π Just dropped: the SAIL (Secure AI Lifecycle) Framework - open-source & free
Pillar Security teamed up with AI security leaders from companies like Google, Salesforce, and ServiceNow to create the first process-driven playbook for building and shipping secure AI applications.
πΈ 7 development phases with actionable controls
πΈ 70 + AI-specific risks and their mitigations
πΈ Mapped to NIST AI RMF, ISO 42001, OWASP & DASF
π The framework is free and open to the community: https://thn.news/ai-security-sail-guide
Pillar Security teamed up with AI security leaders from companies like Google, Salesforce, and ServiceNow to create the first process-driven playbook for building and shipping secure AI applications.
πΈ 7 development phases with actionable controls
πΈ 70 + AI-specific risks and their mitigations
πΈ Mapped to NIST AI RMF, ISO 42001, OWASP & DASF
π The framework is free and open to the community: https://thn.news/ai-security-sail-guide
π9π₯3π1
π¨ North Korean hackers are targeting crypto firms, Mac users, and national security expertsβusing fake Zoom links, job sites, and research requests.
Theyβre spreading malware through Nim, AppleScript, PowerShell, even GitHub & Dropbox.
See how it works β https://thehackernews.com/2025/07/north-korean-hackers-target-web3-with.html
Theyβre spreading malware through Nim, AppleScript, PowerShell, even GitHub & Dropbox.
See how it works β https://thehackernews.com/2025/07/north-korean-hackers-target-web3-with.html
π€18π€―7π5π₯2π1
π¨ Cisco just patched a 10.0 CVSS flaw that let attackers log in as rootβno config needed.
The backdoor? A static dev credential left in production.
It affected all Unified CM v15.0.1 builds.
Full details β https://thehackernews.com/2025/07/critical-cisco-vulnerability-in-unified.html
The backdoor? A static dev credential left in production.
It affected all Unified CM v15.0.1 builds.
Full details β https://thehackernews.com/2025/07/critical-cisco-vulnerability-in-unified.html
π17π6π€―3π2π₯2
π¨ Chinese hackers hit Franceβs critical sectors using 3 Ivanti zero-days β and then patched them to keep others out.
Rootkits, web shells, and resale of access hint at a black-market cyber operation selling to state-linked buyers.
Find details here β https://thehackernews.com/2025/07/chinese-hackers-exploit-ivanti-csa-zero.html
Rootkits, web shells, and resale of access hint at a black-market cyber operation selling to state-linked buyers.
Find details here β https://thehackernews.com/2025/07/chinese-hackers-exploit-ivanti-csa-zero.html
π17π4π±4π3π₯2
π¨ 40+ fake crypto wallet extensions on Firefox were stealing usersβ keys and IPs β in plain sight.
They cloned real wallets like MetaMask & Coinbase, faked 5-star reviews, and exfiltrated secrets to a remote server.
Full story β https://thehackernews.com/2025/07/over-40-malicious-firefox-extensions.html
They cloned real wallets like MetaMask & Coinbase, faked 5-star reviews, and exfiltrated secrets to a remote server.
Full story β https://thehackernews.com/2025/07/over-40-malicious-firefox-extensions.html
π16π€―9π3β‘2
π¨ DEVMAN is a new threat actor already claiming 40 victims across Asia, EU, LATAM, and Africa.
It's affiliated with Qilin, RansomHub, and DragonForce RaaS groups, targeting business and government.
Read technical analysis of the ransomware it uses on #ANYRUN's blog: https://thn.news/devman-ransomware-analysis-tg
It's affiliated with Qilin, RansomHub, and DragonForce RaaS groups, targeting business and government.
Read technical analysis of the ransomware it uses on #ANYRUN's blog: https://thn.news/devman-ransomware-analysis-tg
π13π6
π¨ Most AI SOC tools canβt triage new threats.
They rely on pre-trained models that only handle known attack typesβleaving your team exposed.
Radiantβs adaptive AI learns in real time, triages any alert, and cuts response time from days to minutes.
Details here β https://thehackernews.com/2025/07/the-hidden-weaknesses-in-ai-soc-tools.html
They rely on pre-trained models that only handle known attack typesβleaving your team exposed.
Radiantβs adaptive AI learns in real time, triages any alert, and cuts response time from days to minutes.
Details here β https://thehackernews.com/2025/07/the-hidden-weaknesses-in-ai-soc-tools.html
π13π4π€1
π¨ Android adware is spiraling out of control:
πΈ 352 hidden apps faked icons, flooded 1.2B ad bids/day
πΈ βEvil twinβ apps clone legit ones to hijack ad revenue
πΈ NFC malware lets attackers withdraw cash remotely
πΈ SMS stealers hit 100K phones, draining bank accounts
What you need to know β https://thehackernews.com/2025/07/mobile-security-alert-352-iconads-fraud.html
πΈ 352 hidden apps faked icons, flooded 1.2B ad bids/day
πΈ βEvil twinβ apps clone legit ones to hijack ad revenue
πΈ NFC malware lets attackers withdraw cash remotely
πΈ SMS stealers hit 100K phones, draining bank accounts
What you need to know β https://thehackernews.com/2025/07/mobile-security-alert-352-iconads-fraud.html
π€―10π7π₯4π2
β‘ Google just got hit with a $314M verdict β for secretly using your mobile data while idle.
Phones sat still. It sent 900+ background transfers a day β and you paid for it.
Details here β https://thehackernews.com/2025/07/google-ordered-to-pay-314m-for-misusing.html
Phones sat still. It sent 900+ background transfers a day β and you paid for it.
Details here β https://thehackernews.com/2025/07/google-ordered-to-pay-314m-for-misusing.html
π€―41π12π₯11π4π4π±1
π¨ Critical Sudo flaw lets any local user get root access on Linux.
No sudo rules required. Default configs are vulnerable.
Itβs been hiding in plain sightβsince 2013.
Fixes just dropped. Patch now.
Full details β https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html
No sudo rules required. Default configs are vulnerable.
Itβs been hiding in plain sightβsince 2013.
Fixes just dropped. Patch now.
Full details β https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html
π26π€―10β‘9π€6π1
π¨ New APT group βNightEagleβ is hacking Microsoft Exchange with stealthy tools and unpatched exploits.
Targets? Chinaβs AI, military, and quantum tech sectors.
Activity aligns with North American time zones.
Hereβs whatβs known so far β https://thehackernews.com/2025/07/nighteagle-apt-exploits-microsoft.html
Targets? Chinaβs AI, military, and quantum tech sectors.
Activity aligns with North American time zones.
Hereβs whatβs known so far β https://thehackernews.com/2025/07/nighteagle-apt-exploits-microsoft.html
π₯13π5π€―4π1
π¨ AI agents are leaking sensitive data β quietly, constantly, and inside your trusted tools.
Donβt wait for a breach.
Join the free webinar to secure your GenAI workflows β https://thehackernews.com/2025/07/your-ai-agents-might-be-leaking-data.html
Donβt wait for a breach.
Join the free webinar to secure your GenAI workflows β https://thehackernews.com/2025/07/your-ai-agents-might-be-leaking-data.html
π€16π2
π¨ 1,500+ malicious IPs are scanning for exposed Java debug ports right now.
Hackers are using misconfigured JDWP to hijack CI/CD tools like TeamCity, dropping stealth crypto miners.
Worse? They're hiding wallets, killing rival payloads, and mimicking system processes.
Hereβs how it works β https://thehackernews.com/2025/07/alert-exposed-jdwp-interfaces-lead-to.html
Hackers are using misconfigured JDWP to hijack CI/CD tools like TeamCity, dropping stealth crypto miners.
Worse? They're hiding wallets, killing rival payloads, and mimicking system processes.
Hereβs how it works β https://thehackernews.com/2025/07/alert-exposed-jdwp-interfaces-lead-to.html
π12π₯5π2
π¨ Taiwan warns: RedNote, TikTok, WeChat & others send your dataβincluding face scans & contactsβback to China.
RedNote broke all 15 security rules. TikTok, 13.
Chinese law requires companies to hand over this data.
Full details β https://thehackernews.com/2025/07/taiwan-nsb-alerts-public-on-data-risks.html
RedNote broke all 15 security rules. TikTok, 13.
Chinese law requires companies to hand over this data.
Full details β https://thehackernews.com/2025/07/taiwan-nsb-alerts-public-on-data-risks.html
π30π15π12β‘6π±4π₯3
π¨ APT36 spoofed Indiaβs Defence Ministry website to deliver DRAT V2 malware.
A fake press release tricks users into pasting a commandβgiving attackers full remote control.
Targets include defense, oil, railways, and foreign affairs.
Details here β https://thehackernews.com/2025/07/tag-140-deploys-drat-v2-rat-targeting.html
A fake press release tricks users into pasting a commandβgiving attackers full remote control.
Targets include defense, oil, railways, and foreign affairs.
Details here β https://thehackernews.com/2025/07/tag-140-deploys-drat-v2-rat-targeting.html
π€―23π₯9π4π3
π¨ Employees are feeding company secrets into ChatGPTβand you might never know it.
Blocking AI apps doesnβt stop the risk. It just hides it.
Shadow AI is exploding as workers find workarounds. The real danger? Youβve lost visibility.
Hereβs how to take control β https://thehackernews.com/expert-insights/2025/07/shadow-ai-how-to-mitigate-hidden-risks.html
Blocking AI apps doesnβt stop the risk. It just hides it.
Shadow AI is exploding as workers find workarounds. The real danger? Youβve lost visibility.
Hereβs how to take control β https://thehackernews.com/expert-insights/2025/07/shadow-ai-how-to-mitigate-hidden-risks.html
π16π12π₯3
π¨ Hackers took over a US water plant using the default password: 1111.
Yes, that still worksβin 2025.
Default passwords are quietly powering ransomware, DDoS, and supply chain attacks worldwide.
Full story + what to do about it β https://thehackernews.com/2025/07/manufacturing-security-why-default.html
Yes, that still worksβin 2025.
Default passwords are quietly powering ransomware, DDoS, and supply chain attacks worldwide.
Full story + what to do about it β https://thehackernews.com/2025/07/manufacturing-security-why-default.html
π48π€―18π6π€3π2π₯2
The EU has established two major cybersecurity regulations that impact software and infrastructure teams alike.
πΈ NIS2: Applies to operators of essential services (energy, transport, banking, healthcare).
πΈCRA: Applies to any digital product sold in the EU, requiring secure-by-design from dev to patch.
If you build, maintain, or ship software in/into the EU β youβll likely need to comply. Learn more about timelines, overlap with other global regulations, and more: https://thn.news/nis2-eu-cyber-resilience
πΈ NIS2: Applies to operators of essential services (energy, transport, banking, healthcare).
πΈCRA: Applies to any digital product sold in the EU, requiring secure-by-design from dev to patch.
If you build, maintain, or ship software in/into the EU β youβll likely need to comply. Learn more about timelines, overlap with other global regulations, and more: https://thn.news/nis2-eu-cyber-resilience
π25π2
π¨ 8,500+ SMB users tricked into downloading malware disguised as ChatGPT, Zoom, and Outlook tools.
Hackers are hijacking Google search ads to push trojanized software, steal logins, and drain crypto wallets.
Even real brand help pages are being spoofed.
Full story β https://thehackernews.com/2025/07/seo-poisoning-campaign-targets-8500.html
Hackers are hijacking Google search ads to push trojanized software, steal logins, and drain crypto wallets.
Even real brand help pages are being spoofed.
Full story β https://thehackernews.com/2025/07/seo-poisoning-campaign-targets-8500.html
π15π8π€7π₯4π3
π¨ CISA just flagged 4 old bugs as actively exploited β including a 2014 buffer overflow.
One flaw tied to Chinese hackers leaking Citrix session tokens & credentials right now.
The worst part? Some attacks need no credentials.
Full details β https://thehackernews.com/2025/07/cisa-adds-four-critical-vulnerabilities.html
One flaw tied to Chinese hackers leaking Citrix session tokens & credentials right now.
The worst part? Some attacks need no credentials.
Full details β https://thehackernews.com/2025/07/cisa-adds-four-critical-vulnerabilities.html
π7π€―4π1