-
Google has released critical security patches addressing two high-severity zero-day vulnerabilities in Android that are currently being exploited in limited, targeted attacks. The vulnerabilities, disclosed in the December 2025 Android Security Bulleti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new security flaw has been found in Apache Struts, a popular open‑source web application framework used by many companies worldwide. The issue, tracked as CVE‑2025‑64775, could allow attackers to fill a server’s disk space, causing it to stop working…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security threats rarely adhere to holiday schedules, and while developers may take time off, malicious actors are working overtime. A significant new wave of software supply chain attacks has been identified targeting the Microsoft Visual Studio Market…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI’s Codex CLI, a command-line tool designed to bring AI-powered reasoning into developer workflows, contains a critical vulnerability that allows attackers to execute arbitrary commands on developer machines without any user interaction or a…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Koi researchers have uncovered a seven-year browser extension operation that has silently compromised at least 4.3 million Chrome and Edge users worldwide. The threat actor, dubbed ShadyPanda, systematically abused browser marketplaces to turn seemingl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
South Korean e-commerce giant Coupang has admitted to a significant data breach that exposed the personal information of about 33.7 million customers. This figure is close to the company’s entire user base, making it one of the most significant known d…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a significant decision that will affect millions of mobile phone users, the Indian government has ordered all smartphone companies to install a specific security app on every new device sold in the country. The Department of Telecommunications (DoT)…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
India’s Department of Telecommunications (DoT) has ordered smartphone manufacturers to preload a government-backed cybersecurity app, “Sanchar Saathi,” on all new devices sold in the country. The order, issued privately on November 28, 2025, gives major players like Apple, Samsung, Xiaomi, Vivo, and Oppo 90 days to comply, requiring the “Sanchar Saathi” app to be installed […] The post India Mandates ‘Undeletable’ Government Cybersecurity App for All Smartphones appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A malicious Visual Studio Code extension posing as the popular “Material Icon Theme” has been used to attack Windows and macOS users, turning the add-on into a hidden backdoor. The fake extension shipped through the marketplace with backdoored files, giving the attackers a direct path into developer workstations once it was installed. After installation, the […] The post Malicious VS Code Extension as Icon Theme Attacking Windows and macOS Users appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Advanced steganography techniques are becoming increasingly central to state-sponsored cyber operations. Recent analysis has exposed two Chinese technology companies, BIETA and CIII, that allegedly provide sophisticated steganography solutions to support advanced persistent threat campaigns. These organizations operate as front companies linked to China’s Ministry of State Security, playing a critical role in modernizing the country’s […] The post Chinese Front Companies Providing Advanced Steganography Solutions for APT Operations appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
