New Samsung Galaxy features include protections for on-device AI, expanded cross-device threat detection, and quantum-resistant encryption for network security. The post Samsung Announces Security Improvements for Galaxy Smartphones appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Category: EN
Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)
For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on Windows and Windows Server (CVE-2025-47981). CVE-2025-49719 and CVE-2025-49717, in Microsoft SQL Server CVE-2025-49719 is an…
Microsoft 365 PDF Export Feature Vulnerable to LFI – Sensitive Data at Risk
A critical security vulnerability in Microsoft 365’s PDF export functionality has been discovered and subsequently patched, highlighting significant risks to sensitive enterprise data. The vulnerability, which earned its discoverer a $3,000 bounty from Microsoft’s Security Response Center (MSRC), exposed a…
Hackers Exploit IIS Machine Keys to Breach Organizations
A sophisticated campaign by an initial access broker (IAB) group exploiting leaked Machine Keys from ASP.NET websites to gain unauthorized access to targeted organizations. The threat group, tracked as TGR-CRI-0045, has been active since October 2024 with a significant surge…
Yet Another Strava Privacy Leak
This time it’s the Swedish prime minister’s bodyguards. (Last year, it was the US Secret Service and Emmanuel Macron’s bodyguards. in 2018, it was secret US military bases.) This is ridiculous. Why do people continue to make their data public?…
FortiWeb SQL Injection Vulnerability Allows Attacker to Execute Malicious SQL Code
A critical security vulnerability has been discovered in FortiWeb web application firewalls that enables unauthenticated attackers to execute unauthorized SQL commands through specially crafted HTTP and HTTPS requests. This vulnerability, classified as CWE-89 (Improper Neutralization of Special Elements used in…
Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges
A critical security vulnerability has been discovered in Citrix Windows Virtual Delivery Agent that allows local attackers to escalate privileges and gain SYSTEM-level access to affected systems. The vulnerability, tracked as CVE-2025-6759, affects multiple versions of Citrix Virtual Apps and…
SparkKitty Malware Attacking iOS and Android Device Users to Steal Photos From Gallery
A sophisticated Trojan malware known as SparkKitty has been actively targeting iOS and Android devices since early 2024, infiltrating both official app stores and untrusted websites to steal images from users’ device galleries. This malware campaign, which appears to be…
Qantas begins telling some customers that mystery attackers have their home address
Plus: Confirms less serious data points like meal preferences also leaked Qantas says that when cybercrooks attacked a “third party platform” used by the airline’s contact center systems, they accessed the personal information and frequent flyer numbers of the “majority”…
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact
Industrial solutions providers Siemens, Schneider Electric and Phoenix Contact have released July 2025 Patch Tuesday ICS security advisories. The post ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact appeared first on SecurityWeek. This article has been indexed from…
The 2025 Verizon Data Breach Report: A Wake-Up Call for MSPs
The data paints a clear picture: A full 20% of breaches this year stemmed from exploitation of known vulnerabilities, a 34% increase from last year. The post The 2025 Verizon Data Breach Report: A Wake-Up Call for MSPs appeared first on Security Boulevard. This…
XwormRAT Hackers Leverage Code Injection for Sophisticated Malware Deployment
A sophisticated new distribution method for XwormRAT malware that leverages steganography techniques to hide malicious code within legitimate files. This discovery highlights the evolving tactics of cybercriminals who are increasingly using advanced obfuscation methods to bypass security detection systems and…
Chinese State-Sponsored Hacker Charged Over COVID-19 Research Theft
The US allege that the hacker stole critical COVID-19 research from universities at the behest of the Chinese government This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese State-Sponsored Hacker Charged Over COVID-19 Research Theft
New Android TapTrap Attack Let Malicious Apps Bypass Permission and Carry out Destructive Actions
Security researchers discover novel animation-based vulnerability affecting 76% of Android apps. Security researchers at TU Wien have uncovered a sophisticated new attack vector dubbed “TapTrap” that enables malicious Android applications to bypass the operating system’s permission system and execute destructive…
Multiple Apache Tomcat Vulnerabilities Let Attackers Trigger DoS Attacks
Apache Tomcat has addressed three critical denial-of-service (DoS) vulnerabilities that could allow malicious actors to disrupt web applications and services. These security flaws, tracked as CVE-2025-52434, CVE-2025-52520, and CVE-2025-53506, affect all Apache Tomcat versions from 9.0.0.M1 to 9.0.106. The vulnerabilities…
Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking
Multiple vulnerabilities in Ruckus Wireless management products could be exploited to fully compromise the managed environments. The post Unpatched Ruckus Vulnerabilities Allow Wireless Environment Hacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
What is Zero Data Retention and Why it May Be the Future of Secure Automation
Zero Data Retention offers a new path forward. One that enables intelligent automation, deep integrations and real-time workflows — without the baggage of persistent data storage The post What is Zero Data Retention and Why it May Be the Future…
Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks
A Chinese national has been arrested in Milan, Italy, for his alleged links to a state-sponsored hacking group known as Silk Typhoon and for carrying out cyber attacks against American organizations and government agencies. The 33-year-old, Xu Zewei, has been…
MacOS Infostealer AMOS Evolves with Backdoor for Persistent Access
The addition of a backdoor to the Atomic macOS Stealer marks a pivotal shift in one of the most active macOS threats, said Moonlock This article has been indexed from www.infosecurity-magazine.com Read the original article: MacOS Infostealer AMOS Evolves with…
ISC Stormcast For Monday, July 7th, 2025 https://isc.sans.edu/podcastdetail/9514, (Mon, Jul 7th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, July 7th, 2025…