Microsoft’s Entra subscription management system has a gap that allows guests to transfer Azure subscriptions to external tenants. But don’t worry about it – Microsoft says it’s by design.

Microsoft’s Entra subscription management system has a gap that allows guests to transfer Azure subscriptions to external tenants. But don’t worry about it – Microsoft says it’s by design.

A significant gap in Microsoft Entra’s subscription handling allows guest users to create and transfer Azure subscriptions into external tenants they’re invited to while retaining full ownership. This design oversight enables privilege escalation and unauthorized persistence, bypassing standard access controls.
Cyber Fattah is on a tear. Breaches, and leaks, SQL dumps of  thousands of highly sensitive records from Saudi Games.

Cyber Fattah is on a tear. Breaches, and leaks, SQL dumps of thousands of highly sensitive records from Saudi Games.

A significant data breach involving thousands of personal records from the Saudi Games, one of the largest national sporting events in Saudi Arabia, was recently disclosed. The breach is attributed to a pro-Iranian hacktivist group known as Cyber Fattah, which announced the leak on June 22, 2025, via its official Telegram channel. The stolen data was published as SQL dumps after unauthorized access to the phpMyAdmin backend of the Saudi Games 2024 registration platform.
Google Chrome 138 addresses 11 security vulnerabilities including a medium-severity vuln reported in their bug bounty program.

Google Chrome 138 addresses 11 security vulnerabilities including a medium-severity vuln reported in their bug bounty program.

Google has released Chrome 138, now rolling out as version 138.0.7204.49 for Linux and 138.0.7204.49/50 for Windows and macOS, bringing important security and feature updates to users. Chrome 138 addresses 11 security vulnerabilities, including several discovered and reported by external security researchers.
GitHub releases patches for vulnerabilities impacting mutliple versions of GitHub Enterprise Server.

GitHub releases patches for vulnerabilities impacting mutliple versions of GitHub Enterprise Server.

After a hunter scored a bounty in their bug bounty program, GitHub released patches addressing a high-severity remote code execution (RCE) vulnerability, tracked as CVE-2025-3509, that affected multiple versions of GitHub Enterprise Server. There is no indication that the vulnerability was exploited in the wild prior to patching.
Eight significant vulnerabilities were discovered in 742 printer devices from four different manufacturers, with one being unpatchable.

Eight significant vulnerabilities were discovered in 742 printer devices from four different manufacturers, with one being unpatchable.

Researchers at Rapid7 have discovered eight significant security vulnerabilities affecting hundreds of printer models from Brother and other major vendors. In total, 742 device models across four vendors—Brother, Fujifilm Business Innovation, Ricoh, and Toshiba Tec Corporation—are impacted. The vulnerabilities primarily affect multifunction printers, but also include scanners and label makers.
SonicWall has issued a warning about a trojanized version of its NetExcender SSL VPN that is stealing user information.

SonicWall has issued a warning about a trojanized version of its NetExcender SSL VPN that is stealing user information.

SonicWall has issued an alert about an active campaign distributing a trojanized version of its NetExtender SSL VPN client designed to steal user information, specifically VPN credentials and configuration details. This fake NetExtender app closely mimics the legitimate version 10.3.2.27 but has been modified by threat actors to exfiltrate sensitive data to a remote server.
The computer hacker’s guide to the Russian language – how Russia’s language fits into cybercriminal campaigns.

The computer hacker’s guide to the Russian language – how Russia’s language fits into cybercriminal campaigns.

English-speaking hackers employ several strategies to target Russian-language systems, leveraging technical evasion, linguistic deception, and collaborative networks. For instance, Russian malware often avoids infecting systems with Cyrillic language settings to bypass local law enforcement. English hackers exploit this by adding Russian registry keys to mimic language settings without full installation, installing virtual Russian keyboards to trigger malware’s geo-avoidance, and using scripts to set system locales to ru-RU (e.g., via Windows batch commands).
Army releases Unified Network Plan 2.0 and a new emphasis on zero-trust principles.

Army releases Unified Network Plan 2.0 and a new emphasis on zero-trust principles.

The Army Unified Network Plan 2.0 (AUNP 2.0) is the latest strategic framework guiding the modernization and integration of the U.S. Army’s information technology infrastructure to meet the demands of contemporary and future warfare. Released in March 2025, AUNP 2.0 builds directly on the foundation established by the original 2021 plan, which focused on unifying disparate Army networks under common standards, systems, and processes to reduce complexity and increase integration.
TAG-140’s DRAT V2 malware upgrade offers a substantial improvement over its initial version.

TAG-140’s DRAT V2 malware upgrade offers a substantial improvement over its initial version.

The new DRAT V2 variant raises significant concerns due to its enhanced operational capabilities, evolved targeting strategy, and improved evasion techniques, which collectively increase its threat to critical infrastructure and national security. DRAT V2 is the latest variant of the DRAT (Delphi Remote Access Trojan) malware, recently identified in a TAG-140 campaign targeting Indian government and critical infrastructure organizations. TAG-140, linked to the SideCopy subgroup and Transparent Tribe (APT36), is known for its evolving and diverse malware arsenal.
Trezor, the creator of hardware wallets, has issued a warning to its customers about a sneaky phishing campaign that uses their support portal.

Trezor, the creator of hardware wallets, has issued a warning to its customers about a sneaky phishing campaign that uses their support portal.

Trezor, a leading manufacturer of hardware cryptocurrency wallets, has issued an urgent alert to its users about a sophisticated phishing campaign that abused its automated support system to send deceptive emails. Attackers exploited Trezor’s public contact form by submitting support requests using real users’ email addresses—likely obtained from previous data breaches—which triggered legitimate-looking automated replies from Trezor’s support system.