Currently, in order to provide basic DDoS protection and filter aggressive bots, some form of Content Delivery Network (CDN) is usually the simplest and most cost-effective way to protect a web application. In a typical setup, DNS is used to…
Tag: EN
‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted
Kohler, the makers of a smart toilet camera, can access customers’ data stored on its servers, and can use customers’ bowl pictures to train AI. This article has been indexed from Security News | TechCrunch Read the original article: ‘End-to-end…
University of Pennsylvania and University of Phoenix disclose data breaches
The University of Pennsylvania and the University of Phoenix confirm they were hit in the Oracle E-Business Suite hacking campaign. The University of Pennsylvania (Penn) and the University of Phoenix confirmed they were hit in the recent cyberattack targeting Oracle…
India’s New SIM-Binding Rule for WhatsApp, Signal, Telegram and Other Messaging Platforms
India has implemented a mandatory SIM-binding requirement for messaging applications, including WhatsApp, Telegram, Signal, Snapchat, and others. The Department of Telecommunications issued a directive on November 28 requiring all app-based communication services to ensure that users maintain an active SIM…
After intense backlash, India pulls mandate to preinstall government app on smartphones
On Wednesday, the Indian telecom ministry said Sanchar Saathi, an anti-theft and cybersecurity protection app, would remain voluntary, and that smartphone makers would no longer be required to preload it on devices they sell. This article has been indexed from…
Fintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attack
Marquis said ransomware hackers stole reams of banking customer data, containing personal information and financial records, as well as Social Security numbers, belonging to hundreds of thousands of people. The number of affected people is expected to rise. This article…
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. It allows “unauthenticated remote code execution by…
Hackers Can Weaponize Claude Skills to Execute MedusaLocker Ransomware Attack
A new feature in Anthropic’s Claude AI, known as Claude Skills, has been identified as a potential vector for ransomware attacks. This feature, designed to extend the AI’s capabilities through custom code modules, can be manipulated to deploy malware like…
Longwatch RCE Vulnerability Let Attackers Execute Remote Code With Elevated Privileges
A critical security vulnerability has been discovered in Industrial Video & Control’s Longwatch video surveillance system, allowing attackers to execute malicious code with elevated privileges remotely. The flaw, tracked as CVE-2025-13658, affects Longwatch versions 6.309 through 6.334 and has received a…
Fake ChatGPT Atlas Browser Used in ClickFix Attack to Steal Passwords
Cybersecurity researchers have uncovered a critical ChatGPT Atlas browser attack, confirming the danger of the ongoing surge in the ClickFix threat. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read the…
The Vault or the Vulnerability? Why Your Password Manager Might Be the New Cyber Risk
For years, the cybersecurity community has fought the scourge of weak, reused passwords. The solution, which was overwhelmingly adopted by both businesses and consumers, was the password manager (PM). These tools moved us from flimsy ‘123456’ credentials to unique, 30-character…
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle. Over the last few years,…
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company’s November 2025 Patch Tuesday updates, according to ACROS Security’s 0patch. The vulnerability in question is CVE-2025-9491 (CVSS score:…
Attackers Actively Exploiting Critical Vulnerability in Sneeit Framework Plugin
On June 10th, 2025, we received a submission for a Remote Code Execution vulnerability in Sneeit Framework, a WordPress plugin with an estimated 1,700 active installations. The plugin is bundled in multiple premium themes. This vulnerability can be leveraged to…
Microsoft Confirms Windows 11 25H2 UI Features Broken also Along With 24H2 Following Update
Microsoft has acknowledged a significant issue affecting Windows 11 versions 24H2 and 25H2. Where critical user interface components break following the installation of monthly cumulative updates released on or after July 2025. The problem impacts XAML-dependent modern applications, including core…
Examining the Risk of AI-Assisted MedusaLocker Ransomware Attacks
Researchers at Cato CTRL have demonstrated that the feature, designed to streamline AI workflows, can be easily weaponized to deploy MedusaLocker ransomware without the user’s knowledge. A new cybersecurity investigation has revealed a critical oversight in Anthropic’s rapidly growing “Claude…
CISA Issues Alert on Actively Exploited Android Zero-Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild and prompting immediate action from organizations and device users worldwide. The vulnerabilities CVE-2025-48572…
Hackers Exploit Critical Yearn Finance’s yETH Pool Vulnerability to Steal $9 Million in Ethereum
The decentralized finance sector witnessed a devastating breach targeting Yearn Finance’s yETH pool, resulting in the theft of approximately $9 million on November 30, 2025. The attacker executed a highly sophisticated exploit, minting an astronomical 235 septillion yETH tokens while…
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant…
French NGO Reporters Without Borders Targeted by Star Blizzard
A fresh wave of spear-phishing linked to the Russia-based Star Blizzard group has been detected by Sekoia This article has been indexed from www.infosecurity-magazine.com Read the original article: French NGO Reporters Without Borders Targeted by Star Blizzard