-
Users of the popular messaging app WhatsApp are being targeted by a new, highly deceptive scam that grants attackers full access to victims’ contacts, chat history, and media files. Cybercriminals are exploiting the app’s device linking feature to hija…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Microsoft announced that its AI-powered Editor browser extensions for Microsoft Edge and Google Chrome will be retired effective October 31, 2025. With this move, the company aims to streamline its writing-assistance offerings by integrating the core c…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical denial-of-service vulnerability in HashiCorp Vault could allow malicious actors to overwhelm servers with specially crafted JSON payloads, leading to excessive resource consumption and rendering Vault instances unresponsive. Tracked as CVE-2025-6203 and published on August 28, 2025, the flaw affects both Vault Community and Enterprise editions from version 1.15.0 up to several patched releases. […] The post HashiCorp Vault Vulnerability Let Attackers to Crash Servers appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical flaw in the Mobile Security Framework (MobSF) has been discovered, allowing authenticated attackers to upload and execute malicious files by exploiting improper path validation. The vulnerability, present in version 4.4.0 and patched in 4.4.1, underscores the importance of rigorous sanitization when handling user‐supplied file paths and archives. Key Takeaways1. MobSF v4.4.0 allowed attackers […] The post MobSF Security Testing Tool Vulnerability Let Attackers Upload Malicious Files appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Critical security flaws discovered in Mobile Security Framework (MobSF) version 4.4.0 enable authenticated attackers to exploit path traversal and arbitrary file write vulnerabilities, potentially compromising system integrity and exposing sensitive da…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated Windows-based keylogger known as TinkyWinkey began surfacing on underground forums in late June 2025, targeting enterprise and individual endpoints with unprecedented stealth. Unlike traditional keylogging tools that rely on simple hooks or user-mode processes, TinkyWinkey leverages dual components—a Windows service and an injected DLL payload—to remain hidden while harvesting rich contextual data. The […] The post New TinkyWinkey Stealthily Attacking Windows Systems With Advanced Keylogging Capabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in HashiCorp Vault—tracked as CVE-2025-6203 and HCSEC-2025-24—has been disclosed that allows malicious actors to submit specially crafted payloads capable of exhausting server resources and rendering Vault instances unresponsiv…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Exposing an ASP.NET Core appsettings.json file containing Azure Active Directory (Azure AD) credentials poses a critical attack vector, effectively handing adversaries the keys to an organization’s cloud environment. During a recent cybersecurity …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In a novel twist on the year-long trend of ClickFix scams, threat actors have blended human-verification social engineering with the Windows search protocol to deliver MetaStealer, a commodity infostealer notorious for harvesting credentials and exfilt…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Multiple critical vulnerabilities in Qualcomm Technologies’ proprietary Data Network Stack and Multi-Mode Call Processor that permit remote attackers to execute arbitrary code. These flaws, tracked as CVE-2025-21483 and CVE-2025-27034, each carry a CVSS score of 9.8 and exploit buffer-corruption weaknesses to compromise device security. Key Takeaways1. CVE-2025-21483 & CVE-2025-27034 allow remote RCE.2. Affects Snapdragon 8 […] The post Critical Qualcomm Vulnerabilities Allow Attackers to Execute Arbitrary Code Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
