1010.cx

1010.cx

/

Archive

/

Category: cyber security

  • Microsoft To Mandate MFA for Accounts Signing In to the Azure Portal

    In a significant security move, Microsoft announced on August 26, 2025, that it will require mandatory multifactor authentication (MFA) for all accounts signing in to the Azure portal and related administrative centers. The policy, first introduced in 2024, aims to dramatically reduce account compromise by enforcing an additional layer of identity verification across Azure and […] The post Microsoft To Mandate MFA for Accounts Signing In to the Azure Portal appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Critical Next.js Framework Vulnerability Let Attackers Bypass Authorization

    A newly discovered critical security vulnerability in the Next.js framework, designated CVE-2025-29927, poses a significant threat to web applications by allowing malicious actors to completely bypass authorization mechanisms.  This vulnerability arises from improper handling of the x-middleware-subrequest header within Next.js middleware execution, potentially exposing sensitive administrative areas and protected resources to unauthorized access. The vulnerability […] The post Critical Next.js Framework Vulnerability Let Attackers Bypass Authorization appeared first on Cyber Security News.

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New Large-Scale Phishing Attacks Targets Hotelier Via Ads to Gain Access to Property Management Tools

    A novel phishing campaign emerged in late August 2025 that specifically targeted hoteliers and vacation rental managers through malicious search engine advertisements. Rather than relying on mass email blasts or social media lures, attackers purchased sponsored ads on platforms such as Google Search, typosquatting legitimate service providers’ names to redirect unsuspecting users. By mimicking brands […] The post New Large-Scale Phishing Attacks Targets Hotelier Via Ads to Gain Access to Property Management Tools appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • MediaTek Security Update – Patch for Multiple Vulnerabilities Across Chipsets

    MediaTek today published a critical security bulletin addressing several vulnerabilities across its latest modem chipsets, urging device OEMs to deploy updates immediately.  The bulletin, issued two months after confidential OEM notification, confirms that no known in-the-wild exploits have been detected to date. Key Takeaways1. MediaTek patched high- and medium-severity modem and firmware bugs across 60+ […] The post MediaTek Security Update – Patch for Multiple Vulnerabilities Across Chipsets appeared first on Cyber Security News.

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Food Delivery Robots Vulnerable to Hacks That Redirect Orders

    A startling vulnerability in Pudu Robotics’ management APIs that allowed anyone with minimal technical skill to seize control of the company’s food delivery and service robots. The vulnerability, which went unaddressed for weeks despite repeated respon…

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Salesforce Releases Forensic Investigation Guide Following Chain of Attacks

    Salesforce today unveiled its comprehensive Forensic Investigation Guide, equipping organizations with best practices, log analysis techniques, and automation workflows to detect and respond to sophisticated security breaches rapidly.  To reconstruct attack timelines and assess data exposure, the guide emphasizes three primary information sources: Activity Logs, User Permissions, and Backup Data.  Key Takeaways1. Salesforce’s new Forensic […] The post Salesforce Releases Forensic Investigation Guide Following Chain of Attacks appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Microsoft Enforces MFA for Logging into Azure Portal

    In a significant security move, Microsoft announced on August 26, 2025, that it will require mandatory multifactor authentication (MFA) for all accounts signing in to the Azure portal and related administrative centers. The policy, first introduced in …

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Leverage Built-in MacOS Protection Features to Deploy Malware

    macOS has long been recognized for its robust, integrated security stack, but cybercriminals are finding ways to weaponize these very defenses.  Recent incidents show attackers exploit Keychain, SIP, TCC, Gatekeeper, File Quarantine, XProtect, and XProtect Remediator to stealthily deliver malicious payloads.  Key Takeaways1. Abuse of macOS tools (Keychain, SIP, File Quarantine) for credential theft and […] The post Hackers Leverage Built-in MacOS Protection Features to Deploy Malware appeared first on Cyber Security News.

    ·

    , , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Apple May Drop Physical SIM Card in iPhone 17

    Apple appears poised to remove the physical SIM card slot from its upcoming iPhone 17 models in more countries, with a significant rollout anticipated across the European Union. This change would mark the latest step in Apple’s long-term strategy of tr…

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • SUSE Fleet: Plain Text Storage of Vulnerability Exploit Helm Values

    A high-severity vulnerability in SUSE’s Fleet, a GitOps management tool for Kubernetes clusters, has been disclosed by security researcher samjustus via GitHub Security Advisory GHSA-6h9x-9j5v-7w9h. The vulnerability, tracked as CVE-2024-52284, allows …

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶