-
A critical security risk has emerged for Windows users of WhatsApp Desktop who also have Python installed. Attackers can exploit a flaw in how WhatsApp Desktop handles .pyz (Python archive) files, delivering arbitrary code execution on the victim’s mac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has been significantly impacted by the discovery and active exploitation of two critical zero-day vulnerabilities in WinRAR, one of the world’s most widely used file compression utilities. CVE-2025-6218 and CVE-2025-8088 represent sophisticated attack vectors that have enabled threat actors to achieve remote code execution and establish persistent access to compromised systems through maliciously crafted archive […] The post WinRAR 0-Day Vulnerabilities Exploited in Wild by Hackers – Detailed Case Study appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Major French retail chain Auchan announced on August 21, 2025, that it suffered a significant cybersecurity incident resulting in the unauthorized access and theft of personal data from “several hundred thousand” customer loyalty accounts. The breach represents another critical example of retail sector vulnerabilities to Advanced Persistent Threats (APTs) targeting customer databases containing Personally Identifiable […] The post French Retailer Auchan Cyberattack – Thousands of Customers Personal Data Exposed appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google Threat Intelligence Group (GTIG) has uncovered a multifaceted cyber espionage operation attributed to the PRC-nexus threat actor UNC6384, believed to be associated with TEMP.Hex (also known as Mustang Panda). This campaign, aligned with China…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A comprehensive analysis of the top 10 social media platforms reveals that X (formerly Twitter) stands out as the most invasive collector of user location information, gathering both precise and coarse location data across all categories listed in Apple’s App Store privacy framework. This extensive data harvesting raises significant privacy concerns as location tracking can […] The post X/Twitter The Most Aggressive Social Media App Collecting Users Location Information appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Maryland’s transit network experienced widespread disruption this week after a sophisticated cyberattack targeted critical information systems, forcing the Maryland Transit Administration (MTA) and the Department of Information Technology (DoIT) to scr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A malvertising campaign using sponsored results on Microsoft’s search platform delivered a weaponized PuTTY that established persistence, enabled hands-on keyboard control, and executed Kerberoasting to target Active Directory service accounts. According to an investigation published by LevelBlue’s MDR SOC and corroborated by independent research tracking Oyster/Broomstick backdoor activity tied to trojanized admin tools distributed via […] The post Weaponized PuTTY Via Bing Ads Exploit Kerberos and Attack Active Directory Services appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A comprehensive study examining the location data practices of the top 10 social media platforms has uncovered concerning patterns of user tracking that extend far beyond what most users realize. The research, which analyzed App Store disclosures from …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Android droppers have evolved from niche installers for heavyweight banking Trojans into universal delivery frameworks, capable of deploying even rudimentary spyware or SMS stealers. Initially, droppers served banking malware families that required elevated Accessibility permissions to harvest credentials. These small applications appeared innocuous at first glance, often masquerading as utility or government apps in high-risk […] The post Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A stealthy espionage campaign emerged in early 2025 targeting diplomats and government entities in Southeast Asia and beyond. At the heart of this operation lies STATICPLUGIN, a downloader meticulously disguised as a legitimate Adobe plugin update. Victims encountered a captive portal hijack that redirected browsers to malicious domains, where an HTTPS-secured landing page prompted users […] The post Chinese UNC6384 Hackers Leverages Valid Code Signing Certificates to Evade Detection appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
