Hawaii Cybersecurity Journal

"Military veterans may be what cybersecurity is looking for."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 16 July 2025, 1318 UTC.

Content and Source:  Email subscription to "Dark Reading" via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fwww.darkreading.com%2Frss%2Fall.xml

Please check subscription link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Dark Reading

141K followers30 articles per week

#security#tech

38

Most popular

Military Veterans May Be What Cybersecurity Is Looking For

50by Kristina Beek / 1d

As the field struggles with a shortage, programs that aim to provide veterans with the technical skills needed to succeed in cybersecurity may be the solution for everyone.

350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE

4 TTPs

•

24by Nate Nelson, Contributing Writer / 4d

Mercedes, Skoda, and Volkswagen vehicles, as well as untold industrial, medical, mobile, and consumer devices, may be vulnerable to an attack chain called "PerfektBlue."

North American APT Uses Exchange Zero-Day to Attack China

2 TTPs

•

23by Nate Nelson, Contributing Writer / 6d

•

NightEagle targets Chinese sectors

Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange.

Yesterday

Altered Telegram App Steals Chinese Users' Android Data

by Robert Lemos, Contributing Writer / 12h

Using more than 600 domains, attackers entice Chinese-speaking victims to download a vulnerable Telegram app that is nearly undetectable on older versions of Android.

Lessons Learned From McDonald's Big AI Flub

by Alexander Culafi / 16h

McDonald's hiring platform was using its original default credentials and inadvertently exposed information belonging to approximately 64 million job applicants.

AI Is Reshaping How Attorneys Practice Law

by Arielle Waldman / 16h

Experts recommend enhanced AI literacy, training around the ethics of using AI, and verification protocols to maintain credibility in an increasingly AI-influenced courtroom.

AsyncRAT Spawns Concerning Labyrinth of Forks

10 TTPs

•

by Jai Vijayan, Contributing Writer / 17h

•

AsyncRAT malware evolves with variants

Since surfacing on GitHub in 2019, AsyncRAT has become a poster child for how open source malware can democratize cybercrime, with a mazelike footprint of variants available across the spectrum of functionality.

Attackers Abuse AWS Cloud to Target Southeast Asian Governments

13 TTPs

•

by Elizabeth Montalbano, Contributing Writer / 20h

•

Southeast Asian governments targeted by cloud

The intelligence-gathering cyber campaign introduces the novel HazyBeacon backdoor and uses legitimate cloud communication channels for command-and-control (C2) and exfiltration to hide its malicious activities.

How Criminal Networks Exploit Insider Vulnerabilities

by Rob Juncker / 22h

Criminal networks are adapting quickly, and they're betting that companies won't keep pace. Let's prove them wrong.

MITRE Launches AADAPT Framework for Financial Systems

MITRE launches cryptocurrency cybersecurity

•

by Kristina Beek / 1d

The new framework is modeled after and meant to complement the MITRE ATT&CK framework, and it is aimed at detecting and responding to cyberattacks on cryptocurrency assets and other financial targets.

Jul 14, 2025

Web-Inject Campaign Debuts Fresh Interlock RAT Variant

14 TTPs

•

by Alexander Culafi / 1d

•

Interlock ransomware uses PHP malware

A cyber-threat campaign is using legitimate websites to inject victims with remote access Trojans belonging to the Interlock ransomware group, in order to gain control of devices.

Google Gemini AI Bug Allows Invisible, Malicious Prompts

Google Gemini phishing vulnerability discovered

•

by Elizabeth Montalbano, Contributing Writer / 1d

A prompt-injection vulnerability in the AI assistant allows attackers to create messages that appear to be legitimate Google Security alerts but instead can be used to target users across various Google products with vishing and phishing.

The Dark Side of Global Power Shifts & Demographic Decline

by Ty Greenhalgh / 1d

As global power realigns and economies falter, the rise in cybercrime is no longer hypothetical — it's inevitable.

Jul 11, 2025

Pay2Key Ransomware Gang Resurfaces With Incentives to Attack US, Israel

9 TTPs

•

by Rob Wright / 4d

•

Iranian ransomware offers US Israel

The ransomware-as-a-service (RaaS) operation, which has been tied to an Iranian advanced persistent threat (APT) group, recently boosted its affiliate profit share to 80% for attacks on Western targets.

As Cyber-Insurance Premiums Drop, Coverage Is Key to Resilience

Stable growth in cyber insurance

•

by Robert Lemos, Contributing Writer / 4d

Cyber-insurance premiums continue to decline from their explosive growth from 2020 to 2022, but coverage is more important than ever to manage risks, experts say.

Factoring Cybersecurity Into Finance's Digital Strategy

by Jeff Prelle / 4d

As financial institutions continue to embrace digital transformation, their success will depend on their ability to establish and maintain robust and responsible cybersecurity practices.

Digital Fingerprints Test Privacy Concerns in 2025

by Stephen Lawton / 5d

Digital fingerprinting technology creates detailed user profiles by combining device data with location and demographics, which increases the risks of surveillance.

Jul 10, 2025

Customer, Employee Data Exposed in Nippon Steel Breach

Exfiltration (Enterprise TA0010)

•

by Kristina Beek / 5d

•

Nippon Steel Solutions suffers zero-day breach

Information from the company's NS Solutions subsidiary has yet to show up on any Dark Web sites, but it doesn't rule out the possibility that the data may have been stolen.

eSIM Bug in Millions of Phones Enables Spying, Takeover

3 TTPs

•

by Nate Nelson, Contributing Writer / 5d

eSIMs around the world may be fundamentally vulnerable to physical and network attacks because of a 6-year-old Oracle vulnerability in technology that underlies billions of cards.

Ingram Micro Up and Running After Ransomware Attack

Ingram Micro faces prolonged global outage

•

by Kristina Beek / 5d

Customers were the first to notice the disruption on the distributor's website when they couldn't place orders online.

Agentic AI's Risky MCP Backbone Opens Brand-New Attack Vectors

3 TTPs

•

by Jai Vijayan, Contributing Writer / 5d

Critical security vulnerabilities affect different parts of the Model Context Protocol (MCP) ecosystem, which many organizations are rapidly adopting in order to integrate AI models with external data sources.

4 Arrested in UK Over M&S, Co-op, Harrods Hacks

4 TTPs

•

by Alexander Culafi / 5d

•

UK arrests four suspected hackers

The UK's National Crime Agency arrested four people, who some experts believe are connected to the notorious cybercriminal collective known as Scattered Spider.

SIM Swap Fraud Is Surging — and That's a Good Thing

by Shaun Cooney / 5d

Now it's time to build systems that attackers can't reroute with a phone call.

Browser Exploits Wane as Users Become the Attack Surface

by Robert Lemos, Contributing Writer / 6d

For browsers, exploitation is out — and getting users to compromise their own systems is in. Improved browser security has forced attackers to adapt their tactics, and they've accepted the challenge.

AirMDR Tackles Security Burdens for SMBs With AI

AirMDR raises 155 million

•

by Arielle Waldman / 6d

The security startup provides managed detection and response services for small to midsize businesses to detect and address modern threats, such as ransomware, phishing attacks, and malicious insiders.

Jul 9, 2025

An NVIDIA Container Bug & Chance to Harden Kubernetes

3 TTPs

•

by Alexander Culafi / 6d

A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants.

New AI Malware PoC Reliably Evades Microsoft Defender

26by Nate Nelson, Contributing Writer / 6d

Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that.

Rubio Impersonator Signals Growing Security Threat From Deepfakes

AI impersonation scams threaten U.S. officials

•

by Elizabeth Montalbano, Contributing Writer / 6d

An impostor who posed as the secretary of state in text and voice communications with diplomats and politicians demonstrates the increased sophistication of and national security threat posed by the AI technology.

Know Your Enemy: Understanding Dark Market Dynamics

by Bogdan Botezatu / 6d

To help counter crime, today's organizations require a cyber-defense strategy that incorporates the mindset of the cybercriminal.

SatanLock Next in Line for Ransomware Group Shutdowns

2 TTPs

•

by Kristina Beek / 7d

•

Satanlock ransomware group shutting down

Though the victims list on its site has since been taken down, the group plans on leaking the rest of the files stolen from its victims.

AI Trust Score Ranks LLM Security

by Jeffrey Schwartz / 7d

Startup Tumeryk's AI Trust scorecard finds Google Gemini Pro 2.5 as the most trustworthy, with OpenAI's GPT-4o mini a close second and DeepSeek and Alibaba Qwen scoring lowest.

Unlock Security Operations Success With Data Analysis

by George V. Hulme, Contributing Writer / 7d

From data fog to threat clarity: Automating security analytics helps security teams stop fighting phantoms and respond to what matters.

Jul 8, 2025

South Korean Government Imposes Penalties on SK Telecom for Breach

SK Telecom faces fines and refunds

•

by Robert Lemos, Contributing Writer / 7d

Following a breach at the country's top mobile provider that exposed 27 million records, the South Korean government imposed a small monetary penalty but stiff regulatory requirements.

Microsoft Patches 137 CVEs in July, but No Zero-Days

6 TTPs

•

by Jai Vijayan, Contributing Writer / 7d

Some 17 of the bugs are at high risk for exploits, including multiple remote code execution bugs in Office and SharePoint.

Malicious Open Source Packages Spike 188% YoY

15 TTPs

•

by Alexander Culafi / 7d

•

Open source malware surges significantly

Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.

Suspected Hacker Linked to Silk Typhoon Arrested in Milan

Impact (Enterprise TA0040)

•

by Kristina Beek / 7d

The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, aggravated identity theft, and unauthorized access to protected computers.

Hackers 'Shellter' Various Stealers in Red-Team Tool to Evade Detection

IoC > 1 IP

•

by Elizabeth Montalbano, Contributing Writer / 7d

•

10 TTPs

•

Hackers exploit leaked Shellter software

Researchers have uncovered multiple campaigns spreading Lumma, Arechclient2, and Rhadamanthys malware by leveraging key features of the AV/EDR evasion framework.

4 Critical Steps in Advance of 47-Day SSL/TLS Certificates

by Tim Callan / 7d

With certificate lifespans set to shrink by 2029, IT teams need to spend the next 100 days planning in order to avoid operational disruptions.

Checking for Fraud: Texas Community Bank Nips Check Fraud in the Bud

by Karen D. Schwartz, Contributing Writer / 8d

Within months of implementing anti-fraud measures and automation, Texas National Bank prevented more than $300,000 in check fraud.

End of feed