Aggregator

A significant security vulnerability in Windows Task Scheduler could allow attackers to escalate their privileges to SYSTEM level access without requiring initial administrative rights.  Designated as CVE-2025-33067, this elevation of privilege vulnerability affects multiple versions of Windows operating systems and has been assigned an “Important” severity rating with a CVSS score of 8.4.  The vulnerability […]

The post Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

A sophisticated cybercrime campaign has emerged where threat actors are exploiting the trust inherent in professional recruitment processes, transforming routine job applications into sophisticated malware delivery mechanisms. The FIN6 cybercrime group, also known as Skeleton Spider, has developed an elaborate social engineering scheme that begins with legitimate-seeming interactions on professional platforms like LinkedIn and Indeed, […]

The post FIN6 Hackers Mimic as Job Seekers to Attack Recruiters with Weaponized Resumes appeared first on Cyber Security News.

A new cybersecurity Executive Order aims to modernize federal cybersecurity with key provisions for post-quantum encryption, AI risk and secure software development.

On June 6, 2025, the White House released a new Executive Order (EO) aimed at modernizing the nation’s cybersecurity posture. As cyber threats continue to evolve in scale and sophistication, the EO reinforces the federal government’s commitment to defending digital systems that power critical services, infrastructure and national security. It also creates renewed urgency for vulnerability management by calling on federal agencies to incorporate management of AI vulnerabilities into their existing vulnerability management practices. 

1. Addressing AI and IoT security

Rather than impose new restrictions on AI technologies, the EO focuses on visibility and vulnerability management within AI software and systems. It gives federal agencies a November 1, 2025 deadline to incorporate management of AI software vulnerabilities into their existing vulnerability management practices. The EO also supports the launch of the voluntary Cyber Trust Mark program to help secure consumer and federal IoT devices by promoting transparency and baseline protections.

1. Encouraging stronger patch management

The EO directs the National Institute of Standards and Technology (NIST) to update Special Publication 800–53 (Security and Privacy Controls for Information Systems and Organizations) to provide guidance on how to securely and reliably deploy patches and updates.

1. Reinforcing critical infrastructure defense

Critical infrastructure operators, particularly in energy, communications and transportation, are called to align with enhanced security standards. This includes deeper coordination with the Cybersecurity and Infrastructure Security Agency (CISA) and adherence to frameworks like the Federal Operational Cybersecurity Alignment (FOCAL) Plan.

1. Emphasizing secure software development

Federal agencies are now required to adopt updated secure software development practices in line with revised guidelines from NIST. This includes deeper integration of an update Secure Software Development Framework (SSDF) and improved vendor attestations for software integrity.

1. Preparing for quantum-safe encryption

Recognizing the long-term risks posed by quantum computing, the EO mandates that federal agencies begin transitioning to post-quantum cryptographic standards. Agencies must inventory current cryptographic assets and develop migration plans to safeguard sensitive data for the future.

1. Strengthening internet infrastructure

The EO directs action to secure the Border Gateway Protocol (BGP), a foundational component of internet routing. Agencies are expected to assess and strengthen their network infrastructure to protect against BGP hijacking and related risks.

1. Aligning policy to practice

Notably, the EO states that “Agencies’ policies must align investments and priorities to improve network visibility and security controls to reduce cyber risks.” It further calls on the Director of the Office of Management and Budget to issue guidance for addressing critical risks and adapting modern practices and architectures across federal information systems and networks. 

This EO reinforces the importance of shifting from reactive to proactive cybersecurity. By addressing emerging risks — such as AI exploitation, post-quantum threats and software supply chain weaknesses — the administration is signaling the need for adaptability and continuous improvement. The EO also underscores the need for secure patch management, enhanced critical infrastructure standards and coordination with CISA, and a push for federal agencies to align their policies, investments and practices to better manage cyber risks.

As a long-time partner of the federal government, Tenable provides FedRAMP authorized solutions to help federal agencies proactively identify and reduce cyber exposures. Tenable One FedRAMP delivers unified visibility and risk-based prioritization across IT, OT, cloud infrastructure and identity systems. Tenable is proud to be one of the original signatories of CISA’s “Secure by Design" Pledge and an active partner of the National Cybersecurity Center of Excellence. We’ve articulated to our customers how we’ve taken steps to implement the provisions of the pledge. 

With capabilities aligned to secure software development practices, continuous vulnerability management, cryptographic asset discovery and AI-aware risk detection, Tenable empowers agencies to meet the evolving mandates of the Executive Order. By integrating comprehensive risk-based insights into existing security workflows, Tenable helps agencies operationalize zero-trust principles, understand how to securely and promptly deploy patches and updates, accelerate incident response and maintain continuous compliance, all while strengthening overall cyber resilience in support of national security objectives. 

A new cybersecurity Executive Order aims to modernize federal cybersecurity with key provisions for post-quantum encryption, AI risk and secure software development.

On June 6, 2025, the White House released a new Executive Order (EO) aimed at modernizing the nation’s cybersecurity posture. As cyber threats continue to evolve in scale and sophistication, the EO reinforces the federal government’s commitment to defending digital systems that power critical services, infrastructure and national security. It also creates renewed urgency for vulnerability management by calling on federal agencies to incorporate management of AI vulnerabilities into their existing vulnerability management practices. 

1. Addressing AI and IoT security

Rather than impose new restrictions on AI technologies, the EO focuses on visibility and vulnerability management within AI software and systems. It gives federal agencies a November 1, 2025 deadline to incorporate management of AI software vulnerabilities into their existing vulnerability management practices. The EO also supports the launch of the voluntary Cyber Trust Mark program to help secure consumer and federal IoT devices by promoting transparency and baseline protections.

1. Encouraging stronger patch management

The EO directs the National Institute of Standards and Technology (NIST) to update Special Publication 800–53 (Security and Privacy Controls for Information Systems and Organizations) to provide guidance on how to securely and reliably deploy patches and updates.

1. Reinforcing critical infrastructure defense

Critical infrastructure operators, particularly in energy, communications and transportation, are called to align with enhanced security standards. This includes deeper coordination with the Cybersecurity and Infrastructure Security Agency (CISA) and adherence to frameworks like the Federal Operational Cybersecurity Alignment (FOCAL) Plan.

1. Emphasizing secure software development

Federal agencies are now required to adopt updated secure software development practices in line with revised guidelines from NIST. This includes deeper integration of an update Secure Software Development Framework (SSDF) and improved vendor attestations for software integrity.

1. Preparing for quantum-safe encryption

Recognizing the long-term risks posed by quantum computing, the EO mandates that federal agencies begin transitioning to post-quantum cryptographic standards. Agencies must inventory current cryptographic assets and develop migration plans to safeguard sensitive data for the future.

1. Strengthening internet infrastructure

The EO directs action to secure the Border Gateway Protocol (BGP), a foundational component of internet routing. Agencies are expected to assess and strengthen their network infrastructure to protect against BGP hijacking and related risks.

1. Aligning policy to practice

Notably, the EO states that “Agencies’ policies must align investments and priorities to improve network visibility and security controls to reduce cyber risks.” It further calls on the Director of the Office of Management and Budget to issue guidance for addressing critical risks and adapting modern practices and architectures across federal information systems and networks. 

This EO reinforces the importance of shifting from reactive to proactive cybersecurity. By addressing emerging risks — such as AI exploitation, post-quantum threats and software supply chain weaknesses — the administration is signaling the need for adaptability and continuous improvement. The EO also underscores the need for secure patch management, enhanced critical infrastructure standards and coordination with CISA, and a push for federal agencies to align their policies, investments and practices to better manage cyber risks.

As a long-time partner of the federal government, Tenable provides FedRAMP authorized solutions to help federal agencies proactively identify and reduce cyber exposures. Tenable One FedRAMP delivers unified visibility and risk-based prioritization across IT, OT, cloud infrastructure and identity systems. Tenable is proud to be one of the original signatories of CISA’s “Secure by Design" Pledge and an active partner of the National Cybersecurity Center of Excellence. We’ve articulated to our customers how we’ve taken steps to implement the provisions of the pledge. 

With capabilities aligned to secure software development practices, continuous vulnerability management, cryptographic asset discovery and AI-aware risk detection, Tenable empowers agencies to meet the evolving mandates of the Executive Order. By integrating comprehensive risk-based insights into existing security workflows, Tenable helps agencies operationalize zero-trust principles, understand how to securely and promptly deploy patches and updates, accelerate incident response and maintain continuous compliance, all while strengthening overall cyber resilience in support of national security objectives. 

The post New Cybersecurity Executive Order: What You Need To Know appeared first on Security Boulevard.

A sophisticated wave of Linux malware campaigns is targeting cloud environments with increasing frequency and complexity, posing significant threats to modern infrastructure security. The emergence of specialized Executable and Linkable Format (ELF) binaries designed specifically for cloud exploitation represents a concerning evolution in threat actor capabilities, as attackers adapt traditional Linux malware for cloud-native environments. […]

The post Linux Malware Authors Attacking Cloud Environments Using ELF Binaries appeared first on Cyber Security News.

A critical security vulnerability in the Windows Common Log File System Driver (CLFS) enables attackers to escalate their privileges to SYSTEM level access.  The vulnerability, tracked as CVE-2025-32713, was released on June 10, 2025, and affects multiple Windows operating systems from legacy versions to the latest Windows 11 and Windows Server 2025. The vulnerability stems […]

The post Windows Common Log File System Driver Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Multiple critical vulnerabilities in Microsoft Office could allow attackers to execute arbitrary code on affected systems.  The vulnerabilities, tracked as CVE-2025-47162, CVE-2025-47953, CVE-2025-47164, and CVE-2025-47167, all carry a CVSS score of 8.4 out of 10 and affect numerous Office versions across Windows, Mac, and Android platforms.  Security researcher 0x140ce discovered these flaws, which exploit fundamental […]

The post Microsoft Office Vulnerabilities Let Attackers Execute Remote Code appeared first on Cyber Security News.

You must login to view this content

You must login to view this content

More than 20,000 malicious IP addresses and domains linked to information stealers have been taken down in an INTERPOL-coordinated operation against cybercriminal infrastructure. The four-month international crackdown, dubbed Operation Secure, represents one of the most significant coordinated efforts to disrupt infostealer malware networks across the Asia-Pacific region. During Operation Secure, which ran from January to […]

The post Operation Secure: 20,000 Malicious IPs and Domains Linked to 69 Malware Variants Dismantled appeared first on Cyber Security News.

The urgency stems from requirements imposed by technology partners, which necessitated an accelerated timeline for implementation across all affected products. This security initiative follows a pattern of heightened vigilance from ConnectWise throughout 2025, particularly after the company disclosed suspicious activity in May that was attributed to a sophisticated nation-state actor affecting a limited number of […]

The post ConnectWise to Rotate Code Signing Certificates for ScreenConnect, Automate and RMM appeared first on Cyber Security News.