KnowBe4 claims the new Quantum Route Redirect kit is supercharging phishing attacks on Microsoft365 users This article has been indexed from www.infosecurity-magazine.com Read the original article: Quantum Route Redirect Phishing Kit Democratizes Cyber-Attacks
Tag: EN
EU Said To Consider Forced Huawei Ban
European Commission reportedly considering methods to force member states to phase out China’s Huawei and ZTE from mobile and fixed networks This article has been indexed from Silicon UK Read the original article: EU Said To Consider Forced Huawei Ban
Apple Said To Delay iPhone Air Upgrade Amid Weak Demand
Apple reportedly delays update to iPhone Air planned for next year after thin, light model sees weak demand This article has been indexed from Silicon UK Read the original article: Apple Said To Delay iPhone Air Upgrade Amid Weak Demand
WatchGuard Firebox Flaw Allows Attackers to Gain Unauthorized SSH Access
A security vulnerability has been discovered in WatchGuard Firebox devices that could allow attackers to bypass authentication mechanisms and gain unauthorized SSH access to affected systems. Tracked as CVE-2025-59396, this flaw poses a significant threat to organizations that rely on…
U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung mobile devices flaw, tracked as CVE-2025-21042 (CVSS score of 8.8), to its Known…
Zoom Vulnerabilities Let Attackers Bypass Access Controls to Access Session Data
Zoom has issued multiple security bulletins detailing patches for several vulnerabilities affecting its Workplace applications. The disclosures, published today, highlight two high-severity issues alongside medium-rated flaws, underscoring the ongoing challenges in securing video conferencing tools used by millions in hybrid…
AI Agents Rewriting Fraud Rules
The New Fraud Frontier: How AI Agents Are Rewriting the Rules Pop quiz: What percentage of your traffic is from agentic AI? If you answered “I don’t know,” you are not alone – and you’re sitting on a major blind…
Hackers Exploiting Triofox 0-Day Vulnerability to Execute Malicious Payload Abusing Anti-Virus Feature
Google Mandiant has disclosed active exploitation of CVE-2025-12480, a critical unauthenticated access vulnerability in Gladinet’s Triofox file-sharing platform. The threat cluster tracked as UNC6485 has been weaponizing this flaw since August 2025 to gain unauthorized administrative access and establish persistent remote control over…
SAP Security Update – Patch for Critical Vulnerabilities Allowing Code Execution and Injection Attacks
SAP released its monthly Security Patch Day updates, addressing 18 new security notes and providing two updates to existing ones, focusing on vulnerabilities that could enable remote code execution and various injection attacks across its product ecosystem. These patches are…
China Resumes Export Of Nexperia Chips
China allows export of chips for ‘civilian use’ to resume, amid ongoing row with Netherlands over control of semiconductor maker Nexperia This article has been indexed from Silicon UK Read the original article: China Resumes Export Of Nexperia Chips
EU Proposes Stripping Back Privacy Rules To Boost AI
European Commission to propose cutting red tape around privacy to ease tech firms’ use of personal data for AI training This article has been indexed from Silicon UK Read the original article: EU Proposes Stripping Back Privacy Rules To Boost…
Critical Triofox bug exploited to run malicious payloads via AV configuration
Hackers exploited Triofox flaw CVE-2025-12480 to bypass auth and install remote access tools via the platform’s antivirus feature. Google’s Mandiant researchers spotted threat actors exploiting a now-patched Triofox flaw, tracked as CVE-2025-12480 (CVSS score of 9.1) that allows them to…
Firewalla unveils MSP 2.9 to simplify multi-device network management
Firewalla has announced the release of MSP 2.9, the latest update to its Managed Security Portal (MSP). The update is now available to all MSP Early Access users. Firewalla MSP is a web-based platform designed for security and infosec professionals…
Reauthorizing CISA, Electric bus kill switches, GDPR for AI
CISA reauthorization Denmark and Norway investigating electric bus “kill switches” European Commission looking to simplify privacy laws for AI Huge thanks to our sponsor, Vanta What’s your 2 AM security worry? Is it “Do I have the right controls…
Researchers Expose Deep Connections Between Maverick and Coyote Banking Malware
Security researchers at CyberProof have uncovered critical connections between two sophisticated banking trojans Maverick and Coyote that are actively targeting Brazilian users through WhatsApp. The discovery came after investigating a suspicious file download incident flagged through the messaging platform, leading…
Beware of Security Alert-Themed Malicious Emails that Steal Your Email Logins
A sophisticated phishing campaign is currently targeting email users with deceptive security alert notifications that appear to originate from their own organization’s domain. The phishing emails are crafted to resemble legitimate security notifications from email delivery systems. These messages inform…
65% of Top AI Firms Found Exposing Verified API Keys and Tokens on GitHub
A comprehensive security analysis has uncovered a troubling reality: 65% of leading AI companies have leaked verified secrets on GitHub, exposing critical API keys, authentication tokens, and sensitive credentials that could compromise their entire organizations. Researchers examined 50 prominent AI…
Danabot Malware Reemerges with Version 669 After Operation Endgame
The notorious Danabot banking malware has made a comeback with the release of version 669, marking a significant return after nearly six months of silence following the coordinated law enforcement takedown known as Operation Endgame in May 2025. The resurgence…
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in…
Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware
A sophisticated wave of ransomware attacks targeting UK organizations has emerged in 2025, exploiting vulnerabilities in the widely-used SimpleHelp Remote Monitoring and Management platform. Two prominent ransomware groups, Medusa and DragonForce, have weaponized three critical vulnerabilities (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728)…