China-based threat actors exploited ToolShell SharePoint flaw CVE-2025-53770 soon after its July patch. China-linked threat actors exploited the ToolShell SharePoint flaw vulnerability, tracked as CVE-2025-53770, to breach a telecommunications company in the Middle East after it was addressed by Microsoft in…
Tag: EN
Amazon Shows Prototype Smart Glasses For Delivery Drivers
Amazon shows prototype smart glasses that it says can reduce delivery times by up to 30 minutes over an eight- to 10-hour shift This article has been indexed from Silicon UK Read the original article: Amazon Shows Prototype Smart Glasses…
Huawei HarmonyOS 6 Adds AirDrop-Like Transfers To iPhones
Updated HarmonyOS 6 can now perform short-range file transfers to and from Apple iPhone devices, says China’s Huawei This article has been indexed from Silicon UK Read the original article: Huawei HarmonyOS 6 Adds AirDrop-Like Transfers To iPhones
Apple’s Giant Foldable iPad Faces Tech Delays
Apple faces technical hurdles in developing 18-inch foldable iPad, as it seeks to join address growing foldables market This article has been indexed from Silicon UK Read the original article: Apple’s Giant Foldable iPad Faces Tech Delays
Apple Loses UK Class-Action Lawsuit Over App Store Fees
London competition tribunal finds Apple abused market power to charge ‘excessive and unfair’ App Store developer fees This article has been indexed from Silicon UK Read the original article: Apple Loses UK Class-Action Lawsuit Over App Store Fees
Ransomware Actors Targeting Global Public Sectors and Critical Infrastructure
The public sector faces an unprecedented cybersecurity crisis as ransomware actors intensify their assault on government entities worldwide. According to Trustwave’s SpiderLabs research team, nearly 200 public sector organizations have been struck with ransomware in 2025 alone, with Babuk and…
HP OneAgent Update Brokes Trust And Disconnect Devices From Entra ID
The HP OneAgent software update has disconnected Windows devices from Microsoft Entra ID. As a result, users can no longer access their corporate identities. Version 1.2.50.9581 of the agent, pushed silently to HP’s Next Gen AI systems like the EliteBook…
New Fileless Remcos Attacks Bypassing EDRs Malicious Code into RMClient
Remcos, a commercial remote access tool marketed as legitimate surveillance software, has become the leading infostealer in malware campaigns during the third quarter of 2025, accounting for approximately 11 percent of detected cases. In a notable shift from traditional deployment…
Toys “R” Us Canada Confirms Data Breach – Customers Personal Data Stolen
Toys “R” Us Canada has alerted customers to a significant data breach that potentially exposed their personal information, marking another blow to consumer trust in retail data security. In emails dispatched to affected individuals this morning, the popular toy retailer…
Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability
Microsoft has rolled out an out-of-band emergency patch for a remote code execution (RCE) vulnerability affecting the Windows Server Update Services (WSUS). Identified as CVE-2025-59287, the issue stems from the deserialization of untrusted data in a legacy serialization mechanism, allowing…
Shield AI shows off not-at-all-terrifying autonomous VTOL combat drone
Runways? Where we’re going, we don’t need runways US defense technology biz Shield AI claims it can build a jet-powered vertical take-off and landing (VTOL) autonomous fighter drone that doesn’t need a runway to operate.… This article has been indexed…
Microsoft Releases Urgent Fix for Windows Server Update Services RCE FLaw
Microsoft has released a critical security patch to address a severe remote code execution vulnerability affecting Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses an immediate threat to organizations managing Windows updates across their infrastructure. Attribute Details…
Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta
Questions have been raised over the technical viability of the purported WhatsApp exploit, but the researcher says he wants to keep his identity private. The post Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta appeared first on SecurityWeek. This…
Malicious NuGet Packages Pose as Nethereum, Steal Crypto Wallet Keys
Socket’s Threat Research Team has uncovered a sophisticated supply chain attack targeting cryptocurrency developers through the NuGet package registry. The malicious packages, which exfiltrate sensitive wallet data including private keys and mnemonics, highlight a critical vulnerability in package registry security…
Toys “R” Us Canada Data Breach Exposes Customer Personal Information
Toys “R” Us Canada has alerted its customers to a significant data breach that may have compromised personal information. The company sent notification emails to affected customers on Thursday morning, confirming that unauthorized access to their databases occurred. According to…
SharkStealer Using EtherHiding Pattern to Resolves Communications With C2 Channels
A sophisticated information-stealing malware written in Golang has emerged, leveraging blockchain technology to establish covert command-and-control channels. SharkStealer represents a significant evolution in malware design, utilizing the BNB Smart Chain Testnet as a resilient dead-drop resolver for its C2 infrastructure.…
New PDF Tool to Detect Malicious PDF Using PDF Object Hashing Technique
A new open-source tool called PDF Object Hashing is designed to detect malicious PDFs by analyzing their structural “fingerprints.” Released by Proofpoint, the tool empowers security teams to create robust threat detection rules based on unique object characteristics in PDF…
Threat Actors Attacking Azure Blob Storage to Compromise Organizational Repositories
Cybersecurity researchers have identified a sophisticated campaign where threat actors are leveraging compromised credentials to infiltrate Azure Blob Storage containers, targeting organizations’ critical code repositories and sensitive data. This emerging threat exploits misconfigured storage access controls to establish persistence and…
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack
Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed…
Microsoft Boosts Windows Security by Disabling File Previews for Downloads
Microsoft has rolled out a significant security enhancement to Windows File Explorer, automatically disabling the preview pane for files downloaded from the internet as part of security updates released on and after October 14, 2025. This proactive measure targets a…