Multiple critical vulnerabilities affecting SonicWall’s SMA100 series SSL-VPN appliances, highlighting persistent security flaws in network infrastructure devices. The vulnerabilities, designated CVE-2025-40596, CVE-2025-40597, and CVE-2025-40598, demonstrate fundamental programming errors that enable pre-authentication attacks against firmware version 10.2.1.15. Key Takeaways1. Stack overflow,…
Critical CodeIgniter Vulnerability Exposes Million of Webapps to File Upload Attacks
A critical security vulnerability has been discovered in CodeIgniter4’s ImageMagick handler, exposing potentially millions of web applications to command injection attacks through malicious file uploads. The vulnerability, tracked as CVE-2025-54418, received a CVSS score of 9.8, indicating the highest severity…
Microsoft Teams New Meeting Join Bar Reminds You to Join Meeting On-time
Microsoft Teams is rolling out a significant enhancement to its meeting experience with the introduction of a new meeting join banner designed to streamline user access to scheduled meetings. The feature, identified by message code MC1115979, represents Microsoft’s continued effort…
SABO Fashion Brand Exposes 3.5 Million Customer Records in Major Data Leak
Australian fashion retailer SABO recently faced a significant data breach that exposed sensitive personal information of millions of customers. The incident came to light when cybersecurity researcher Jeremiah Fowler discovered an unsecured database containing over 3.5 million PDF documents,…
Critical Authentication Flaw Identified in Base44 Vibe Coding Platform
Flaw in Base44 allowed unauthorized access to private apps, bypassing authentication systems This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Authentication Flaw Identified in Base44 Vibe Coding Platform
Attackers Actively Exploiting Critical Vulnerability in Alone Theme
On May 30th, 2025, we received a submission for an Arbitrary File Upload via Plugin Installation vulnerability in Alone, a WordPress theme with more than 9,000 sales. This vulnerability makes it possible for an unauthenticated attacker to upload arbitrary files…
Unveiling the Lumma Password Stealer Attack: Infection Chain and Escalation Tactics Exposed
Lumma, a sophisticated C++-based information stealer, has surged in prevalence over recent years, posing significant risks to both individuals and organizations by exfiltrating sensitive data such as browser credentials, cryptocurrency wallets, and personal files. Developed since December 2022 and distributed…
I tested Dell’s XPS successor, and it beat my $3,000 Windows laptop in almost every way
Dell’s Premium 16 carries the XPS legacy forward, pairing high-end internals with a gorgeous 4K touch display in a refined, modern design. This article has been indexed from Latest news Read the original article: I tested Dell’s XPS successor, and…
This Linux app alerts you when an app tries to connect to the internet – and why that matters
OpenSnitch makes it easy to track outgoing internet requests from installed apps, so you can take action if necessary. This article has been indexed from Latest news Read the original article: This Linux app alerts you when an app tries…
8 cybersecurity conferences to attend in 2025
<p>Cybersecurity is a constant problem in today’s digital age. Attending cybersecurity conferences is one way companies can learn to keep their organizations safe.</p> <div class=”ad-wrapper ad-embedded”> <div id=”halfpage” class=”ad ad-hp”> <script>GPT.display(‘halfpage’)</script> </div> <div id=”mu-1″ class=”ad ad-mu”> <script>GPT.display(‘mu-1′)</script> </div> </div> <p>In…
Why your computer will thank you for choosing Webroot Essentials
Let’s be honest – nobody wants antivirus software that slows down their computer. You know the feeling: you install security software to protect yourself, but suddenly your laptop takes forever to start up, programs freeze, and you’re constantly waiting for…
CISA and Partners Release Updated Advisory on Scattered Spider Group
CISA, along with the Federal Bureau of Investigation, Canadian Centre for Cyber Security, Royal Canadian Mounted Police, the Australian Cyber Security Centre’s Australian Signals Directorate, and the Australian Federal Police and National Cyber Security Centre, released an updated joint Cybersecurity…
Chinese Government Launches National Cyber ID Amid Privacy Concerns
China’s national online ID service went into effect earlier this month with the promise of improving user privacy by limiting the amount of data collected by private-sector companies. However, the measures have been criticised by privacy and digital rights…
Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims
A newly emerged ransomware-as-a-service (RaaS) gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter’s dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February…
Auto-Color Backdoor Malware Exploits SAP Vulnerability
Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324 This article has been indexed from www.infosecurity-magazine.com Read the original article: Auto-Color Backdoor Malware Exploits SAP Vulnerability
SAP NetWeaver Vulnerability Used in Auto-Color Malware Attack on US Firm
Darktrace uncovers the first exploit of a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy Auto-Color backdoor malware. Learn how this evasive Linux RAT targets systems for remote code execution and how AI-powered defence thwarts multi-stage attacks. This article has been…
SquareX Discloses Architectural Limitations Of Browser DevTools In Debugging Malicious Extensions
Palo Alto, California, July 29th, 2025, CyberNewsWire Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as “Verified” and “Chrome Featured” provided by extension stores as a security indicator. The recent…
I tested Sony’s 98-inch Bravia Mini LED TV for week – and here’s who should buy the $6,000 model
Big-screen brilliance and next-level gaming make the Sony Bravia 5 a stunning Mini LED option for your home theater. This article has been indexed from Latest news Read the original article: I tested Sony’s 98-inch Bravia Mini LED TV for…
I use Edge as my default browser – but its new AI mode is unreliable and annoying
Microsoft just added a bunch of new features into the AI-powered Copilot Mode in its Edge browser. But can it really compete with Google and Perplexity? I tried chatting with it to find out. This article has been indexed from…
5 reasons why Firefox is still my favorite browser – and deserves more respect
Plenty of people have given up on Firefox, but not me. Here’s why. This article has been indexed from Latest news Read the original article: 5 reasons why Firefox is still my favorite browser – and deserves more respect
npm ‘is’ Package With 2.8M Weekly Downloads Weaponized to Attack Developers
The latest wave of npm-centric phishing has taken a darker turn with the hijack of the ubiquitous is utility, a module pulled 2.8 million times every week. On 19 July 2025 attackers, armed with stolen maintainer credentials, slipped malicious versions…
Gemini CLI Vulnerability Allows Hackers to Execute Malicious Commands on Developer Systems
A critical security vulnerability discovered in Google’s Gemini CLI tool allowed attackers to execute arbitrary malicious commands on developer systems without detection. The vulnerability, identified by cybersecurity firm Tracebit on June 27, 2025, exploited a combination of prompt injection techniques,…
PyPI Warns of New Phishing Attack Targeting Developers With Fake PyPI Site
The Python Package Index (PyPI) has issued an urgent warning to developers about an ongoing phishing campaign that exploits domain spoofing techniques to steal user credentials. This sophisticated attack targets developers who have published packages on the official repository, leveraging…
UNC3886 Actors Know for Exploiting 0-Days Attacking Singapore’s Critical Infrastructure
Singapore’s critical infrastructure faces an escalating cyber threat from UNC3886, a sophisticated Chinese state-linked Advanced Persistent Threat (APT) group that has been systematically targeting the nation’s energy, water, telecommunications, finance, and government sectors. The group, which first emerged circa 2021…