Google Chrome 139 addressed a high-severity V8 flaw, tracked as CVE-2025-9132, found by Big Sleep AI Google Chrome 139 addressed a high-severity vulnerability, tracked as CVE-2025-9132, in its open source high-performance JavaScript and WebAssembly engine V8. The vulnerability is an…
UK Retreats on Apple Encryption Backdoor Demand Following US Pressure
US director of national intelligence, Tulsi Gabbard, stated that her government persuaded the UK to withdraw its controversial demand This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Retreats on Apple Encryption Backdoor Demand Following US Pressure
The best Android phones of 2025: Expert tested and reviewed
The best Android phones we’ve tested offer bright, sharp displays, long battery life, versatile cameras, and standout hardware features. This article has been indexed from Latest news Read the original article: The best Android phones of 2025: Expert tested and…
Legitimate Chrome VPN With 100,000+ Installs Silently Captures Screenshots and Exfiltrate Sensitive Data
A Chrome VPN extension with over 100,000 installations and verified badge status has been discovered operating as sophisticated spyware, continuously capturing user screenshots and exfiltrating sensitive data without consent. The extension, known as FreeVPN.One, masqueraded as a legitimate privacy tool…
CodeRabbit’s Production Servers RCE Vulnerability Enables Write Access on 1M Repositories
A critical remote code execution (RCE) vulnerability in CodeRabbit’s production infrastructure that provided unauthorized access to over one million code repositories, including private ones. The vulnerability, discovered in December 2024 and responsibly disclosed in January 2025, exploited the platform’s static…
Paper Werewolf Exploiting WinRAR Zero‑Day Vulnerability to Deliver Malware
Cybersecurity researchers have uncovered a sophisticated campaign by the Paper Werewolf threat actor group, also known as GOFFEE, targeting Russian organizations through the exploitation of critical vulnerabilities in WinRAR archiving software. The campaign, active since July 2025, demonstrates the group’s…
Hackers Exploiting Apache ActiveMQ Vulnerability to Gain Access to Cloud Linux Systems
A sophisticated campaign uncovered where adversaries are exploiting CVE-2023-46604, a critical remote code execution vulnerability in Apache ActiveMQ, to compromise cloud-based Linux systems. In this case, attackers are patching the very vulnerability they exploited to maintain exclusive access and evade…
Serial Hacker Jailed for Hacking and Defacing Organizations’ Websites
A sophisticated cybercriminal operation targeting government institutions and private organizations across multiple continents has culminated in the sentencing of Al-Tahery Al-Mashriky, a 26-year-old hacker from Rotherham, South Yorkshire. The prolific attacker, who operated under multiple aliases within the extremist hacking…
North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms
North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025. The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted…
Microsoft Issues Out-of-Band Update to Fix Recovery Issues
Microsoft has issued an emergency patch to fix Windows recovery problems for some users This article has been indexed from www.infosecurity-magazine.com Read the original article: Microsoft Issues Out-of-Band Update to Fix Recovery Issues
New Salty 2FA PhaaS Platform Targets Microsoft 365 Users to Steal Login Credentials
The majority of events globally are caused by phishing, which continues to be the most common vector for cyberattacks in the constantly changing world of cyber threats. The proliferation of affordable Phishing-as-a-Service (PhaaS) platforms such as Tycoon2FA, EvilProxy, and Sneaky2FA…
Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack
Pharmaceutical firm Inotiv says a ransomware attack encrypted systems and data, disrupting operations, according to its SEC filing. U.S. pharmaceutical firm Inotiv reported a ransomware attack that encrypted some systems and data, disrupting business operations. Inotiv is a U.S.-based pharmaceutical…
High-Severity Vulnerabilities Patched in Chrome, Firefox
Google and Mozilla have released patches for multiple high-severity vulnerabilities affecting Chrome and Firefox. The post High-Severity Vulnerabilities Patched in Chrome, Firefox appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: High-Severity Vulnerabilities Patched…
IT Security News Hourly Summary 2025-08-20 09h : 1 posts
1 posts were published in the last hour 6:34 : Chrome High-Severity Vulnerability Could Let Attackers Run Arbitrary Code
New GodRAT Malware Uses Screensaver and Program Files to Target Organizations
Threat actors have been deploying a novel Remote Access Trojan (RAT) dubbed GodRAT, derived from the venerable Gh0st RAT codebase, to infiltrate financial institutions, particularly trading and brokerage firms. The malware is distributed via Skype as malicious .scr (screensaver) and…
Sling TV offers a new $20 bundle for budget streamers – here’s what’s included
This new live TV package includes thousands of free streaming movies, the ability to stream to three devices at once, and 50 hours of free cloud DVR storage. This article has been indexed from Latest news Read the original article:…
A hacker tied to Yemen Cyber Army gets 20 months in prison
UK hacker Al-Tahery Al-Mashriky, tied to Yemen Cyber Army, gets 20 months in prison for website defacements and stolen data possession. Al-Tahery Al-Mashriky (26), a man from South Yorkshire, linked to the Yemen Cyber Army, has been sentenced to 20…
McDonald’s not lovin’ it when hacker exposes nuggets of rotten security
Burger slinger gets a McRibbing, reacts by firing staffer who helped A white-hat hacker has discovered a series of critical flaws in McDonald’s staff and partner portals that allowed anyone to order free food online, get admin rights to the…
Javelin MCP Security protects agentic systems and AI‑enabled applications
Javelin announced MCP Security, a defense-in-depth solution for the Model Context Protocol (MCP), the connective tissue between AI assistants, tools, and enterprise data. The release combines Javelin Ramparts, an MCP scanner, with Javelin MCP Runtime Guardrails for real-time policy enforcement…
0-Day Clickjacking Vulnerabilities Found in Major Password Managers like 1Password, LastPass and Others
A cybersecurity researcher has disclosed zero-day clickjacking vulnerabilities affecting eleven major password managers, potentially exposing tens of millions of users to credential theft through a single malicious click. The research, conducted by security expert Marek Tóth, reveals that attackers can…
New GodRAT Weaponizing Screen Saver and Program Files to Attack Organizations
A sophisticated new Remote Access Trojan named GodRAT has emerged as a significant threat to financial institutions, leveraging deceptive screen saver files and steganographic techniques to infiltrate organizational networks. First detected in September 2024, this malware campaign has demonstrated remarkable…
New Salty 2FA PhaaS platform Attacking Microsoft 365 Users to Steal Login Credentials
A sophisticated new Phishing-as-a-Service (PhaaS) framework dubbed “Salty 2FA” has emerged as a significant threat to Microsoft 365 users across US and European industries. This previously undocumented platform employs advanced obfuscation techniques and multi-stage execution chains specifically designed to bypass…
Chrome High-Severity Vulnerability Let Attackers Execute Arbitrary Code
Google has released an emergency security update for Chrome to address a critical vulnerability that could allow attackers to crash the browser or execute arbitrary code on affected systems. The high-severity flaw, designated as CVE-2025-9132, affects Chrome’s V8 JavaScript engine…
Intel Employee Data Exposed by Vulnerabilities
A researcher said he found vulnerable internal services that exposed the information of 270,000 Intel employees. The post Intel Employee Data Exposed by Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Intel…