Apple’s iOS 18.4.1 update fixes a bug with wireless CarPlay and resolves two security holes already exploited in targeted attacks. This article has been indexed from Latest stories for ZDNET in Security Read the original article: Update your iPhone now…
Category: EN
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035, to its Known Exploited Vulnerabilities (KEV)…
Apple released emergency updates for actively exploited flaws
Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks. Apple released out‑of‑band security updates to address two vulnerabilities, tracked as CVE-2025-31200 and CVE-2025-31201, impacting iOS, iPadOS & macOS. The company confirmed that the…
Microsoft Thwarts $4bn in Fraud Attempts
Microsoft has blocked fraud worth $4bn as threat actors ramp up AI use This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Thwarts $4bn in Fraud Attempts
Critical Flaw in PHP’s extract() Function Enables Arbitrary Code Execution
A critical vulnerability in PHP’s extract() function has been uncovered, enabling attackers to execute arbitrary code by exploiting memory corruption flaws. The issue affects PHP versions 5.x, 7.x, and 8.x, allowing malicious actors to trigger double-free (PHP 5.x) or use-after-free (PHP 7.x/8.x) conditions, ultimately leading to…
Intel Sells 51% Stake in Altera to Silver Lake in $8.75 Billion Deal
Intel Corporation has announced the divestiture of a 51% stake in its Altera division to Silver Lake, valuing the programmable logic company at $8.75 billion. This transaction marks a significant shift in Intel’s focus, enabling the tech giant to streamline…
Agent Tesla Malware Uses Multi-Stage Attacks with PowerShell Scripts
Researchers from Palo Alto Networks have uncovered a series of malicious spam campaigns leveraging the notorious Agent Tesla malware through intricate, multi-stage infection vectors. The attack begins innocuously enough with the receipt of a socially engineered email, often crafted to…
US Senators Push for Stronger Cybercrime and Computer Fraud Legislation
It’s been a pretty divisive few months in US politics. The Trump administration has made sweeping changes in almost all areas of policy, ranging from international relations to domestic regulations and everything in between. However, some areas of American politics…
From PyPI to the Dark Marketplace: How a Malicious Package Fuels the Sale of Telegram Identities
Introduction In today’s digital era, security breaches can occur in the blink of an eye. Telegram Desktop is renowned for its secure, user-friendly messaging interface, but what if the data used to provide seamless experience could also be your greatest…
Mustang Panda Employs Using Weaponized RAR Archives to Install New ToneShell Malware
Security researchers have uncovered new malicious activities attributed to Mustang Panda, a China-sponsored espionage group known for targeting government entities, military organizations, and non-governmental organizations primarily in East Asia and Europe. The threat actor has been observed utilizing weaponized RAR…
Windows 11 24H2 Update Bug Triggers BSOD Error – Emergency Fix Released
Microsoft has officially confirmed a major bug in its recent Windows 11 24H2 updates that is causing widespread Blue Screen of Death (BSOD) crashes, displaying the stop error code “SECURE_KERNEL_ERROR” (0x18B). The issue, first reported by Windows Latest in March…
MITRE Hackers’ Backdoor Has Targeted Windows for Years
Windows versions of the BrickStorm backdoor that the Chinese APT used in the MITRE hack last year have been active for years. The post MITRE Hackers’ Backdoor Has Targeted Windows for Years appeared first on SecurityWeek. This article has been…
CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension
MITRE will be able to keep running the CVE program for at least the next 11 months This article has been indexed from www.infosecurity-magazine.com Read the original article: CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension
IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia. This article has been indexed from Securelist Read the original article: IronHusky…
Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted individuals on iOS.” CVE-2025-31200 and CVE-2025-31201 CVE-2025-31200 affects CoreAudio,…
Network Edge Devices the Biggest Entry Point for Attacks on SMBs
Sophos found that compromise of network edge devices, such as VPN appliances, accounted for 30% of incidents impacted SMBs in 2024 This article has been indexed from www.infosecurity-magazine.com Read the original article: Network Edge Devices the Biggest Entry Point for…
Gurucul introduces self-driving SIEM powered by AI enhancements
Gurucul announced a quantum leap forward with a self-driving SIEM powered by extensive AI enhancements and infused within a revamped AI-centric user interface for improved and effective execution of collect, detect, investigate, threat hunt and response workflows to its Unified…
ICO Issues Merseyside-Based Law Firm £60,000 Fine After Cyber-Attack
A UK Law firm has been fined £60,000 after data stolen during a 2022 cyber-attack was published on the dark web This article has been indexed from www.infosecurity-magazine.com Read the original article: ICO Issues Merseyside-Based Law Firm £60,000 Fine After…
MITRE bailout, Krebs exits SentinelOne, Apple fixes zero-days
MITRE gets last-minute bailout from CISA Krebs exits SentinelOne after security clearance pulled Apple fixes two zero-days exploited in targeted iPhone attacks Thanks to this week’s episode sponsor, Vanta Do you know the status of your compliance controls right now?…
Hacker Leaks 33,000 Employee Records in Third-Party API Breach
A hacker has exposed the personal records of over 33,000 employees after discovering unrestricted endpoints belonging to a major technology service provider. The breach, first reported by cybersecurity platform CloudSEK’s BeVigil, highlights alarming gaps in API security that could have…