SECURITY 120

• US offers $10 million bounty for info on Russian FSB hackers Sep 3, 2025
• Google fixes actively exploited Android flaws in September update Sep 3, 2025
• Azure AD Credentials Exposed in Public App Settings File Sep 2, 2025
• Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info Sep 1, 2025
• Hidden Commands in Images Exploit AI Chatbots and Steal Data Sep 1, 2025
• WhatsApp patches vulnerability exploited in zero-day attacks Aug 29, 2025
• Velociraptor incident response tool abused for remote access Aug 27, 2025
• Nissan confirms design studio data breach claimed by Qilin ransomware Aug 25, 2025
• Hook Version 3 The Banking Trojan with The Most Advanced Capabilities Aug 25, 2025
• Critical Docker Desktop flaw lets attackers hijack Windows hosts Aug 25, 2025
• Anatsa Android Banking Trojan Now Targeting 830 Financial Apps Aug 25, 2025
• APT36 hackers abuse Linux .desktop files to install malware in new attacks Aug 22, 2025
• Hackers Weaponize QR Codes Embedded with Malicious Links to Steal Sensitive Information Aug 21, 2025
• Major password managers can leak logins in clickjacking attacks Aug 20, 2025
• New Research Links VPN Apps, Highlights Security Deficiencies Aug 19, 2025
• Legitimate Chrome VPN Extension Turns to Browser Spyware Aug 19, 2025
• Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value Targets Aug 18, 2025
• Researcher to release exploit for full auth bypass on FortiWeb Aug 16, 2025
• Critical RCE Vulnerability in Cisco Firewall Management Software Under Active Exploitation Aug 15, 2025
• PhantomCard New NFC-driven Android malware emerging in Brazil Aug 14, 2025
• North Korean Kimsuky hackers exposed in alleged data breach Aug 11, 2025
• Netherlands Citrix NetScaler Flaw CVE-2025-6543 Exploited to Breach Critical Organizations Aug 11, 2025
• Cybersecurity Firm Profero Cracks DarkBit Ransomware Encryption Aug 11, 2025
• New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP Aug 10, 2025
• Google's August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild Aug 10, 2025
• U.S. Judiciary confirms breach of court electronic records service Aug 8, 2025
• Google suffers data breach in ongoing Salesforce data theft attacks Aug 6, 2025
• SonicWall investigates possible zero-day amid Akira ransomware surge Aug 5, 2025
• Cursor IDE Persistent Code Execution via MCP Trust Bypass Aug 5, 2025
• Cisco Says User Data Stolen in CRM Hack Aug 5, 2025
• Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons Aug 4, 2025
• LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code Aug 4, 2025
• Fake Telegram Premium Site Distributes New Lumma Stealer Variant Aug 3, 2025
• Critical Vulnerability in NestJS Devtools Localhost RCE via Sandbox Escape Aug 1, 2025
• AI-powered Cursor IDE vulnerable to prompt-injection attacks Aug 1, 2025
• Dahua Camera flaws allow remote hacking. Update firmware now Jul 31, 2025
• UNC2891 Bank Heist Physical ATM Backdoor & Linux Forensic Evasion Evasion Jul 30, 2025
• ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH Jul 30, 2025
• Struts Devmode in 2025? Critical Pre-Auth Vulnerabilities in Adobe Experience Manager Forms Jul 29, 2025
• Organizations Warned of Exploited PaperCut Flaw Jul 29, 2025
• Attackers Actively Exploiting Critical Vulnerability in Alone Theme Jul 29, 2025
• ToxicPanda The Android Banking Trojan Targeting Europe Jul 28, 2025
• ToolShell An all-you-can-eat buffet for threat actors Jul 24, 2025
• US nuclear weapons agency hacked in Microsoft SharePoint attacks Jul 23, 2025
• How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance Jul 22, 2025
• Microsoft Fix Targets Attacks on SharePoint Zero-Day Jul 21, 2025
• Livewire Flaw Puts Millions of Laravel Apps at Risk of RCE Attacks Jul 21, 2025
• Four new Android spyware samples linked to Iran's intel agency Jul 21, 2025
• Dell confirms breach of test lab platform by World Leaks extortion group Jul 21, 2025
• Follow-Up Cisco Updates Advisory with Additional Maximum Severity Unauthenticated RCE in ISE and ISE-PIC (CVE-2025-20337) Jul 18, 2025
• The Linuxsys Cryptominer Jul 17, 2025
• Mobile Forensics Tool Used by Chinese Law Enforcement Dissected Jul 17, 2025
• Flaw in Signal App Clone Could Leak Passwords — GreyNoise Identifies Active Reconnaissance and Exploit Attempts Jul 17, 2025
• Tracking Protestware Spread 28 npm Packages Affected by Payload Targeting Russian-Language Users Jul 15, 2025
• Threat Actors Exploit SVG Files in Stealthy JavaScript Redirects Jul 15, 2025
• The Good, the Bad, and the Encoding An SS7 Bypass Attack Jul 14, 2025
• Google Gemini Tricked Into Showing Phishing Message Hidden in Email Jul 14, 2025
• Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader Jul 14, 2025
• Nvidia warns its GPUs – even Blackwells – need protection against Rowhammer attacks Jul 13, 2025
• Ransomware Delivered Through GitHub A PowerShell-Powered Attack Jul 10, 2025
• Fix the Click Preventing the ClickFix Attack Vector Jul 10, 2025
• AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs Jul 10, 2025
• PerfektBlue 1-click RCE attack Jul 9, 2025
• Critical RCE Vulnerability in mcp-remote CVE-2025-6514 Threatens LLM Clients Jul 9, 2025
• Attackers Inject Code into WordPress Theme to Redirect Visitors Jul 9, 2025
• Malicious pull request infects VS Code extension Jul 8, 2025
• Animation-Driven Tapjacking on Android Jul 8, 2025
• Hackers abuse leaked Shellter red team tool to deploy infostealers Jul 7, 2025
• Ingram Micro outage caused by SafePay ransomware attack Jul 5, 2025
• Critical Sudo bugs expose major Linux distros to local Root exploits Jul 4, 2025
• Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones Jul 2, 2025
• Okta observes v0 AI tool used to build phishing sites Jul 1, 2025
• Critical ICS vulnerabilities threaten Mitsubishi Electric and TrendMakers hardware across commercial facilities Jun 27, 2025
• Zero-day Bluetooth gap turns millions of headphones into listening stations Jun 26, 2025
• Taking the shine off BreachForums Jun 26, 2025
• Supply Chain Incident Imperils Glasgow Council Services and Data Jun 26, 2025
• Gogs Remote Command Execution Vulnerability (CVE-2024-56731) Jun 26, 2025
• Decrement by one to rule them all AsIO3.sys driver exploitation Jun 26, 2025
• Cisco ISE Vulnerability Allows Remote Attackers to Execute Malicious Commands Jun 26, 2025
• Realtek Bluetooth Flaw Allows Attackers to Launch DoS Attacks During Pairing Jun 25, 2025
• Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack Jun 24, 2025
• Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector Jun 24, 2025
• SparkKitty, SparkCat’s little brother A new Trojan spy found in the App Store and Google Play Jun 23, 2025
• Threat actor Banana Squad exploits GitHub repos in new campaign Jun 18, 2025
• Famous Chollima deploying Python version of GolangGhost RAT Jun 18, 2025
• Washington Post's email system hacked, journalists' accounts compromised Jun 16, 2025
• VMOSX Data Leak Info of Thousands of Mac Cloud Users Potentially Exposed Online Jun 16, 2025
• Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus Jun 16, 2025
• Kali Linux 2025.2 released with 13 new tools, car hacking updates Jun 16, 2025
• Paraguay is Being Targeted by Cybercriminals - 7.4 Million Citizen Records for Sale Jun 13, 2025
• Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction Jun 12, 2025
• New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches Jun 12, 2025
• Inside FluxPanel How Phishing Enables Real-Time Ecommerce Checkout Hijacks Jun 12, 2025
• Don't Get Caught in the Headlights - DeerStealer Analysis Jun 12, 2025
• Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited Jun 11, 2025
• NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073 Jun 11, 2025
• Attackers Unleash TeamFiltration Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool Jun 11, 2025
• The Evolution of Linux Binaries in Targeted Cloud Operations Jun 10, 2025
• Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603) Jun 10, 2025
• Flask Phishing Kit Targeted Credential Theft Using Open-Source Technology Jun 10, 2025
• Coordinated Brute Force Activity Targeting Apache Tomcat Manager Indicates Possible Upcoming Threats Jun 10, 2025
• iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals Jun 9, 2025
• Two Botnets, One Flaw Mirai Spreads Through Wazuh Vulnerability Jun 9, 2025
• Sleep with one eye open how Librarian Ghouls steal data by night Jun 9, 2025
• PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites Jun 9, 2025
• Grocery wholesale giant United Natural Foods hit by cyberattack Jun 9, 2025
• Operation DRAGONCLONE Chinese Telecommunication industry targeted via VELETRIX & VShell malware Jun 6, 2025
• Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721 Jun 6, 2025
• Unmasking Insecure HTTP Data Leaks in Popular Chrome Extensions Jun 5, 2025
• ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware Jun 5, 2025
• Android Spyware Alert! Fake government app targeting Android users in India! Jun 5, 2025
• Fake WordPress Caching Plugin Used to Steal Admin Credentials Jun 4, 2025
• Criminals Bribed Outsourced Contractors to Steal Coinbase User Data Jun 4, 2025
• Victims risk AsyncRAT infection after being redirected to fake Booking.com sites Jun 2, 2025
• Qualcomm fixes three Adreno GPU zero-days exploited in attacks Jun 2, 2025
• XSSing TypeErrors in Safari May 30, 2025
• Zanubis in motion Tracing the active evolution of the Android banking malware May 28, 2025
• MATLAB dev confirms ransomware attack behind service outage May 27, 2025
• DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers May 27, 2025
• Bypassing MTE with CVE-2025-0072 May 23, 2025