A severe vulnerability in the popular AI-powered code editor Cursor IDE, dubbed “CurXecute,” allows attackers to execute arbitrary code on developers’ machines without any user interaction. The vulnerability, tracked as CVE-2025-54135 with a high severity score of 8.6, affects all…
Tag: EN
Millions of age checks performed as UK Online Safey Act gets rolling
But its ok claims Brit government, no personal data stored ‘unless absolutely necessary’ The UK government has reported that an additional five million age checks are being made daily as UK-based internet users seek to access age-restricted sites following the…
Several Vulnerabilities Patched in AI Code Editor Cursor
Attackers could silently modify sensitive MCP files to trigger the execution of arbitrary code without requiring user approval. The post Several Vulnerabilities Patched in AI Code Editor Cursor appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Pwn2Own Offers $1m for Zero-Click WhatsApp Exploit
The Pwn2Own competition is offering a $1m reward to any teams able to unearth a WhatsApp code execution exploit This article has been indexed from www.infosecurity-magazine.com Read the original article: Pwn2Own Offers $1m for Zero-Click WhatsApp Exploit
New Phishing campaign hides malicious links in Proofpoint and Intermedia link wrappers
Phishing attacks are evolving constantly as threat actors discover new ways to attack Internet users and steal passwords and other sensitive data. One common strategy is to use legitimate services, for instance […] Thank you for being a Ghacks reader.…
Vulnerabilities in Government-Linked Partner Software Allow Remote Code Attacks
Multiple serious security vulnerabilities have been discovered in Partner Software and Partner Web applications widely used by government agencies and contractors, potentially exposing sensitive systems to remote code execution attacks and data breaches. The vulnerabilities, tracked as CVE-2025-6076, CVE-2025-6077, and…
Nation-state group CL-STA-0969 targeted Southeast Asian telecoms in 2024
State-backed group CL-STA-0969 hit Southeast Asian telecoms in 2024, targeting critical infrastructure, says Palo Alto Networks’ Unit 42. Palo Alto Networks reported that a nation-state actor, tracked as CL-STA-0969, targeted telecom firms in Southeast Asia, with attacks on critical infrastructure…
Lovense flaws expose emails and allow account takeover
Lovense fixed bugs exposing emails and allowing account takeovers. Company CEO may take legal action after the flaws were publicly disclosed. Lovense, a manufacturer of internet-connected sex toys, fixed two vulnerabilities that exposed users’ emails and allowed remote account takeovers.…
Every Reason Why I Hate AI and You Should Too
maybe it’s anti-innovation, maybe it’s just avoiding hype. But one thing is clear, I’m completely done with hearing about AI. This article has been indexed from MalwareTech Read the original article: Every Reason Why I Hate AI and You Should…
Gene Sequencing Giant Illumina Settles for $9.8M Over Product Vulnerabilities
Illumina will pay $9.8 million to settle accusations that products provided to the US government were affected by cybersecurity flaws. The post Gene Sequencing Giant Illumina Settles for $9.8M Over Product Vulnerabilities appeared first on SecurityWeek. This article has been…
Drone Leader DJI Launches First 360-Degree Camera
Leading drone maker DJI expands into fast-growing 360-degree camera market to compete with Insta360, as it faces US hostility This article has been indexed from Silicon UK Read the original article: Drone Leader DJI Launches First 360-Degree Camera
China’s ‘Instant Commerce’ Companies Call Truce On Price War
Alibaba, JD.com, Meituan say they will abide market regulator’s call for ‘rational’ competition after months of promotional excess This article has been indexed from Silicon UK Read the original article: China’s ‘Instant Commerce’ Companies Call Truce On Price War
APT37 Hackers Weaponizes JPEG Files to Attack Windows Systems Leveraging “mspaint.exe”
A sophisticated new wave of cyberattacks attributed to North Korea’s notorious APT37 (Reaper) group is leveraging advanced malware hidden within JPEG image files to compromise Microsoft Windows systems, signaling a dangerous evolution in evasion tactics and fileless attack techniques. Security…
Interlock Ransomware Employs ClickFix Technique to Run Malicious Commands on Windows Machines
The cybersecurity landscape continues to evolve as threat actors develop increasingly sophisticated methods to compromise Windows systems. A new ransomware variant known as Interlock has emerged as a significant threat, leveraging the deceptive ClickFix social engineering technique to execute malicious…
Microsoft PlayReady DRM Used by Netflix, Amazon, and Disney+ Leaked Online
A significant security breach has compromised Microsoft’s PlayReady Digital Rights Management (DRM) system, exposing critical certificates that protect premium streaming content across major platforms including Netflix, Amazon Prime Video, and Disney+. The leak, which surfaced on GitHub through an account…
A week in security (July 28 – August 3)
A list of topics we covered in the week of July 28 to August 3 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (July 28 – August 3)
Augmented Empathy: Head-to-Head Interview
In today’s competitive landscape, delivering exceptional customer experiences (CX) means going beyond efficiency and convenience—it means connecting with customers on a deeply human level. Artificial Intelligence is no longer just an automation tool; it’s becoming a co-pilot for empathy, enabling…
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads
Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. “The botnet’s rapid growth, which now exceeds 2,000 new infections…
#BHUSA: Cloud Intrusions Skyrocket in 2025
CrowdStrike revealed the surge in cloud intrusions was partly driven by a 40% increase in Chinese-state actors exploiting these environments This article has been indexed from www.infosecurity-magazine.com Read the original article: #BHUSA: Cloud Intrusions Skyrocket in 2025
Akira’s SonicWall zero-day, UK Legal-Aid suffers, Luxembourg 5G attack
Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface…