CISA has issued an urgent advisory concerning a newly disclosed zero-day vulnerability in Meta Platforms’ WhatsApp messaging service (CVE-2025-55177). This flaw, categorized under CWE-863: Incorrect Authorization, allows an unauthorized actor to manipulate linked device synchronization messages and force a target…
Android Security Update – Patch for 0-Day Vulnerabilities Actively Exploited in Attack
In response to the discovery of actively exploited 0-day vulnerabilities, Google has released its September 2025 Android Security Bulletin, rolling out patch level 2025-09-05 to safeguard millions of devices. The bulletin details critical issues in both System and Kernel components,…
Brazilian Fintech Giant Sinqia Reveals $130m Heist Attempt
Evertec subsidiary Sinqia has posted details of an attempt to steal $130m from two B2B partners This article has been indexed from www.infosecurity-magazine.com Read the original article: Brazilian Fintech Giant Sinqia Reveals $130m Heist Attempt
New BruteForceAI Tool Automates Login Page Detection and Attacks
A cutting-edge penetration testing tool called BruteForceAI has arrived, bringing automation and artificial intelligence to the art of login page detection and brute-force attacks. Designed for security professionals and researchers, BruteForceAI streamlines two critical stages of a login attack: finding login forms…
Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft
Jaguar Land Rover shut down systems after a cyberattack, disrupting production and retail, but says customer data likely remains safe. Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack occurred over…
Brazilian FinTech Giant Sinqia Reveals $130m Heist Attempt
Evertec subsidiary Sinqia has posted details of an attempt to steal $130m from two B2B partners This article has been indexed from www.infosecurity-magazine.com Read the original article: Brazilian FinTech Giant Sinqia Reveals $130m Heist Attempt
Jaguar Land Rover Production ‘Severely’ Hit By Attack
JLR says production and retail ‘severely disrupted’ by cyber-attack at one of busiest times of year, in latest incident to hit UK firms This article has been indexed from Silicon UK Read the original article: Jaguar Land Rover Production ‘Severely’…
US Revokes TSMC’s China Export Waiver
US revokes fast-track status used by TSMC to export chip equipment to Nanjing site, following similar moves for Samsung, SK Hynix This article has been indexed from Silicon UK Read the original article: US Revokes TSMC’s China Export Waiver
EU Delays Google Sanctions Amidst US Trade Threats
EU officials reportedly delayed announcement of fine and other sanctions against Google over fears of derailing US trade deal This article has been indexed from Silicon UK Read the original article: EU Delays Google Sanctions Amidst US Trade Threats
Android Issues Security Update to Patch Actively Exploited 0-Day Flaws
Google has released a critical Android Security Bulletin for September 2025, addressing multiple high-severity vulnerabilities that are currently being actively exploited in the wild. The security patch level 2025-09-05 or later is required to protect Android devices from these serious threats. The security bulletin…
Disney to Pay $10 Million Over Children’s Data Privacy Violations
In a landmark settlement announced on September 2, 2025, The Walt Disney Company has agreed to pay a $10 million civil penalty to resolve allegations by the United States Department of Justice that its subsidiaries violated federal law by collecting…
This ultraportable Lenovo is one of my favorite laptops for remote work – here’s why
Lenovo’s Yoga Slim 7x combines snappy performance with a marathon battery and a brilliant OLED display. But what sets it apart is its value. This article has been indexed from Latest news Read the original article: This ultraportable Lenovo is…
IT Security News Hourly Summary 2025-09-03 09h : 3 posts
3 posts were published in the last hour 6:34 : Stealthy Python Malware Uses Discord to Steal Windows Data 6:33 : Hackers Use Hexstrike-AI to Exploit Zero-Day Flaws in Just 10 Minutes 6:5 : Hijacked by RapperBot: Devices Exploited for…
Own a PS5? I changed 3 settings to give my console a big performance boost
A few quick tweaks can noticeably enhance your PS5 experience – whether you’re gaming, streaming, or tightening up your online security. This article has been indexed from Latest news Read the original article: Own a PS5? I changed 3 settings…
He tracked his luggage with an AirTag – what he found was straight out of a movie
Another day, another reason to slip an AirTag into your luggage. This article has been indexed from Latest news Read the original article: He tracked his luggage with an AirTag – what he found was straight out of a movie
Google: Gmail is secure, Cloudflare blocks largest DDoS attack, Amazon shutters theft campaign
‘2.5 billion Gmail users at risk’? Entirely false, says Google Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps Jaguar Land Rover says cyberattack ‘severely disrupted’ production Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in…
Major credit bureau TransUnion discloses data breach affecting millions of Americans
TransUnion has filed data breach disclosures with the attorney general’s offices of Texas and Maine. According to the filings submitted to the authorities, a data… The post Major credit bureau TransUnion discloses data breach affecting millions of Americans appeared first…
IIS WebDeploy RCE Vulnerability Gets Public PoC
A newly disclosed remote code execution (RCE) vulnerability in Microsoft’s IIS Web Deploy toolchain has captured industry attention after the release of a public proof-of-concept. Tracked as CVE-2025-53772, this flaw resides in the unsafe deserialization logic of the msdeployagentservice and…
Top 10 Best Identity and Access Management (IAM) Tools in 2025
The rise of hybrid workforces and multi-cloud environments has made Identity & Access Management (IAM) more critical than ever. In 2025, a robust IAM solution is the cornerstone of a Zero Trust security model, where no user, device, or application…
How Pixel 10 Pro created the world’s smartest phone camera – a peek inside Google
ZDNET spoke with Google’s Pixel Camera team to learn how they pulled off such huge advances in smartphone photography. This article has been indexed from Latest news Read the original article: How Pixel 10 Pro created the world’s smartest phone…
AI-Powered Cybersecurity Tools Can Be Turned Against Themselves Through Prompt Injection Attacks
AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks, allowing adversaries to hijack automated agents and gain unauthorized system access. Security researchers Víctor Mayoral-Vilches & Per Mannermaa Rynning, revealed how modern AI-driven penetration testing frameworks become vulnerable…
Hackers Leverage Hexstrike-AI Tool to Exploit Zero Day Vulnerabilities Within 10 Minutes
Threat actors are rapidly weaponizing Hexstrike-AI, a recently released AI-powered offensive security framework, to scan for and exploit zero-day CVEs in under ten minutes. Originally marketed as an offensive security framework for red teams, Hexstrike-AI’s architecture has already been repurposed…
Stealthy Python Malware Uses Discord to Steal Windows Data
Inf0s3c Stealer, a stealthy Python-based grabber built to harvest system information and user data from Windows hosts. Packed as a 64-bit PE file compressed with UPX and bundled via PyInstaller, the executable imports a suite of Windows API functions to…
Hackers Use Hexstrike-AI to Exploit Zero-Day Flaws in Just 10 Minutes
Within hours of its release, the newly unveiled framework Hexstrike-AI has emerged as a game-changer for cybercriminals, enabling them to scan, exploit and persist inside targets in under ten minutes. Originally touted as a powerful red-team tool, Hexstrike-AI rapidly morphed into an…
Hijacked by RapperBot: Devices Exploited for Instant DDoS Attacks
A newly uncovered variant of the notorious RapperBot malware is covertly commandeering internet-connected devices—particularly outdated network video recorders (NVRs)—and transforming them into a powerful distributed denial-of-service (DDoS) army in mere moments. Security researchers have detailed a sophisticated exploit chain that…
Internet mapping and research outfit Censys reveals state-based abuse, harassment
‘Universities are being used to proxy offensive government operations, turning research access decisions political’ Censys Inc, vendor of the popular Censys internet-mapping tool, has revealed that state-based actors are trying to abuse its services by hiding behind academic researchers.… This…
How gaming experience can help with a cybersecurity career
Many people might not think that playing video games could help build a career in cybersecurity. Yet the skills gained through gaming, even if they don’t seem relevant at first, can be useful in the field. An overlooked pool of…