Vulnerabilities
-
FileFix: New Facebook security alert spoof hijacks victims into downloading StealC infostealer, researchers warn
Security researchers have uncovered a campaign dubbed FileFix that masquerades as a Facebook security alert to trick users into executing a malicious payload, culminating in the StealC infostealer. The operation, a variant of the ClickFix social-engineering technique, shows global reach, steganography-based delivery, and a Go-based loader that drops StealC v2, with researchers noting evolving infrastructure…
-
ETH Zurich researchers reveal Phoenix DDR5 Rowhammer defeats TRR, enabling privilege escalation on commodity systems
Researchers from ETH Zurich and Google have disclosed Phoenix, a DDR5 Rowhammer variant that bypasses TRR protections and enables privilege escalation on commodity systems within minutes, affecting most DDR5 modules produced between 2021 and 2024. The work includes a proof-of-concept showing root access and other exploits, and provides links to the technical paper and a…
-
Samsung patches critical CVE-2025-21043 Android vulnerability exploited in the wild
Samsung has issued a September 2025 security update to patch CVE-2025-21043, a critical remote code execution flaw in a Quramsoft image parsing library used on Android devices, underscoring the need for immediate patching across affected devices.
-
HybridPetya ransomware emerges with UEFI Secure Boot bypass, encrypts MFT and demands Bitcoin ransom
A new ransomware strain named HybridPetya has been identified by ESET, combining traits of Petya/NotPetya with a UEFI Secure Boot bypass. The threat encrypts the Master File Table on NTFS partitions via a bootkit installed on the EFI System Partition, and demands Bitcoin ransom while offering a decryption mechanism contingent on payment. Researchers warn that…
-
CISA Adds Critical CVE-2025-5086 in DELMIA Apriso to KEV Catalog Amid Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2025-5086, a critical remote-code-execution flaw in DELMIA Apriso, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation emerged, prompting urgent patching across affected deployments.
-
Apple says devices targeted by mercenary spyware in new wave of attacks, CERT-FR reports
France’s CERT-FR says Apple devices were targeted in a new wave of mercenary spyware attacks, issuing four threat notifications this year and noting that some campaigns exploit zero-day flaws while others require no user interaction.
-
Wyden urges FTC to probe Microsoft over alleged ‘gross cybersecurity negligence’ linked to ransomware attacks, citing Ascension breach
U.S. Senator Ron Wyden has urged the FTC to investigate Microsoft, accusing the company of cybersecurity negligence linked to ransomware attacks on critical infrastructure, including a major Ascension health-system breach that affected millions of people.
-
Cursor AI editor vulnerability could enable covert code execution on folder open, researchers warn
A vulnerability in Cursor, the AI-augmented fork of Visual Studio Code, could allow attackers to silently run code on a user’s machine when a repository is opened, researchers warn, due to default Workspace Trust settings and potential autorun configurations.
-
Chinese APT deploys EggStreme fileless framework in Philippines attack, Bitdefender says
A Chinese APT group has been linked to compromising a Philippines-based military services company using EggStreme, a new fileless malware framework designed for memory-resident espionage, with a backdoor capable of extensive reconnaissance and data theft.
-
Backdoor.Win32.Buterat Targets Government and Enterprise Networks, Researchers Say
A new analysis from Point Wild details Buterat, a long-running backdoor that targets government and enterprise networks. The malware uses thread manipulation and encrypted C2 channels to avoid detection and maintain persistence, with defenders urged to strengthen endpoints and employee training.
