Microsoft’s October 2025 non-security update is disrupting virtual private server (VPS) access for Windows Subsystem for Linux (WSL) users, particularly those relying on third-party VPNs for enterprise connectivity. Released on October 28, 2025, as KB5067036, the update targets OS builds…
Tag: EN
Critical pgAdmin Vulnerability Let Attackers Execute Shell Commands on the Host
A severe security vulnerability has been uncovered in pgAdmin 4, the popular open-source PostgreSQL database management tool. Tracked as CVE-2025-13780, this critical flaw allows attackers to bypass security filters and execute arbitrary shell commands on the host server. The issue…
Apache StreamPark Vulnerability Let Attackers Access Sensitive Data
A critical security vulnerability has been discovered in Apache StreamPark that could allow attackers to decrypt sensitive information and gain unauthorized system access. The vulnerability stems from the use of a hard-coded encryption key in the application, which enables threat…
NVIDIA Merlin Vulnerabilities Let Attackers Execute Malicious Code and Trigger DoS Condition
Security patches for the Merlin framework addressing two high-severity deserialization vulnerabilities. That could allow attackers to execute arbitrary code and launch denial-of-service attacks on affected Linux systems. NVIDIA researchers have identified two vulnerabilities in Merlin components that leverage insecure deserialization.…
New Android Malware Frogblight Mimics as Official Government Websites to Collect SMS and Device Details
A sophisticated Android banking Trojan named Frogblight has emerged as a significant threat targeting Turkish users, employing deceptive tactics to steal banking credentials and personal data. Discovered in August 2025, this malware initially disguised itself as an application for accessing…
Pig butchering is the next “humanitarian global crisis” (Lock and Code S06E25)
This week on the Lock and Code podcast, we speak with Erin West about pig butchering scams and the efforts to stop this new, global crisis. This article has been indexed from Malwarebytes Read the original article: Pig butchering is…
Cloud Monitor Wins Cybersecurity Product of the Year 2025
Campus Technology & THE Journal Name Cloud Monitor as Winner in the Cybersecurity Risk Management Category BOULDER, Colo.—December 15, 2025—ManagedMethods, the leading provider of cybersecurity, safety, web filtering, and classroom management solutions for K-12 schools, is pleased to announce that…
ServiceNow in Advanced Talks to Acquire Armis for $7 Billion: Reports
ServiceNow Inc. is in advanced talks to acquire cybersecurity startup Armis in a deal that could reach $7 billion, its largest ever, according to reports. Bloomberg News first reported the discussions over the weekend, noting that an announcement could come…
CISOs view hybrid environments as best way to manage risk, compliance
Security leaders are also focused on the convergence of IT and operational technology as business continuity becomes a major concern. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: CISOs view hybrid environments as…
Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika
Atlassian released security updates to address dozens of flaws, including multiple critical-severity vulnerabilities. Atlassian addressed dozens of vulnerabilities impacting its products, including multiple critical-severity issues. One of the most severe bugs is a maximum-severity XML External Entity (XXE) injection flaw, tracked…
Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files
A new phishing campaign has been identified, delivering the Phantom information-stealing malware via an ISO attachment This article has been indexed from www.infosecurity-magazine.com Read the original article: Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files
Phantom Stealer Uses ISO Files to Breach Windows Systems
Operation MoneyMount-ISO uses malicious ISO files to deliver Phantom Stealer to Windows. The post Phantom Stealer Uses ISO Files to Breach Windows Systems appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article:…
Wireshark 4.6.2 Released With Fix for Vulnerabilities, and Updated Protocol Support
Wireshark 4.6.2, the latest version of the leading open-source network protocol analyzer, addresses critical crash vulnerabilities and plugin compatibility issues. This maintenance release prioritizes stability for users in troubleshooting and security analysis. Developers patched two denial-of-service vulnerabilities identified in recent…
AI-Powered Shopping Is Transforming How Consumers Buy Holiday Gifts
Artificial intelligence is emerging with a new dimension in holiday shopping for consumers, going beyond search capabilities into a more proactive role in exploration and decision-making. Rather than endlessly clicking through online shopping sites, consumers are increasingly turning to…
Online Retail Store Coupang Suffers South Korea’s Worst Data Breach, Leak Linked to Former Employee
33.7 million customer data leaked Data breach is an unfortunate attack that businesses often suffer. Failing to address these breaches is even worse as it costs businesses reputational and privacy damage. A breach at Coupang that leaked the data of…
What Cloudflare’s 2025 internet review says about attacks, outages, and traffic shifts
The internet stayed busy, brittle, and under constant pressure in 2025. Cloudflare’s annual Radar Year in Review offers a wide view of how traffic moved, where attacks clustered, and what failed when systems were stressed. Cloudflare, which operates a large…
Astra introduces offensive-grade cloud vulnerability scanner to cut noise and prove risk
Astra Security announced the launch of its Cloud Vulnerability Scanner, a new solution designed to help organizations continuously maintain validated cloud security. Cloud infrastructures change constantly as teams create new IAM roles, adjust network rules, and deploy new workloads. Quarterly…
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations. The shortcomings, discovered by Horizon3.ai and reported to the project maintainers…
PayPal closes loophole that let scammers send real emails with fake purchase notices
Scammers exploited a PayPal subscriptions feature to send legitimate emails from service@paypal.com, using fake purchase notifications to push tech support scams. This article has been indexed from Malwarebytes Read the original article: PayPal closes loophole that let scammers send real…
Circle and Aleo Roll Out USDCx With Banking-Level Privacy Features
Aleo and Circle are launching USDCx, a new, privacy-centric version of the USDC stablecoin designed to provide “banking-level” confidentiality while maintaining regulatory visibility and dollar backing. The token is launching first on Aleo’s testnet and was built using Circle’s…