Category: Security Affairs

Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach. Oracle confirms a data breach and started informing customers while downplaying the impact of the incident. A threat actor using the moniker ‘rose87168’…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A flaw in…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure   Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s…

Read more →

A researcher used ChatGPT-4o to create a replica of his passport in just five minutes, realistic enough to deceive most automated KYC systems. Polish researcher Borys Musielak (@michuk) used ChatGPT-4o to generate a fake passport in just five minutes. The…

Read more →

A now-patched flaw in Verizon ’s iOS Call Filter app exposed call records of millions. No abuse found. Only phone numbers and timestamps were at risk. A now-patched vulnerability in Verizon ’s iOS Call Filter app could have been exploited…

Read more →

Port of Seattle is notifying 90,000 people of a data breach after personal data was stolen in a ransomware attack in August 2024. In August 2024, a cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International…

Read more →

President Trump fired Gen. Timothy Haugh as head of U.S. Cyber Command and NSA President Donald Trump this week fired Air Force Gen. Timothy Haugh, who served as the head of U.S. Cyber Command and the National Security Agency. Gen.…

Read more →

Experts warn of a critical vulnerability impacting Apache Parquet’s Java Library that could allow remote code execution. Apache Parquet’s Java Library is a software library for reading and writing Parquet files in the Java programming language. Parquet is a columnar…

Read more →

CERT-UA reported three cyberattacks targeting Ukraine’s state agencies and critical infrastructure to steal sensitive data. The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks in March 2025 targeting Ukrainian agencies and infrastructure to steal sensitive data. This activity…

Read more →

39 Million Secrets Leaked on GitHub in 2024 GitHub found 39M secrets leaked in 2024 and launched new tools to help developers and organizations secure sensitive data in code. Microsoft-owned code hosting platform GitHub announced the discovery of 39 million…

Read more →

Ivanti addressed a critical remote code execution flaw in Connect Secure, which has been exploited since at least mid-March 2025. Ivanti released security updates to address a critical Connect Secure remote code execution vulnerability tracked as CVE-2025-22457. The vulnerability has been…

Read more →

An international law enforcement operation shuts down Kidflix, a child sexual abuse material (CSAM) streaming platform with 1.8M users. An international operation, codenamed Operation Stream, against child sexual exploitation shuts down one of the largest streaming platforms that offered child…

Read more →

A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections…

Read more →

FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems. The threat actor FIN7, also known as Savage Ladybug, has developed a new Python-based malware, named Anubis Backdoor, which allows attackers…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Tomcat path equivalence vulnerability, tracked as CVE-2025-24813, to its Known Exploited Vulnerabilities (KEV)…

Read more →

Apple backports three critical vulnerabilities actively exploited in attacks against older iOS and macOS models. Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that…

Read more →

Hackers are scanning for vulnerabilities in Palo Alto Networks GlobalProtect portals, likely preparing for targeted attacks. Researchers at the threat intelligence firm GreyNoise warn of hackers that are scanning for vulnerabilities in Palo Alto Networks GlobalProtect portals, likely preparing for…

Read more →

Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers.  Researchers at Microsoft’s Offensive Research and Security Engineering (MORSE) team have discovered a critical code execution vulnerability, tracked as CVE-2025-1268 (CVSS score of 9.4), impacting Canon…

Read more →

Attackers exploit CrushFTP CVE-2025-2825 flaw, enabling unauthenticated access to unpatched devices using public proof-of-concept code. Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825, in the CrushFTP file transfer software. Attackers are using exploits based on publicly…

Read more →

France fines Apple €150M for abusing its dominance in ATT consent practices on iOS and iPadOS from 2021 to 2023. France’s Autorité de la concurrence fined Apple €150M for abusing its dominance in App Tracking Transparency (ATT) consent practices on…

Read more →