Multiple critical security vulnerabilities affecting MediaTek smartphones, tablets, and IoT chipsets could allow attackers to escalate privileges and compromise device security without requiring any user interaction. The Taiwan-based chipset manufacturer published its June 2025 Product Security Bulletin, revealing seven Common…
Author: wordpress
Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection
Significant vulnerabilities were uncovered in pre-installed applications on Ulefone and Krüger&Matz Android smartphones that expose users to significant risks, including unauthorized factory resets, PIN code theft, and malicious command injection. These flaws, published on May 30, 2025, demonstrate how Improper…
DSPM vs. DLP:Understanding the Key Differences
Modern organizations face a growing challenge in protecting sensitive data. As more people adopt the cloud and rules get tougher, smart and adaptable security is now a must. Two approaches often compared are DSPM and DLP. While both aim to…
Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users
Mobile chipmaker Qualcomm has issued urgent security patches for three critical zero-day vulnerabilities in its Adreno GPU drivers that are actively being exploited in targeted attacks against Android users worldwide. The company confirmed that patches for the vulnerabilities have been…
Vietnam Blocks Telegram Messaging App
Vietnam’s technology ministry has ordered telecommunications service providers to ban the messaging app Telegram for failing to cooperate in the investigation of alleged crimes committed by its users, a move Telegram described as shocking. In a document dated May…
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three…
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
Cybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity…
US Sanctions Philippines’ Funnull Technology Over $200M Crypto Scam
The US Department of the Treasury has taken action against Funnull Technology Inc. for enabling massive pig butchering… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: US Sanctions…
Qualcomm fixed three zero-days exploited in limited, targeted attacks
Qualcomm addressed three zero-day vulnerabilities that, according to the company, have been exploited in limited, targeted attacks in the wild. Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks…
Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure
Cryptocurrency mining operation hits exposed Consul dashboards, Docker Engine APIs and Gitea code-hosting instances to push Monero miner. The post Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Announcing a new strategic collaboration to bring clarity to threat actor naming
Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies to help security professionals connect insights faster. The post Announcing a new strategic collaboration to bring clarity to threat actor naming appeared first on Microsoft…
Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands
On May 30, 2025, CERT Polska coordinated the public disclosure of three significant security vulnerabilities affecting preinstalled Android applications on smartphones from Ulefone and Krüger&Matz. These flaws, tracked as CVE-2024-13915, CVE-2024-13916, and CVE-2024-13917, expose users to risks ranging from unauthorized…
New PyPI Supply Chain Attacks Python & NPM Users on Windows and Linux
A sophisticated malicious package campaign has emerged targeting Python and NPM users across Windows and Linux platforms through an unusual cross-ecosystem attack strategy. The campaign exploits typo-squatting and name confusion tactics against popular packages including colorama, a widely-used Python library…
Haozi’s Plug-and-Play Phishing Attack Stolen Over $280,000 From Users
A sophisticated phishing-as-a-service operation known as Haozi has emerged as a significant threat in the cybercriminal landscape, facilitating over $280,000 in fraudulent transactions within just five months. Unlike traditional phishing kits that require technical expertise, Haozi offers a streamlined, user-friendly…
HuluCaptcha – A FakeCaptcha Kit That Trick Users to Run Code via The Windows Run Command
A new and sophisticated malware distribution framework dubbed “HuluCaptcha” has emerged, leveraging fake CAPTCHA verification pages to trick users into executing malicious PowerShell commands through Windows Run dialogs. This advanced threat represents a significant evolution in social engineering attacks, combining…
Threat Actors Using ClickFix Technique to Deliver EddieStealer Malware
Cybersecurity researchers have identified a sophisticated new malware campaign leveraging the deceptive ClickFix technique to distribute EddieStealer, a dangerous information-stealing malware built using the Rust programming language. This emerging threat represents a significant evolution in social engineering tactics, exploiting user…
Prioritizing Vulnerabilities in a Sea of Alerts
According to recent industry analysis, cybersecurity professionals are overwhelmed by a flood of security alerts. Organizations process an average of 569,354 alerts annually, yet only 2-5% require immediate action, highlighting the importance of prioritizing vulnerabilities. This overwhelming volume of notifications…
Hackers Tricking Employees with Fake IT Calls and Email Floods in New Ransomware Scam
A growing number of cyberattacks are being carried out by a group linked to the 3AM ransomware. These attackers are using a combination of spam emails and fake phone calls pretending to be a company’s tech support team. Their…
Balancing Consumer Autonomy and Accessibility in the Age of Universal Opt-Outs
The Universal Opt-Out Mechanism (UOOM) has emerged as a crucial tool that streamlines consumers’ data rights exercise in a time when digital privacy concerns continue to rise. Through the use of this mechanism, individuals can express their preferences regarding…
FBI Busts 270 in Operation RapTor to Disrupt Dark Web Drug Trade
Efforts to dismantle the criminal networks operating on the dark web are always welcome, especially when those networks serve as hubs for stolen credentials, ransomware brokers, and cybercrime gangs. However, the dangers extend far beyond digital crime. A substantial…