-
Zoom has issued multiple security bulletins detailing patches for several vulnerabilities affecting its Workplace applications. The disclosures, published today, highlight two high-severity issues alongside medium-rated flaws, underscoring the ongoing challenges in securing video conferencing tools used by millions in hybrid work environments. These updates come as cybersecurity experts warn of increasing exploitation attempts on collaboration […] The post Zoom Vulnerabilities Let Attackers Bypass Access Controls to Access Session Data appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
SAP released its monthly Security Patch Day updates, addressing 18 new security notes and providing two updates to existing ones, focusing on vulnerabilities that could enable remote code execution and various injection attacks across its product ecosystem. These patches are crucial for enterprises relying on SAP systems, as unpatched flaws could expose sensitive data and […] The post SAP Security Update – Patch for Critical Vulnerabilities Allowing Code Execution and Injection Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google Mandiant has disclosed active exploitation of CVE-2025-12480, a critical unauthenticated access vulnerability in Gladinet’s Triofox file-sharing platform. The threat cluster tracked as UNC6485 has been weaponizing this flaw since August 2025 to gain unauthorized administrative access and establish persistent remote control over compromised systems. The vulnerability stems from improper access control validation in Triofox versions 16.4.10317.56372 and […] The post Hackers Exploiting Triofox 0-Day Vulnerability to Execute Malicious Payload Abusing Anti-Virus Feature appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at CyberProof have uncovered critical connections between two sophisticated banking trojans Maverick and Coyote that are actively targeting Brazilian users through WhatsApp. The discovery came after investigating a suspicious file …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A comprehensive security analysis has uncovered a troubling reality: 65% of leading AI companies have leaked verified secrets on GitHub, exposing critical API keys, authentication tokens, and sensitive credentials that could compromise their entire org…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated phishing campaign is currently targeting email users with deceptive security alert notifications that appear to originate from their own organization’s domain. The phishing emails are crafted to resemble legitimate security notifi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The notorious Danabot banking malware has made a comeback with the release of version 669, marking a significant return after nearly six months of silence following the coordinated law enforcement takedown known as Operation Endgame in May 2025. The re…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at ENKI have uncovered a sophisticated espionage campaign targeting aerospace and defense organizations, in which the Lazarus Group is weaponizing a new variant of the Comebacker backdoor to infiltrate high-value targets. The threa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CISA has added a critical zero-day vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities catalog. Warning that threat actors are actively exploiting the flaw in real-world attacks. The vulnerability, tracked as CVE-2025-21042, is an out-of-bounds write vulnerability in the libimagecodec.quram.so library on Samsung mobile devices. This security flaw allows remote attackers to execute arbitrary […] The post CISA Warns of Samsung Mobile Devices 0-Day RCE Vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated wave of ransomware attacks targeting UK organizations has emerged in 2025, exploiting vulnerabilities in the widely-used SimpleHelp Remote Monitoring and Management platform. Two prominent ransomware groups, Medusa and DragonForce, have weaponized three critical vulnerabilities (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728) to gain unauthorized access through trusted third-party vendors and Managed Service Providers. The attack campaigns […] The post Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
