-
Cybersecurity researchers have identified a resurgence of SpyNote malware campaigns targeting Android users through sophisticated fake Google Play Store websites. The malicious actor behind these attacks has implemented new anti-analysis techniques and…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are increasingly refining Android droppers to circumvent enhanced security measures, extending their utility beyond sophisticated banking trojans to simpler malware variants like SMS stealers and basic spyware. Historically, droppers serv…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical vulnerability in Git (CVE-2025-48384) that enables arbitrary file writes and has already been observed in active exploitation campaigns. The fla…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PhpSpreadsheet library, allowing attackers to inject malicious HTML input when processing spreadsheet documents. The vulnerability, assigned C…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google has disclosed a critical zero-day vulnerability in the V8 JavaScript engine used by Chrome, tracked as CVE-2025-5419. Before a patch could be rolled out to all users, proof-of-concept (PoC) exploit code had been published, and active exploitation had been observed in targeted campaigns. Key Takeaways1. CVE-2025-5419 lets attackers exploit V8 OOB read/write for remote […] The post PoC Exploit Released for Chrome 0-Day Vulnerability Exploited in the Wild appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security risk has emerged for Windows users of WhatsApp Desktop who also have Python installed. Attackers can exploit a flaw in how WhatsApp Desktop handles .pyz (Python archive) files, delivering arbitrary code execution on the victim’s mac…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has been significantly impacted by the discovery and active exploitation of two critical zero-day vulnerabilities in WinRAR, one of the world’s most widely used file compression utilities. CVE-2025-6218 and CVE-2025-8088 represent sophisticated attack vectors that have enabled threat actors to achieve remote code execution and establish persistent access to compromised systems through maliciously crafted archive […] The post WinRAR 0-Day Vulnerabilities Exploited in Wild by Hackers – Detailed Case Study appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Major French retail chain Auchan announced on August 21, 2025, that it suffered a significant cybersecurity incident resulting in the unauthorized access and theft of personal data from “several hundred thousand” customer loyalty accounts. The breach represents another critical example of retail sector vulnerabilities to Advanced Persistent Threats (APTs) targeting customer databases containing Personally Identifiable […] The post French Retailer Auchan Cyberattack – Thousands of Customers Personal Data Exposed appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Google Threat Intelligence Group (GTIG) has uncovered a multifaceted cyber espionage operation attributed to the PRC-nexus threat actor UNC6384, believed to be associated with TEMP.Hex (also known as Mustang Panda). This campaign, aligned with China…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A comprehensive analysis of the top 10 social media platforms reveals that X (formerly Twitter) stands out as the most invasive collector of user location information, gathering both precise and coarse location data across all categories listed in Apple’s App Store privacy framework. This extensive data harvesting raises significant privacy concerns as location tracking can […] The post X/Twitter The Most Aggressive Social Media App Collecting Users Location Information appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
