-
Tech Note – BeaverTail variant distributed via malicious repositories and ClickFix lure17 September 2025 – Oliver Smith, GitLab Threat Intelligence We have identified infrastructure distributing BeaverTail and InvisibleFerret malware since at least May…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has released iOS 16.7.12 and iPadOS 16.7.12 on September 15, 2025, delivering critical security updates to older-generation devices. The patches address a zero-day flaw in the ImageIO framework that could allow an attacker to execute arbitrary code by enticing a user to process a malicious image file. Apple confirms awareness of a sophisticated exploit […] The post Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
China-aligned TA415 hackers have adopted Google Sheets and Google Calendar as covert command-and-control (C2) channels in a sustained espionage campaign targeting U.S. government, academic, and think tank entities. By blending malicious operations into…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has witnessed an unprecedented surge in API-focused attacks during the first half of 2025, with threat actors launching over 40,000 documented incidents against application programming interfaces across 4,000 monitored environments. This alarming escalation represents a fundamental shift in attack methodology, as cybercriminals have identified APIs as the most lucrative and vulnerable entry […] The post 40,000+ Cyberattacks Targeting API Environments To Inject Malicious Code appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new Magecart-style campaign has emerged that leverages malicious JavaScript injections to skim payment data from online checkout forms. The threat surfaced after security researcher sdcyberresearch posted a cryptic tweet hinting at an active campaign…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A default auto-sync feature in Microsoft OneDrive automatically moves local files to SharePoint, creating a significant security risk by exposing sensitive data and secrets on a large scale. Research from Entro Security highlights the severity of the issue, revealing that one in every five exposed secrets within an enterprise originates from files synced to SharePoint. […] The post Microsoft OneDrive Auto-Sync Exposes Enterprise Secrets in SharePoint Online appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has released critical security updates for older iPhone and iPad models, addressing a zero-day vulnerability that has reportedly been exploited in sophisticated targeted attacks. The iOS 16.7.12 and iPadOS 16.7.12 updates, released on September 1…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has announced the full general availability of client-side encryption (CSE) for Google Sheets. This significant upgrade gives organizations direct control over encryption keys and enhances data confidentiality within Google Workspace. This move extends robust security features to spreadsheets, ensuring that sensitive data remains unreadable to Google, and addresses critical compliance and data portability needs […] The post Google Announces Full Availability of Client-Side Encryption for Google Sheets appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, in the default configuration of the Chaos Controller Manager GraphQL server, a popular open-source chaos engineering platform for K…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. While many C2 frameworks garner public attention, AdaptixC2 has remained largely under the radar—until Unit 42 documented its deployment by real-world th…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
