Vulnerabilities
-
Major Security Flaw Exposes Billions of eSIM Devices to Spy Attacks
A new study reveals critical vulnerabilities in eSIM technology, affecting billions of devices worldwide. Security expert Adam Gowdiak warns that these flaws could allow attackers to spy on users and manipulate services, raising concerns over the potential for espionage and unauthorized access to sensitive information.
-
Critical Remote Code Execution Vulnerability Discovered in mcp-remote Project
A critical vulnerability in the mcp-remote project could allow hackers to execute arbitrary operating system commands, prompting updates and stronger security practices for users.
-
Vulnerabilities in Bluetooth Technology Threaten Major Automakers
Recent vulnerabilities discovered in the BlueSDK Bluetooth stack pose critical security risks for major automakers, with potential for remote code execution and unauthorized access to vehicle systems.
-
New macOS Malware ZuRu Discovered Targeting Users Through Legitimate Software
Security researchers have identified a new macOS malware called ZuRu, which propagates via trojanized versions of legitimate software such as Termius. Discovered by SentinelOne, the malware adapts techniques to target users seeking trusted apps, reflecting an opportunistic threat landscape for macOS users.
-
AMD Issues Warning on New Transient Scheduler Vulnerabilities in Chipsets
AMD has issued a warning regarding new vulnerabilities termed Transient Scheduler Attacks (TSA) that could expose sensitive data across its chipsets, necessitating immediate attention and remedial updates.
-
New Espionage Group Exploits Microsoft Exchange Zero-Day Vulnerability to Target Chinese High-Tech Industries
A report reveals that the NightEagle Group, an advanced persistent threat, has exploited a zero-day vulnerability in Microsoft Exchange to extract intelligence from Chinese military and tech firms, raising concerns about cyber espionage and the implications for national security.
-
New Vulnerability in ServiceNow Exposes Sensitive Data to Low-Privileged Users
A newly identified vulnerability in ServiceNow, known as Count(er) Strike, allows low-privileged users to access sensitive data improperly, prompting urgent calls for enhanced security measures from enterprises using the platform.
-
DoNot APT Expands Cyber Espionage Attacks in Europe
Recent cyber espionage activities attributed to the DoNot APT group highlight an alarming expansion of their operations targeting European foreign affairs ministries and other government entities, utilizing sophisticated malware to harvest sensitive information.
-
Widespread Browser Hijacking Campaign Disguised as Popular Extensions
A report by Koi Security has exposed a malicious browser hijacking campaign that has infected over 2.3 million users through seemingly legitimate extensions, highlighting significant security concerns in the browser extension ecosystem.
-
Android Malware Anatsa Targets US Banks Through Infiltrated Google Play Apps
The Anatsa banking trojan has returned to Google Play disguised as a PDF viewer app, compromising 50,000 downloads and targeting US banking customers. Security experts warn users to uninstall affected apps immediately and to secure their banking credentials.
