-
Content creators and small businesses are facing a sophisticated new threat targeting their Facebook accounts through deceptive advertisements promising free Meta verification badges. A new malvertising campaign is targeting Facebook users with malicio…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed vulnerability in Apple’s CarPlay ecosystem enables remote code execution with root privileges, posing a serious risk to connected vehicles. Discovered by the Oligo Security Research team and tracked as CVE-2025-24132, the fl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been found in the Google Drive Desktop application for Windows. It allows a logged-in user on a shared machine to access another user’s Drive files completely without needing their credentials. This vulnerability stems from a broken access control mechanism in how the application handles cached data. While Google Drive is widely […] The post Google Drive Desktop for Windows Vulnerability Grants Full Access to Another User’s Drive appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Amp’ed RF BT-AP 111 Bluetooth Access Point has been discovered to expose its HTTP-based administrative interface entirely without authentication controls, enabling unauthenticated attackers with network access to seize full administrative privilege…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Millions of people and businesses trust Google Drive every day to store important files like contracts, reports, photos, and research papers. The desktop app for Windows promises secure and seamless syncing of files between local folders and the cloud….
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
KuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-pr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
HackerOne, a leading vulnerability coordination platform, has confirmed that its Salesforce environment was compromised in a recent third-party data breach. The incident stemmed from an attack on the Drift application provided by Salesloft, which allow…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft has disclosed two serious security vulnerabilities in its Office suite that allow attackers to execute arbitrary code on affected systems. Both flaws were publicly released on September 9, 2025, and have been assigned CVE identifiers CVE-2025…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft Warns of Active Directory Domain Services Vulnerability, Let Attackers Escalate Privileges
Microsoft has issued an updated warning for a critical security vulnerability in Active Directory Domain Services, tracked as CVE-2025-21293. This flaw could permit an attacker who has already gained initial access to a system to escalate their privileges, potentially gaining complete control over the affected domain controller and undermining the security of the network infrastructure. […] The post Microsoft Warns of Active Directory Domain Services Vulnerability, Let Attackers Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a twist of fate that underscores both the power and inherent transparency of endpoint detection and response (EDR) solutions. By investigating alerts generated through this deployment, the Huntress Security Operations Center (SOC) gained unprecedent…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶