Apple has patched a serious vulnerability (CVE-2025-43400) in how devices handle fonts. This article has been indexed from Malwarebytes Read the original article: Apple fixes critical font processing bug. Update now!
Tag: EN
Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247)
Western Digital has fixed a critical remote code execution vulnerability (CVE-2025-30247) in the firmware powering its My Cloud network-attached storage (NAS) devices, and has urged users to upgrade as soon as possible. About CVE-2025-30247 Western Digital’s My Cloud devices are…
CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent alert for system administrators and IT teams worldwide. Researchers have confirmed that attackers are actively exploiting a serious vulnerability in the sudo utility used on many Linux and Unix systems. This…
Apple Updates iOS and macOS to Prevent Malicious Font Attacks
The vulnerability could lead to a denial-of-service condition or memory corruption when a malicious font is processed. The post Apple Updates iOS and macOS to Prevent Malicious Font Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Webinar Today: AI and the Trust Dilemma: Balancing Innovation and Risk
Webinar: How do you embrace AI’s potential while defending against its threats? The post Webinar Today: AI and the Trust Dilemma: Balancing Innovation and Risk appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Ivanti upgrades Connect Secure with hardened system and gateway improvements
Ivanti released Ivanti Connect Secure (ICS) version 25.X. The update includes a modernized enterprise-grade OS, platform hardening, and gateway enhancements designed to reduce vulnerabilities, shrink attack surfaces, and improve resilience. Enterprise security is central to Connect Secure 25.X. Many legacy…
Phantom Taurus: 新たな中華系Nexus APTとNET-STARマルウェア スイートの発見
「Phantom Taurus」は、これまで活動が報告されていなかった中国の脅威グループです。本稿では、このグループが使用する特徴的なツールセットが、いかにしてその存在の発見につながったのかを解説します。 The post Phantom Taurus: 新たな中華系Nexus APTとNET-STARマルウェア スイートの発見 appeared first on Unit 42. This article has been indexed from Unit 42 Read the original article: Phantom Taurus: 新たな中華系Nexus APTとNET-STARマルウェア スイートの発見
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
Phantom Taurus is a previously undocumented Chinese threat group. Explore how this group’s distinctive toolset lead to uncovering their existence. The post Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite appeared first on…
Researchers Publish Technical Analysis of Linux Sudo Privilege Escalation
A team of security researchers has released an in-depth technical report on CVE-2025-32463, a critical local privilege escalation flaw in the widely used Linux sudo utility. The vulnerability, which affects sudo versions 1.9.14 through 1.9.17, allows a local attacker with…
Britain’s policing minister punts facial recog nationwide
Met’s Croydon cameras hailed as a triumph, guidance to be published later this year The government is to encourage police forces across England and Wales to adopt live facial recognition (LFR) technology, with a minister praising its use by the…
Legit’s Command Center tracks AI code, models, and MCP server usage across the SDLC
Legit Security has updated its AI Security Command Center. As vibe coding and AI-first development reshape how software is built, the Command Center offers visibility into when, where, and how AI-generated code, AI models, and MCP servers are used across…
New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly. Dutch mobile security company ThreatFabric said it discovered the campaign in August…
Microsoft Flags AI Phishing Attack Hiding in SVG Files
Microsoft Threat Intelligence detected a new AI-powered phishing campaign using LLMs to hide malicious code inside SVG files disguised as business dashboards. This article has been indexed from Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto Read the…
U.S. CISA adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva…
£5.5B Bitcoin fraudster pleads guilty after years on the run
Zhimin Qian recruited takeaway worker to launder funds through property overseas London’s Metropolitan Police has secured a “landmark conviction” following a record-busting Bitcoin seizure and seven-year investigation.… This article has been indexed from The Register – Security Read the original…
Cyberattack on Beer Giant Asahi Disrupts Production
The incident has resulted in a system failure that impacted orders and shipments in Japan, and call center operations. The post Cyberattack on Beer Giant Asahi Disrupts Production appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Asahi Suspends Operations in Japan After Cyber-Attack
Japanese brewery giant Asahi revealed that a cyber-attack had caused a “system failure”, with order and shipment operations suspended in Japan This article has been indexed from www.infosecurity-magazine.com Read the original article: Asahi Suspends Operations in Japan After Cyber-Attack
Threat Actors Exploiting MS-SQL Servers to Deploy XiebroC2 Framework
A surge in attacks targeting improperly managed MS-SQL servers, culminating in the deployment of the open-source XiebroC2 command-and-control (C2) framework. Similar in functionality to legitimate tools like Cobalt Strike, XiebroC2 offers capabilities for information gathering, remote control, and defense evasion,…
When ‘Oprah’ Smished Me: Smishing and AI-Driven Phishing Risks
An “Oprah” smishing scam shows how AI makes phishing smarter. Learn how to spot, stop, and protect yourself from evolving mobile threats. The post When ‘Oprah’ Smished Me: Smishing and AI-Driven Phishing Risks appeared first on eSecurity Planet. This article…
Fake Postmark MCP Server Silently Stole Thousands of Emails With a Single Line of Malicious Code
A malicious npm package masquerading as the official Postmark MCP Server has been exfiltrating user emails to an external server. This fake “postmark-mcp” module, available on npm from versions 1.0.0 through 1.0.15, built trust over 15 incremental releases before dropping…