zero-click
-
Grafana AI flaw could expose enterprise data in zero-click attack
Researchers say a critical Grafana flaw could let attackers use AI-powered dashboards to exfiltrate sensitive data without authentication. Grafana reportedly validated the issue and released a fix after disclosure by Noma Security.
-
Kaspersky links Coruna iOS exploit framework to Operation Triangulation, finds expanded targets
Kaspersky researchers say the Coruna exploit framework is an updated successor to the Operation Triangulation toolkit, adding support for A17 and M3 chips and iOS up to 17.2, and that its components include multiple exploit chains used in both espionage and financially motivated attacks.
-
CISA warns of active spyware campaigns targeting messaging app users
CISA warned that threat actors are actively using commercial spyware and remote access trojans to compromise users of mobile messaging apps, citing multiple campaigns that used techniques such as zero‑click exploits, device‑linking QR codes and spoofed apps, and urged high‑value individuals to follow specific security guidance.
-
WhatsApp patches high-severity vulnerability tied to Apple zero-day in targeted attacks on iOS and macOS
WhatsApp has patched a high-severity vulnerability in its iOS and macOS apps (CVE-2025-55177) that could allow an attacker to process content from an arbitrary URL on a target device, potentially in conjunction with a separate Apple zero-day. Affected versions include iOS and Mac apps; targeted individuals have been notified and advised to reset devices and…
