WhatsApp has patched a vulnerability that was used in conjunction with an Apple vulnerability in zero-click attacks. This article has been indexed from Malwarebytes Read the original article: WhatsApp fixes vulnerability used in zero-click attacks
Category: EN
Food Delivery Robots Vulnerable to Hacks That Redirect Orders
A startling vulnerability in Pudu Robotics’ management APIs that allowed anyone with minimal technical skill to seize control of the company’s food delivery and service robots. The vulnerability, which went unaddressed for weeks despite repeated responsible‐disclosure attempts, could have enabled…
Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days
Rokid Glasses combine the best features of Meta Ray-Bans with next-gen upgrades. And a lot of people are jumping on their 20% pre-order discount on Kickstarter. This article has been indexed from Latest news Read the original article: Look out,…
From Food to Friendship: How Scammers Prey on Our Most Basic Needs
Scammers are opportunists. Nasty ones. They prey on the most fundamental human needs: Survival: Food, shelter, and security Connection: Friendship, belonging, and community. On the surface, a food-assistance scam and a fake-friend scam may seem worlds apart. One promises food,…
Hackers Registering Domains to Launch Cyberattack Targeting 2026 FIFA World Cup Tournament
Security researchers have observed an unprecedented surge in domain registrations in recent months, closely tied to the upcoming 2026 FIFA World Cup tournament. These domains, often masquerading as legitimate ticketing portals, merchandise outlets, or live-stream platforms, serve as precursors to…
Food Delivery Robots Can Be Hacked to Deliver Meals to Your Table Instead of the Intended Customers
You may have seen them in restaurants, cat-faced robots gliding between tables, delivering plates of food. These robots, many of them made by Pudu Robotics, the world’s largest commercial service robotics company, are part of a growing fleet of automated…
Hackers Abuse Legitimate Email Marketing Platforms to Disguise Malicious Links
Cybercriminals are increasingly exploiting legitimate email marketing platforms to launch sophisticated phishing campaigns, leveraging the trusted reputation of these services to bypass security filters and deceive victims. This emerging threat vector represents a significant evolution in phishing tactics, where attackers…
Hackers Leverage Built-in MacOS Protection Features to Deploy Malware
macOS has long been recognized for its robust, integrated security stack, but cybercriminals are finding ways to weaponize these very defenses. Recent incidents show attackers exploit Keychain, SIP, TCC, Gatekeeper, File Quarantine, XProtect, and XProtect Remediator to stealthily deliver malicious…
Salesforce Releases Forensic Investigation Guide Following Chain of Attacks
Salesforce today unveiled its comprehensive Forensic Investigation Guide, equipping organizations with best practices, log analysis techniques, and automation workflows to detect and respond to sophisticated security breaches rapidly. To reconstruct attack timelines and assess data exposure, the guide emphasizes three…
How to set up two-step verification on your WhatsApp account
This guide gives step-by-step instructions how how to enable two-step verification for WhatsApp on Android, iOS, and iPadOS This article has been indexed from Malwarebytes Read the original article: How to set up two-step verification on your WhatsApp account
Apple May Drop Physical SIM Card in iPhone 17
Apple appears poised to remove the physical SIM card slot from its upcoming iPhone 17 models in more countries, with a significant rollout anticipated across the European Union. This change would mark the latest step in Apple’s long-term strategy of…
Microsoft Enforces MFA for Logging into Azure Portal
In a significant security move, Microsoft announced on August 26, 2025, that it will require mandatory multifactor authentication (MFA) for all accounts signing in to the Azure portal and related administrative centers. The policy, first introduced in 2024, aims to…
⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More
Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door.…
Crooks exploit Meta malvertising to target Android users with Brokewell
Cybercriminals spread Brokewell via fake TradingView Premium ads on Meta, stealing crypto and data with remote control since July 2024. Bitdefender warns threat actors are abusing Meta ads to spread fake TradingView Premium apps for Android, delivering Brokewell malware to…
Three Lazarus RATs coming for your cheese
Authors: Yun Zheng Hu and Mick Koomen Introduction In the past few years, Fox-IT and NCC Group has conducted multiple incident response cases involving a Lazarus subgroup that specifically targets organizations in the financial and cryptocurrency sector. This Lazarus subgroup…
Spotlight On Leadership: Bolstering Corporate Security with OSINT And AI-Driven Intelligence
Penlink’s CEO, Peter Weber, shares how leaders can reduce their odds of becoming yet another statistic through a debilitating cyber-attack by implementing the robust combination of digital evidence, open-source intelligence (OSINT),… The post Spotlight On Leadership: Bolstering Corporate Security with OSINT…
Worker Sentenced to Four Years for Compromising Company IT Infrastructure
It is the case of a Chinese-born software developer who has been sentenced to four years in federal prison after hacking into the internal systems of his former employer, in a stark warning of the dangers of insider threats…
Adding Prompt Injection To Image Scaling Attacks Threatens AI Systems
As image generation and processing using AI tools become more common, ensuring thorough security throughout… Adding Prompt Injection To Image Scaling Attacks Threatens AI Systems on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This…
Google Web Designer Vulnerability Lets Hackers Take Over Client Systems
A critical client-side remote code execution (RCE) vulnerability in Google Web Designer exposed Windows users to full system compromise, according to a detailed write-up by security researcher Balint Magyar. Affecting versions prior to 16.4.0.0711 (released July 29, 2025), the flaw…
SUSE Fleet: Plain Text Storage of Vulnerability Exploit Helm Values
A high-severity vulnerability in SUSE’s Fleet, a GitOps management tool for Kubernetes clusters, has been disclosed by security researcher samjustus via GitHub Security Advisory GHSA-6h9x-9j5v-7w9h. The vulnerability, tracked as CVE-2024-52284, allows Helm chart values—often containing sensitive credentials—to be stored inside…