-
Meta announced innovative tools on Tuesday to shield users of Messenger and WhatsApp from scammers. The updates, revealed during Cybersecurity Awareness Month, aim to detect suspicious activity in real-time and empower users with better account protections. This comes as scammers increasingly target vulnerable groups, including older adults, through messaging apps and social platforms. Since the […] The post Meta Launches New Tools to Protect Messenger and WhatsApp Users from Scammers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert about a critical vulnerability in multiple Apple products. Tracked as CVE-2022-48503, this unspecified issue in the JavaScriptCore engine could allow attackers to execute arbitrary code simply by processing malicious web content. The flaw affects macOS, iOS, tvOS, Safari, and watchOS, putting millions of […] The post CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apache Syncope, an open-source identity management system, has been found vulnerable to remote code execution (RCE) through its Groovy scripting feature, as detailed in CVE-2025-57738. This flaw affects versions prior to 3.0.14 and 4.0.2, where administrators can upload malicious Groovy code that runs with the full privileges of the Syncope Core process. Discovered by security […] The post Apache Syncope Groovy RCE Vulnerability Let Attackers Inject Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe vulnerability in the popular better-auth library’s API keys plugin enables attackers to generate privileged credentials for any user without authentication. Dubbed CVE-2025-61928, the issue affects better-auth, a TypeScript authentication framework downloaded around 300,000 times weekly on npm. This flaw could lead to widespread account compromises, particularly for applications relying on API keys for […] The post Better Auth API keys Vulnerability Let Attackers Create Privileged Credentials For Arbitrary Users appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated vulnerability in Microsoft 365 Copilot (M365 Copilot) that allows attackers to steal sensitive tenant data, including recent emails, through indirect prompt injection attacks. The flaw, detailed in a blog post published today by researcher Adam Logue, exploits the AI assistant’s integration with Office documents and its built-in support for Mermaid diagrams, enabling data […] The post Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A vulnerability in Microsoft 365 Copilot allowed attackers to trick the AI assistant into fetching and exfiltrating sensitive tenant data by hiding instructions in a document. The AI then encoded the data into a malicious Mermaid diagram that, wh…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated cyberespionage campaign dubbed PassiveNeuron has emerged from the shadows after months of dormancy, with security researchers uncovering fresh details about its operations and attack methods. The campaign, first detected in June 2024, h…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has issued an urgent alert about a critical server-side request forgery (SSRF) vulnerability in Oracle E-Business Suite, now actively exploited by threat actors. Tracked as CVE-2025-61884, the flaw affects the Runtime component of Oracle Configurator and allows remote attackers to forge requests without authentication, potentially leading to unauthorized access and data exfiltration. This vulnerability, […] The post CISA Warns Of Oracle E-Business Suite SSRF Vulnerability Actively Exploited In Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Luma Infostealer, a malware-as-a-service (MaaS) offering, has emerged as a potent threat targeting high-value credentials such as web browser cookies, cryptocurrency wallets, and VPN/RDP account information. Beyond isolated theft, threat actors are emp…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Understanding exactly how users authenticate to cloud services is crucial for effective security monitoring. A recently refined bitfield mapping technique decodes the opaque UserAuthenticationMethod values in Microsoft 365 audit logs, transforming nume…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
