A comprehensive security analysis has revealed a widespread vulnerability affecting Firebase-powered mobile applications, with over 150 popular apps inadvertently exposing sensitive user data through misconfigured Google Firebase services. The scope of this security crisis dwarfs previous incidents, potentially affecting thousands…
Category: EN
UK Police Arrest Suspect Tied to Ransomware Attack on European Airports
A person in his forties has been arrested in connection with a cyber-attack that caused days of disruption at several major European airports, including London Heathrow. The National Crime Agency (NCA) confirmed that officers detained the man on Tuesday evening…
Attackers Bypass EDR by Using In-Memory PE Loaders Delivered via Malicious Downloads
Security researchers have discovered a wave of attacks that use in-memory PE loaders to slip past endpoint detection and response (EDR) systems. In these incidents, threat actors deliver a small downloader to victims via malicious links or attachments. Once executed, the downloader…
Secret Service Stops Major NYC Cell Network Attack
Secret Service dismantled 300 SIM servers near NYC, averting telecom disruption. The post Secret Service Stops Major NYC Cell Network Attack appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: Secret Service…
Web Scraping: Hidden Threat to Retailers
When Resultly’s bots started scraping QVC’s website, the retail giant felt the pain immediately. Server crashes, website downtime, angry customers—and an estimated $2 million worth in lost sales, according to QVC’s internal estimates.1 While the resulting lawsuit was eventually settled…
Another Day, Another Data Dump: Billions of Passwords Go Public
In the past few years, the security industry has seen several reports on massive password leaks. The number of exposed credentials in these leaks is staggering: 10 billion, 26 billion, and sometimes even more. The suggestion is clear: a massive…
Attackers Use Domain Fronting to Tunnel Malicious Traffic via Google Meet, YouTube and Chrome Update Servers
Attackers have discovered a way to exploit Google’s core services, Google Meet, YouTube, Chrome update servers and more using a technique called domain fronting. By making their malicious traffic appear as legitimate connections to high-trust domains, adversaries can tunnel data…
UK police arrest man linked to ransomware attack that caused airport disruptions in Europe
The U.K.’s National Crime Agency said the investigation into the ransomware attack against Collins Aerospace is “in its early stages and remains ongoing.” This article has been indexed from Security News | TechCrunch Read the original article: UK police arrest…
Building Digital Skills Early Becomes Essential for Elementary Students
It has become imperative for learning to utilise digital tools in today’s fast-paced world to maintain the ability to navigate a variety of information sources. Not only are individuals gaining information by using digital tools, but they are also…
SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399)
SolarWinds has fixed yet another unauthenticated remote code execution vulnerability (CVE-2025-26399) in Web Help Desk (WHD), its popular web-based IT ticketing and asset management solution. While the vulnerability is currently not being leveraged by attackers, they might soon reverse-engineer the…
Reliable, Compliant APIs with Akamai Managed Service for API Performance
Introducing Akamai’s new product that blends proactive testing, expert analysis, and tailored optimization to help APIs stay reliable, responsive, and compliant. This article has been indexed from Blog Read the original article: Reliable, Compliant APIs with Akamai Managed Service for…
Geopolitical Cyber Threats in 2024: Navigating Emerging Risks with OSINT (Open-Source Intelligence)
Geopolitical tensions worldwide can have a foreseeable impact on an organisation’s physical operations, but they can also heighten the risk of cyberattacks. These cyber threats are often linked to or… The post Geopolitical Cyber Threats in 2024: Navigating Emerging Risks…
Weaponized Malware: GitHub Hosts Malware from Malwarebytes, LastPass, Citibank, SentinelOne, and More
A large-scale campaign targeting Mac users is leveraging fake GitHub pages to distribute information-stealing malware disguised as popular legitimate applications. Among the impersonated software are Malwarebytes for Mac, LastPass, Citibank, SentinelOne, and scores of other well-known brands. Although brand impersonation…
Salesforce CLI Installer Vulnerability Let Attackers Execute Code and Gain SYSTEM-Level Access
A critical vulnerability in the Salesforce CLI installer (sf-x64.exe) enables attackers to achieve arbitrary code execution, privilege escalation, and SYSTEM-level access on Windows systems. Tracked as CVE-2025-9844, the flaw stems from improper handling of executable file paths by the installer,…
OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission
A severe security vulnerability in OnePlus OxygenOS has been discovered that allows any installed application to read SMS and MMS messages without requesting permission or notifying users. The flaw, designated CVE-2025-10184, affects multiple OnePlus devices running OxygenOS versions 12 through…
Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware
In recent weeks, cybersecurity teams have observed a surge in malicious GitHub repositories masquerading as legitimate security and financial software. Threat actors have crafted convincing forks of projects bearing names like Malwarebytes, LastPass, Citibank, and SentinelOne, populated with trojanized installers…
Hackers Can Bypass EDR by Downloading a Malicious File as an In-Memory PE Loader
A sophisticated technique that allows attackers to execute malicious code directly in memory is gaining traction, posing a significant challenge to modern Endpoint Detection and Response (EDR) solutions. This method, which involves an in-memory Portable Executable (PE) loader, enables a…
UK Police Arrested Man Linked to Ransomware Attack That Crippeled European Airports
A man in his forties has been arrested in West Sussex, England, in connection with a cyber-attack that has caused days of widespread disruption at several major European airports, including London’s Heathrow. The UK’s National Crime Agency (NCA) confirmed the…
Police using drones to read your license plates, warns EFF
Police forces are increasingly using drones, but should they be able to read license plates? This article has been indexed from Malwarebytes Read the original article: Police using drones to read your license plates, warns EFF
UK agency makes arrest in airport cyberattack investigation
After air passenger travel hit across the Atlantic, organized crime agency strikes Breaking The UK’s National Crime Agency has arrested a man as part of an investigation into a ransomware attack that disrupted airports around the world last weekend.… This…