Vulnerabilities
-
Cybersecurity Alert: Malicious Browser Extensions Target Brazilian Users in Widespread Phishing Campaign
A new phishing campaign has surfaced, aiming at Brazilian users through malicious browser extensions that stole sensitive authentication data. The operation has reportedly infected 722 systems across different countries.
-
Hackers Exploit Voice Phishing to Breach Corporate Systems
A group of hackers known as UNC6040 is exploiting voice phishing to gain access to corporate systems, particularly targeting Salesforce, with tactics that rely on manipulating employees rather than exploiting technical vulnerabilities.
-
New Malware Campaign Targets macOS Users with Social Engineering Tactics
A new malware campaign is targeting macOS users with deceptive tactics, employing fake Spectrum websites and the ClickFix method to deliver the Atomic macOS Stealer malware. Security experts warn of the evolving threat landscape for Apple users.
-
New PathWiper Malware Targets Ukrainian Infrastructure, Analysts Warn of Ongoing Cyber Threats
A new data wiper malware named PathWiper has targeted critical infrastructure in Ukraine, highlighting the ongoing cyber threats posed by advanced persistent threat actors linked to Russia. Cisco Talos has detailed the malware’s capabilities and its similarities with previously observed threats.
-
FBI Issues Warning as BADBOX 2.0 Malware Infects Over 1 Million Devices
The FBI has warned that the BADBOX 2.0 malware has infected over one million consumer devices, transforming them into tools for cybercriminals. The widespread malware affects various Android IoT gadgets, posing significant threats to home network security.
-
Cisco Warns of Critical Vulnerability in Cloud Deployments Exposing Sensitive Data
Cisco has issued a critical vulnerability warning for its Identity Services Engine (ISE) on major cloud platforms, potentially exposing sensitive data due to shared static credentials. Affected platforms include AWS, Azure, and OCI.
-
Data Leak Exposes Personal Information of Over 3.6 Million Users
A recent data breach has exposed the personal information of over 3.6 million users associated with the app-building platform Passion.io, raising serious privacy and security concerns. Cybersecurity expert Jeremiah Fowler discovered the unsecured database containing sensitive data, prompting immediate action from the company.
-
Critical Roundcube Webmail Exploit Sold on Dark Web, Security Experts Warn
Security experts warn of a critical vulnerability in Roundcube webmail, CVE-2025-49113, which has been exploited by hackers selling RCE exploits online. The flaw has led to a patch but concerns remain over its potential impact due to the application’s popularity.
-
Security Risks Emerge from Popular Chrome Extensions Transmitting User Data in Plaintext
Prominent Chrome extensions are under scrutiny as security experts highlight that several have been found transmitting sensitive data unencrypted over HTTP, raising significant privacy concerns. Users are urged to reconsider using these extensions until developers address security flaws.
