Threat actors are increasingly refining Android droppers to circumvent enhanced security measures, extending their utility beyond sophisticated banking trojans to simpler malware variants like SMS stealers and basic spyware. Historically, droppers served as innocuous entry points for payloads requiring elevated…
Category: EN
Encryption Backdoor in Military/Police Radios
I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The…
Farmers Insurance harvests bad news: 1.1M customers snared in data breach
Crims raided third-party systems and lifted personal data, including license numbers and partial SSNs US insurance giant Farmers Insurance says more than a million customers had personal data nicked after a third-party vendor was compromised.… This article has been indexed…
Docker Desktop Vulnerability Leads to Host Compromise
A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Chinese UNC6384 Hackers Use Valid Code-Signing Certificates to Evade Detection
Google Threat Intelligence Group (GTIG) has uncovered a multifaceted cyber espionage operation attributed to the PRC-nexus threat actor UNC6384, believed to be associated with TEMP.Hex (also known as Mustang Panda). This campaign, aligned with China’s strategic interests, primarily targeted diplomats…
Users of WhatsApp Desktop on Windows Face Code Execution Risk Via Python
A critical security risk has emerged for Windows users of WhatsApp Desktop who also have Python installed. Attackers can exploit a flaw in how WhatsApp Desktop handles .pyz (Python archive) files, delivering arbitrary code execution on the victim’s machine with a single…
Weaponized PuTTY Via Bing Ads Exploit Kerberos and Attack Active Directory Services
A malvertising campaign using sponsored results on Microsoft’s search platform delivered a weaponized PuTTY that established persistence, enabled hands-on keyboard control, and executed Kerberoasting to target Active Directory service accounts. According to an investigation published by LevelBlue’s MDR SOC and…
X/Twitter The Most Aggressive Social Media App Collecting Users Location Information
A comprehensive analysis of the top 10 social media platforms reveals that X (formerly Twitter) stands out as the most invasive collector of user location information, gathering both precise and coarse location data across all categories listed in Apple’s App…
AI Systems Vulnerable to Prompt Injection via Image Scaling Attack
Researchers show how popular AI systems can be tricked into processing malicious instructions by hiding them in images. The post AI Systems Vulnerable to Prompt Injection via Image Scaling Attack appeared first on SecurityWeek. This article has been indexed from…
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)
CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US Cybersecurity and Infrastructure Security Agency (CISA),…
US: Maryland Confirms Cyber Incident Affecting State Transport Systems
All previously scheduled mobility trips across Maryland for this week will be honored, said the state’s transportation administration This article has been indexed from www.infosecurity-magazine.com Read the original article: US: Maryland Confirms Cyber Incident Affecting State Transport Systems
Flutter Shuts Down Online Games In India After Legal Change
Dublin-based gaming giant ceases operations in India after passage of law that bans real-money gaming, amidst addiction concerns This article has been indexed from Silicon UK Read the original article: Flutter Shuts Down Online Games In India After Legal Change
Break Into Cybersecurity with 38 Hours of Training — Now Less Than $25 for Life
Build job-ready cybersecurity skills with 38 hours of self-paced training from this lifetime bundle. This article has been indexed from Security | TechRepublic Read the original article: Break Into Cybersecurity with 38 Hours of Training — Now Less Than $25…
U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below…
Hundreds of Thousands Affected by Auchan Data Breach
Auchan confirms that the personal information of hundreds of thousands of customers was stolen in a data breach. The post Hundreds of Thousands Affected by Auchan Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. “A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which…
CIISec: Most Security Professionals Want Stricter Regulations
A new CIISec poll finds the majority of industry professionals would prefer more rigorous cybersecurity laws This article has been indexed from www.infosecurity-magazine.com Read the original article: CIISec: Most Security Professionals Want Stricter Regulations
Tesla Rejected $60m Settlement Before $243m Autopilot Verdict
Tesla was offered and rejected $60m settlement in trial around death of bystander involving Model S with Autopilot engaged This article has been indexed from Silicon UK Read the original article: Tesla Rejected $60m Settlement Before $243m Autopilot Verdict
Maryland Transportation Systems Disrupted Following Cyberattack
Maryland’s transit network experienced widespread disruption this week after a sophisticated cyberattack targeted critical information systems, forcing the Maryland Transit Administration (MTA) and the Department of Information Technology (DoIT) to scramble containment efforts. While most core services remain operational, significant…
Finally, my ultimate smart home setup is complete thanks to this display gadget
If you own a Eufy security system, the Security E10 smart display is a natural companion – offering handy features that enhance your setup. This article has been indexed from Latest news Read the original article: Finally, my ultimate smart…