A newly discovered account takeover campaign targeting WhatsApp users demonstrates how attackers can compromise messaging accounts without stealing passwords or exploiting technical vulnerabilities. The threat, identified as the GhostPairing Attack, uses social engineering and WhatsApp’s legitimate device linking feature to…
Category: EN
In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances. The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: In-the-Wild Exploitation of…
Phishing Messages and Social Scams Flood Users Ahead of Christmas
Check Point has detected thousands of phishing emails in the past fortnight, offering fake promotions and special deals This article has been indexed from www.infosecurity-magazine.com Read the original article: Phishing Messages and Social Scams Flood Users Ahead of Christmas
Reddit Sues Australia Over Social Media Law
Discussion platform Reddit says Australian ban on under-16 from having social media accounts suppresses political discourse This article has been indexed from Silicon UK Read the original article: Reddit Sues Australia Over Social Media Law
Coupang CEO Quits After Breach Hits 33.7M South Koreans
The e-commerce firm’s data breach exposed nearly two-thirds of the entire country’s population after hackers operated undetected for five months. The post Coupang CEO Quits After Breach Hits 33.7M South Koreans appeared first on TechRepublic. This article has been indexed…
React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors
The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. “KSwapDoor is a professionally engineered remote access tool…
Amazon Deletes AI-Generated TV Summary Over Flubs
Amazon removes AI-generated recap video of its television show Fallout after viewers find glaring mistakes This article has been indexed from Silicon UK Read the original article: Amazon Deletes AI-Generated TV Summary Over Flubs
Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware
A fake Leonardo DiCaprio movie torrent is spreading Agent Tesla malware through trusted Windows tools The post Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware appeared first on TechRepublic. This article has been indexed from Security Archives – TechRepublic Read…
US taps private firms in cyber offensive, Microsoft updates cause queuing failures, phishing campaign delivers Phantom Stealer
US turns to private firms in cyber offensive Microsoft updates cause queuing failures Phishing campaign delivers Phantom stealer Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by…
Amazon Accidentally Shows Film With ‘Strong Sex’ To Child
Amazon found in breach of Ofcom’s rules after showing 15-rated film to children instead of Diary of a Wimpy Kid This article has been indexed from Silicon UK Read the original article: Amazon Accidentally Shows Film With ‘Strong Sex’ To…
Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild
An active intrusion is targeting critical authentication bypass vulnerabilities in Fortinet’s FortiGate appliances and related products. Threat actors are exploiting CVE-2025-59718 and CVE-2025-59719 to perform unauthenticated single sign-on (SSO) logins via malicious SAML messages, granting attackers administrative access. Fortinet disclosed…
Chrome Extension with 6M+ Users Found Collecting AI Chatbot Inputs
A popular browser extension promoted as a free and secure VPN has been discovered secretly capturing user conversations across multiple AI chatbot platforms including ChatGPT, Claude, Gemini, and Microsoft Copilot raising fresh concerns over privacy and data exploitation in the…
Jaguar Land Rover Confirms August Cyberattack Led to Employee Data Theft
Jaguar Land Rover (JLR) has officially confirmed that a major cyberattack in August resulted in the theft of sensitive personal data belonging to current and former employees. This disclosure marks the luxury automaker’s first public admission regarding the full scope…
JumpCloud Remote Assist Windows Agent Vulnerability Allows Privilege Escalation
A critical local privilege escalation vulnerability in the JumpCloud Remote Assist for Windows agent allows any low-privileged user on a Windows system to gain NT AUTHORITY\SYSTEM privileges or crash the machine. Tracked as CVE-2025-34352, the flaw affects JumpCloud Remote Assist for Windows versions prior to 0.317.0 and…
SantaStealer Malware Steals Sensitive Files, Credentials, and Crypto Wallet Data
Cybersecurity researchers at Rapid7 Labs have uncovered a sophisticated new threat: SantaStealer, a malware-as-a-service information stealer actively promoted on Telegram channels and underground hacker forums. The malware, which recently rebranded from “BluelineStealer,” is scheduled for release before the end of…
Why We’ll Never Patch Everything, and That’s Okay
Why fixing every vulnerability is impossible—and unnecessary. Learn how risk-based vulnerability management prioritizes what to patch, what to defer, and why context matters more than CVSS. The post Why We’ll Never Patch Everything, and That’s Okay appeared first on Security Boulevard. This article has been…
French Interior Minister says hackers breached its email servers
The French interior minister confirmed that a cyberattack breached the Interior Ministry, compromising its email servers. The French Interior Minister Laurent Nunez announced on Friday that threat actors compromised email servers at the Ministry of the Interior. The attack was…
PornHub Breached by ShinyHunters Group and Premium Members’ Data Stolen
The notorious hacking collective ShinyHunters has claimed responsibility for a major data breach at Mixpanel, a popular analytics provider, exposing limited user data tied to Pornhub Premium accounts. The incident, which has only affected select Premium subscribers, has raised concerns…
The messy data trails of telehealth are becoming a security nightmare
In this Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses how telehealth reshapes the flow of patient data and what that means for security. He explains why organizations must strengthen data classification and visibility as systems and vendors…
Google to Shut Down Dark Web Monitoring Tool in February 2026
Google has announced that it’s discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web. To…