A critical zero-day vulnerability in Gogs, a widely used self-hosted Git service, is currently being exploited in the wild. Designated as CVE-2025-8110, this flaw allows authenticated users to execute a symlink bypass, leading to Remote Code Execution (RCE). As of…
Tag: EN
New ‘DroidLock’ Android Malware Locks Users Out, Spies via Front Camera
Zimperium zLabs reveals DroidLock, a new Android malware acting like ransomware that can hijack Android devices, steal credentials via phishing, and stream your screen via VNC. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and…
Beyond the SBOM: What CISOs should know about CBOMs and HBOMs
<p>Heartbleed, SolarWinds and Log4j — the stuff of CISOs’ nightmares. As cybersecurity leaders know all too well, these historic, high-profile security breaches revealed massive weaknesses in supply chain security.</p> <p>Rising <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-create-a-third-party-risk-management-policy”>awareness of third-party risk</a> has led to a surge…
Ivanti Flags Critical Endpoint Manager Flaw Allowing Remote Code Execution
Ivanti is urging customers to quickly patch a critical vulnerability in its Endpoint Manager (EPM) product that could let remote attackers execute arbitrary JavaScript in administrator sessions through low-complexity cross-site scripting (XSS) attacks.The issue, tracked as CVE-2025-10573, affects the…
December Patch Tuesday Brings Critical Microsoft, Notepad++, Fortinet, and Ivanti Security Fixes
While December’s Patch Tuesday gave us a lighter release than normal, it arrived with several urgent vulnerabilities that need attention immediately. In all, Microsoft released 57 CVE patches to finish out 2025, including one flaw already under active exploitation…
Infinity Global Services’ Cyber Park World Championship Crowns Its First Global Winners
Check Point’s Infinity Global Services (IGS) recently concluded its first ever Cyber Park World Championship, a global competition designed to challenge and inspire the next generation of cyber defenders. In partnership with CheckMates, Check Point’s community of cyber security professionals,…
Former Accenture Employee Charged Over Cybersecurity Fraud
Danielle Hillmer allegedly concealed the fact that her employer’s cloud platform did not meet DoD requirements. The post Former Accenture Employee Charged Over Cybersecurity Fraud appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
Road Town, British Virgin Islands, 11th December 2025, CyberNewsWire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI, and More Read the original article: 1inch Named Exclusive Swap Provider at Launch for Ledger Multisig
Security flaws in Freedom Chat app exposed users’ phone numbers and PINs
The founder of Freedom Chat said the company has reset user PINs and released a new version to app stores. This article has been indexed from Security News | TechCrunch Read the original article: Security flaws in Freedom Chat app…
Malwarebytes for Mac now has smarter, deeper scans
Say hello to the upgraded Malwarebytes for Mac, with stronger protection and more control. This article has been indexed from Malwarebytes Read the original article: Malwarebytes for Mac now has smarter, deeper scans
MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations
Eleven companies took part in the evaluations and several have boasted 100% detection and coverage rates. The post MITRE Posts Results of 2025 ATT&CK Enterprise Evaluations appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Beyond Cargo Audit: Securing Your Rust Crates in Container Images
Container image scanning has come a long way over the years, but it still comes with its own set of, often unique, challenges. One of these being the difficulty in analyzing images for vulnerabilities when they contain a Rust payload.…
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes. According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed…
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit — and 20 More Stories
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing…
Critical Vulnerability in Multiple India-Based CCTV Cameras Let Attackers Video and Account Credentials
A severe security vulnerability affecting multiple India-based CCTV camera manufacturers has been disclosed. Potentially allowing attackers to access video feeds and steal account credentials without authentication. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on December 9,…
New “SOAPwn” .NET Vulnerabilities Expose Barracuda, Ivanti and Microsoft Appliances to RCE Attack
New research into legacy .NET Framework SOAP client code has uncovered “SOAPwn,” a class of vulnerabilities. That can be weaponized for remote code execution (RCE) across multiple enterprise products. Including Barracuda Service Center RMM, Ivanti Endpoint Manager, Umbraco CMS 8,…
Hackers Leveraging LLM Shared Chats to Steal Your Passwords and Crypto
A new malware campaign has emerged that exploits legitimate AI platforms to deliver malicious code directly to unsuspecting users. Threat actors are using sponsored Google search results to redirect users searching for common macOS troubleshooting tips, such as “how to…
Charming Kitten Leak Exposes Key Personnel, Front Companies, and Thousands of Compromised Systems
Fresh leaks from the Iranian state‑backed group Charming Kitten, also tracked as APT35, have exposed key personnel, front companies, and thousands of compromised systems spread across five continents. The internal files show that Iran’s Department 40, within the IRGC Intelligence…
Researcher claims Salt Typhoon spies attended Cisco training scheme
Skills gained later fed Beijing’s cyber operations, according to SentinelLabs expert A security researcher specializing in tracking China threats claims two of Salt Typhoon’s members were former attendees of a training scheme run by Cisco.… This article has been indexed…
UK Cyber Agency says AI Prompt-injection Attacks May Persist for Years
The United Kingdom’s National Cyber Security Centre has issued a strong warning about a spreading weakness in artificial intelligence systems, stating that prompt-injection attacks may never be fully solved. The agency explained that this risk is tied to the…