-
A large-scale campaign targeting Mac users is leveraging fake GitHub pages to distribute information-stealing malware disguised as popular legitimate applications. Among the impersonated software are Malwarebytes for Mac, LastPass, Citibank, SentinelOn…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated effort by Russian-linked actors is seeking to sway public opinion ahead of Moldova’s September 28, 2025, vote, raising concerns over foreign interference in the nation’s democratic process. Analysis of these sites revealed a technical f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A man in his forties has been arrested in West Sussex, England, in connection with a cyber-attack that has caused days of widespread disruption at several major European airports, including London’s Heathrow. The UK’s National Crime Agency (NCA) confirmed the man was arrested on Tuesday evening on suspicion of offenses under the Computer Misuse Act […] The post UK Police Arrested Man Linked to Ransomware Attack That Crippeled European Airports appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new study has uncovered a method for silently installing custom extensions on Chromium-based browsers running in Windows domain environments. By exploiting how Chrome and its relatives store extension settings and security checks in preference files,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated technique that allows attackers to execute malicious code directly in memory is gaining traction, posing a significant challenge to modern Endpoint Detection and Response (EDR) solutions. This method, which involves an in-memory Portable Executable (PE) loader, enables a threat actor to run an executable within an already trusted process, effectively bypassing security checks […] The post Hackers Can Bypass EDR by Downloading Malicious File as In-Memory PE Loader appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly disclosed flaw in OnePlus OxygenOS lets any app on a device read SMS and MMS messages without asking the user. Tracked as CVE-2025-10184, the issue stems from a permission bypass in the Telephony content provider (com.android.providers.telephon…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In January 2025, Supermicro released patches addressing critical vulnerabilities in its Baseboard Management Controller (BMC) firmware validation logic. Despite these updates, subsequent research has uncovered bypass techniques that undermine signature…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In recent weeks, cybersecurity teams have observed a surge in malicious GitHub repositories masquerading as legitimate security and financial software. Threat actors have crafted convincing forks of projects bearing names like Malwarebytes, LastPass, Citibank, and SentinelOne, populated with trojanized installers and scripts that deliver stealthy malware payloads. These repositories exploit the trust developers place in […] The post Weaponized Malwarebytes, LastPass, Citibank, SentinelOne, and Others on GitHub Deliver Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A severe security vulnerability in OnePlus OxygenOS has been discovered that allows any installed application to read SMS and MMS messages without requesting permission or notifying users. The flaw, designated CVE-2025-10184, affects multiple OnePlus devices running OxygenOS versions 12 through 15, potentially compromising SMS-based multi-factor authentication (MFA) systems and exposing sensitive personal communications to unauthorized […] The post OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A serious security flaw in the Salesforce CLI installer (sf-x64.exe) has been assigned CVE-2025-9844. This weakness allows attackers to execute arbitrary code with SYSTEM-level privileges on Windows machines. Users who installed Salesforce CLI from unt…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
