146/68 Monday, April 21, 2025 ASUS has issued a security advisory regarding a critical vulnerability in its routers that have the AiCloud feature enabled, tracked as CVE-2025-2492 with a CVSS severity score of 9.2. The flaw stems from improper authentication control, potentially allowing unauthorized remote attackers to take control of the router’s functions. To mitigate […]
145/68 Monday, April 21, 2025 Cybersecurity firm Cleafy has uncovered a new threat dubbed “SuperCard X”, a Malware-as-a-Service (MaaS) tool targeting Android devices through NFC relay attacks. The malware is designed to steal credit card data and use it for fraudulent transactions at ATMs or point-of-sale (POS) terminals. The campaign has ties to Chinese-speaking threat […]
144/68 Friday, April 18, 2025 Researchers at Doctor Web have uncovered that several low-cost Android smartphones from China come preloaded with malware during the manufacturing process. The malicious apps include trojanized versions of WhatsApp and Telegram, which are embedded with crypto clipper malware. This malware monitors the clipboard and automatically replaces copied cryptocurrency wallet addresses […]
143/68 Friday, April 18, 2025 Apple has released an emergency security update to address two actively exploited zero-day vulnerabilities found in targeted attacks against iPhones. The company confirmed the attacks were highly sophisticated and urged users to update their devices immediately. The first vulnerability, CVE-2025-31200, resides in CoreAudio, where specially crafted media files could allow […]
142/68 Thursday, April 17, 2025 A critical security vulnerability, CVE-2025-24859, has been disclosed in Apache Roller, a popular Java-based open-source blogging server. The flaw, which affects versions ≤6.1.4, has been assigned the maximum CVSS score of 10.0, indicating its severity. The vulnerability stems from unsafe session management, allowing authenticated sessions to remain active even after […]
141/68 Thursday, April 17, 2025 Cybersecurity researchers at CloudSEK have uncovered a sophisticated malware campaign involving a fake version of the legitimate site PDFCandy[.]com, designed to trick users into downloading ArechClient2, an info-stealing malware from the SectopRAT family active since 2019. The campaign relies on malicious Google Ads and fake software update prompts to distribute […]
140/68 Friday, April 11, 2025 The Office of the Comptroller of the Currency (OCC), an agency under the U.S. Department of the Treasury, has confirmed a serious email security breach that remained undetected for over a year. The incident involved unauthorized access to more than 103 staff email accounts through a compromised administrator account, which […]
139/68 Friday, April 11, 2025 Cybersecurity and international policy experts are warning that newly announced U.S. import tariffs may inadvertently worsen the global cyber threat landscape—particularly if the measures lead to economic downturns. A potential recession could drive organizations to cut cybersecurity budgets, leaving them more vulnerable to cybercrime and state-sponsored espionage. Despite a temporary […]
138/68 Thursday, April 10, 2025 WhatsApp has released a patch for a newly discovered vulnerability, CVE-2025-30401, affecting WhatsApp for Windows versions prior to 2.2450.6. This spoofing vulnerability allows attackers to send malicious file attachments disguised with a fake MIME type, tricking users into believing the files are safe—such as images or documents—when in reality, opening […]
137/68 Thursday, April 10, 2025 Fortinet has released a critical security patch addressing a vulnerability in FortiSwitch that could allow an attacker to change the administrator password without authentication. Tracked as CVE-2024-48887, the flaw carries a CVSS severity score of 9.3 out of 10, indicating a critical risk. According to Fortinet, the vulnerability stems from […]
