institutions continue to embrace digital transformation, their success will depend on their ability to establish and maintain robust and responsible cybersecurity practices.

Digital Fingerprints Test Privacy Concerns in 2025

by Stephen Lawton / 1d

Digital fingerprinting technology creates detailed user profiles by combining device data with location and demographics, which increases the risks of surveillance.

Jul 10, 2025

Customer, Employee Data Exposed in Nippon Steel Breach

Exfiltration (Enterprise TA0010)

•

by Kristina Beek / 1d

•

Nippon Steel Solutions suffers zero-day breach

Information from the company's NS Solutions subsidiary has yet to show up on any Dark Web sites, but it doesn't rule out the possibility that the data may have been stolen.

eSIM Bug in Millions of Phones Enables Spying, Takeover

3 TTPs

•

by Nate Nelson, Contributing Writer / 1d

eSIMs around the world may be fundamentally vulnerable to physical and network attacks because of a 6-year-old Oracle vulnerability in technology that underlies billions of cards.

Ingram Micro Up and Running After Ransomware Attack

Ingram Micro faces prolonged global outage

•

by Kristina Beek / 1d

Customers were the first to notice the disruption on the distributor's website when they couldn't place orders online.

Agentic AI's Risky MCP Backbone Opens Brand-New Attack Vectors

3 TTPs

•

by Jai Vijayan, Contributing Writer / 1d

Critical security vulnerabilities affect different parts of the Model Context Protocol (MCP) ecosystem, which many organizations are rapidly adopting in order to integrate AI models with external data sources.

4 Arrested in UK Over M&S, Co-op, Harrods Hacks

4 TTPs

•

by Alexander Culafi / 1d

•

Teenagers arrested for retail cyberattacks

The UK's National Crime Agency arrested four people, who some experts believe are connected to the notorious cybercriminal collective known as Scattered Spider.

SIM Swap Fraud Is Surging — and That's a Good Thing

by Shaun Cooney / 1d

Now it's time to build systems that attackers can't reroute with a phone call.

Browser Exploits Wane as Users Become the Attack Surface

by Robert Lemos, Contributing Writer / 2d

For browsers, exploitation is out — and getting users to compromise their own systems is in. Improved browser security has forced attackers to adapt their tactics, and they've accepted the challenge.

AirMDR Tackles Security Burdens for SMBs With AI

AirMDR raises 155 million

•

by Arielle Waldman / 2d

The security startup provides managed detection and response services for small to midsize businesses to detect and address modern threats, such as ransomware, phishing attacks, and malicious insiders.

Jul 9, 2025

North American APT Uses Exchange Zero-Day to Attack China

2 TTPs

•

by Nate Nelson, Contributing Writer / 2d

•

NightEagle targets Chinese sectors

Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.

An NVIDIA Container Bug & Chance to Harden Kubernetes

3 TTPs

•

by Alexander Culafi / 2d

A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants.

Know Your Enemy: Understanding Dark Market Dynamics

by Bogdan Botezatu / 3d

To help counter crime, today's organizations require a cyber-defense strategy that incorporates the mindset of the cybercriminal.

SatanLock Next in Line for Ransomware Group Shutdowns

2 TTPs

•

by Kristina Beek / 3d

•

Satanlock ransomware group shutting down

Though the victims list on its site has since been taken down, the group plans on leaking the rest of the files stolen from its victims.

AI Trust Score Ranks LLM Security

by Jeffrey Schwartz / 3d

Startup Tumeryk's AI Trust scorecard finds Google Gemini Pro 2.5 as the most trustworthy, with OpenAI's GPT-4o mini a close second and DeepSeek and Alibaba Qwen scoring lowest.

Unlock Security Operations Success With Data Analysis

by George V. Hulme, Contributing Writer / 3d

From data fog to threat clarity: Automating security analytics helps security teams stop fighting phantoms and respond to what matters.

Jul 8, 2025

South Korean Government Imposes Penalties on SK Telecom for Breach

SK Telecom faces fines and refunds

•

by Robert Lemos, Contributing Writer / 3d

Following a breach at the country's top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements.

Microsoft Patches 137 CVEs in July, but No Zero-Days

6 TTPs

•

by Jai Vijayan, Contributing Writer / 3d

Some 17 of the bugs are at high risk for exploits, including multiple remote code execution bugs in Office and SharePoint.

Malicious Open Source Packages Spike 188% YoY

15 TTPs

•

by Alexander Culafi / 3d

•

Open source malware surges significantly

Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.

Suspected Hacker Linked to Silk Typhoon Arrested in Milan

Impact (Enterprise TA0040)

•

by Kristina Beek / 3d

The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, aggravated identity theft, and unauthorized access to protected computers.

Hackers 'Shellter' Various Stealers in Red-Team Tool to Evade Detection

IoC > 1 IP

•

by Elizabeth Montalbano, Contributing Writer / 3d

•

10 TTPs

•

Hackers exploit leaked Shellter software

Researchers have uncovered multiple campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware by leveraging key features of the AV/EDR evasion framework.

4 Critical Steps in Advance of 47-Day SSL/TLS Certificates

by Tim Callan / 4d

With certificate lifespans set to shrink by 2029, IT teams need to spend the next 100 days planning in order to avoid operational disruptions.

Checking for Fraud: Texas Community Bank Nips Check Fraud in the Bud

by Karen D. Schwartz, Contributing Writer / 4d

Within months of implementing anti-fraud measures and automation, Texas National Bank prevented more than $300,000 in check fraud.

End of feed