Silver Spring, USA / Maryland, 26th August 2025, CyberNewsWire This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: Aembit Extends Secretless CI/CD with Credential Lifecycle Management for GitLab
Tag: EN
Beware! Fake Google Play Store Sites Used to Spread Android Malware
Cybersecurity researchers have identified a resurgence of SpyNote malware campaigns targeting Android users through sophisticated fake Google Play Store websites. The malicious actor behind these attacks has implemented new anti-analysis techniques and expanded their deceptive tactics since previous reports, demonstrating…
Data Blindness is the Silent Threat Undermining AI, Security and Operational Resilience
Data blindness is emerging as one of the biggest business risks of the AI era — without visibility, organizations can’t trust their data. The post Data Blindness is the Silent Threat Undermining AI, Security and Operational Resilience appeared first on…
New Android Hook Malware Variant Locks Devices With Ransomware
Zimperium’s research reveals the Hook Android malware is now a hybrid threat, using ransomware and spyware to steal… This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the original article: New Android…
PhpSpreadsheet Library Vulnerability Lets Attackers Inject Malicious HTML Input
A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PhpSpreadsheet library, allowing attackers to inject malicious HTML input when processing spreadsheet documents. The vulnerability, assigned CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries a high severity rating with CVSS…
CISA Alerts on Git Arbitrary File Write Flaw Actively Exploited
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical vulnerability in Git (CVE-2025-48384) that enables arbitrary file writes and has already been observed in active exploitation campaigns. The flaw arises from Git’s inconsistent handling…
Threat Actors Update Android Droppers to Remain Effective with Even Simple Malware
Threat actors are increasingly refining Android droppers to circumvent enhanced security measures, extending their utility beyond sophisticated banking trojans to simpler malware variants like SMS stealers and basic spyware. Historically, droppers served as innocuous entry points for payloads requiring elevated…
Encryption Backdoor in Military/Police Radios
I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The…
Farmers Insurance harvests bad news: 1.1M customers snared in data breach
Crims raided third-party systems and lifted personal data, including license numbers and partial SSNs US insurance giant Farmers Insurance says more than a million customers had personal data nicked after a third-party vendor was compromised.… This article has been indexed…
Docker Desktop Vulnerability Leads to Host Compromise
A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Chinese UNC6384 Hackers Use Valid Code-Signing Certificates to Evade Detection
Google Threat Intelligence Group (GTIG) has uncovered a multifaceted cyber espionage operation attributed to the PRC-nexus threat actor UNC6384, believed to be associated with TEMP.Hex (also known as Mustang Panda). This campaign, aligned with China’s strategic interests, primarily targeted diplomats…
Users of WhatsApp Desktop on Windows Face Code Execution Risk Via Python
A critical security risk has emerged for Windows users of WhatsApp Desktop who also have Python installed. Attackers can exploit a flaw in how WhatsApp Desktop handles .pyz (Python archive) files, delivering arbitrary code execution on the victim’s machine with a single…
Weaponized PuTTY Via Bing Ads Exploit Kerberos and Attack Active Directory Services
A malvertising campaign using sponsored results on Microsoft’s search platform delivered a weaponized PuTTY that established persistence, enabled hands-on keyboard control, and executed Kerberoasting to target Active Directory service accounts. According to an investigation published by LevelBlue’s MDR SOC and…
X/Twitter The Most Aggressive Social Media App Collecting Users Location Information
A comprehensive analysis of the top 10 social media platforms reveals that X (formerly Twitter) stands out as the most invasive collector of user location information, gathering both precise and coarse location data across all categories listed in Apple’s App…
AI Systems Vulnerable to Prompt Injection via Image Scaling Attack
Researchers show how popular AI systems can be tricked into processing malicious instructions by hiding them in images. The post AI Systems Vulnerable to Prompt Injection via Image Scaling Attack appeared first on SecurityWeek. This article has been indexed from…
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)
CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US Cybersecurity and Infrastructure Security Agency (CISA),…
US: Maryland Confirms Cyber Incident Affecting State Transport Systems
All previously scheduled mobility trips across Maryland for this week will be honored, said the state’s transportation administration This article has been indexed from www.infosecurity-magazine.com Read the original article: US: Maryland Confirms Cyber Incident Affecting State Transport Systems
Flutter Shuts Down Online Games In India After Legal Change
Dublin-based gaming giant ceases operations in India after passage of law that bans real-money gaming, amidst addiction concerns This article has been indexed from Silicon UK Read the original article: Flutter Shuts Down Online Games In India After Legal Change
Break Into Cybersecurity with 38 Hours of Training — Now Less Than $25 for Life
Build job-ready cybersecurity skills with 38 hours of self-paced training from this lifetime bundle. This article has been indexed from Security | TechRepublic Read the original article: Break Into Cybersecurity with 38 Hours of Training — Now Less Than $25…
U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below…