Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum…
Category: EN
Infostealers Targeting macOS Users in Active Campaigns to Steal Sensitive Data
MacOS infostealers are becoming a powerful and underappreciated method of data exfiltration in a world where Windows-centric threats predominate. They act as predecessors to ransomware deployments and significant breaches. These malware variants, often distributed via Malware-as-a-Service (MaaS) models, meticulously harvest…
ISACA Addresses Experience Gap with CISA Associate Designation
The new CISA Associate designation recognizes ISACA members who have passed the CISA exam, but do not yet have the required experience This article has been indexed from www.infosecurity-magazine.com Read the original article: ISACA Addresses Experience Gap with CISA Associate…
Microsoft Removes High-Privilege Access to Strengthen Microsoft 365 Security
Microsoft has taken a significant step forward in bolstering the security of its Microsoft 365 ecosystem by systematically eliminating high-privileged access (HPA) across all applications, as part of its broader Secure Future Initiative (SFI). This initiative integrates efforts across the…
AI chatbot’s simple ‘123456’ password risked exposing personal data of millions of McDonald’s job applicants
Security researchers found two flaws in an AI-powered chatbot used by McDonald’s to interact with job applicants. This article has been indexed from Security News | TechCrunch Read the original article: AI chatbot’s simple ‘123456’ password risked exposing personal data…
Spyware on Androids Soars
In general, malware aimed at Androids rose 151% in February and March but a whopping increase came with the 692% jump in SMS-based malware that occurred in April and May. The post Spyware on Androids Soars appeared first on Security…
Iranian APT Hackers Targeting Transportation and Manufacturing Sectors in Active Attacks
Nozomi Networks Labs cybersecurity researchers have reported a startling 133% increase in cyberattacks linked to well-known Iranian advanced persistent threat (APT) groups in May and June 2025, following current tensions with Iran. This uptick aligns with warnings from U.S. authorities,…
Now Live: Infinity Global Services Offering on AWS Marketplace—A Seamless Way to Secure the Future
Infinity Global Services (IGS) offerings are now available on Amazon Web Services (AWS) Marketplace. These expert-led cyber security services offerings mark a significant advancement in delivering enterprise-grade cyber security that is accessible, scalable, and cost-effective. Whether you’re using Check Point…
Rockerbox Data Breach Exposes 245,949 Users’ SSNs and Driver’s Licenses
Jeremiah Fowler, an ethical researcher, discovered an unsecured database with 245,949 entries totaling 286.9 GB in a huge cybersecurity issue. The database was assumed to be owned by Rockerbox, a tax credit consulting organization situated in Texas. The exposed repository,…
Fortinet FortiWeb Fabric Connector Vulnerability Exploited to Execute Remote Code
A critical security vulnerability in Fortinet’s FortiWeb Fabric Connector has been discovered and exploited, allowing attackers to execute remote code on affected systems without authentication. The vulnerability, designated CVE-2025-25257, represents a significant threat to organizations using Fortinet’s web application firewall…
Setting the Standard for Zero Trust Platforms
Palo Alto Networks is a Leader in The Forrester Wave™: Zero Trust Platforms, Q3 2025 with the highest score in the Current Offering category. The post Setting the Standard for Zero Trust Platforms appeared first on Palo Alto Networks Blog.…
Rubio Impersonation Incident is Latest High-Profile Deepfake Scam
The State Department sent an alert to embassies and consulates warning of AI-generated impersonations of high-ranking federal officials after someone posing at Secretary of State Marco Rubio tried to contact foreign ministers and U.S. Congress members. It’s the latest incident…
Hidden Surveillance Devices Pose Rising Privacy Risks for Travelers
Travellers are experiencing an increase in privacy concerns as the threat of hidden surveillance devices has increased in accommodations. From boutique hotels to Airbnb rentals to hostels, the reports that concealed cameras have been found to have been found…
Security Breach Reveals “Catwatchful” Spyware is Snooping on Users
A security bug in a stealthy Android spyware operation, “Catwatchful,” has exposed full user databases affecting its 62,000 customers and also its app admin. The vulnerability was found by cybersecurity expert Eric Daigle reported about the spyware app’s full database…
Crypto Workers Tricked in Job Scams Involving New Malware Linked to North Korea
A new online scam is targeting people who work in the cryptocurrency industry, using fake job offers and interviews to trick them into installing harmful software on their devices. According to a report by cybersecurity researchers at Cisco Talos,…
PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy’s BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors. The vulnerabilities, dubbed PerfektBlue, can be fashioned together…
In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs
Noteworthy stories that might have slipped under the radar: Microsoft shows attack against AMD processors, SentinelOne details latest ZuRu macOS malware version, Indian APT DoNot targets governments. The post In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware…
Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)
Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. Wing FTP Server and CVE-2025-47812 Wing FTP Server is a commercial file transfer server solution used by businesses, MSPs…
Identity-based attacks lead cybersecurity concerns as AI threats rise and zero trust adoption lags
Identity-based attacks have taken centre stage as the top cybersecurity concern for organisations in the coming year, according to a new survey conducted by Keeper Security at Infosecurity Europe 2025. The leading cybersecurity provider of zero-trust and zero-knowledge Privileged Access…
Critical D-Link 0-click Vulnerability Allows Remote Attackers to Crash the Server
A critical stack-based buffer overflow in the D-Link DIR-825 Rev.B 2.10 router firmware allows unauthenticated, zero-click remote attackers to crash the device’s HTTP server. Tracked as CVE-2025-7206, the flaw resides in the router’s httpd binary and stems from improper handling…