138/68 Thursday, April 10, 2025 WhatsApp has released a patch for a newly discovered vulnerability, CVE-2025-30401, affecting WhatsApp for Windows versions prior to 2.2450.6. This spoofing vulnerability allows attackers to send malicious file attachments disguised with a fake MIME type, tricking users into believing the files are safe—such as images or documents—when in reality, opening […]
137/68 Thursday, April 10, 2025 Fortinet has released a critical security patch addressing a vulnerability in FortiSwitch that could allow an attacker to change the administrator password without authentication. Tracked as CVE-2024-48887, the flaw carries a CVSS severity score of 9.3 out of 10, indicating a critical risk. According to Fortinet, the vulnerability stems from […]
136/68 Wednesday, April 9, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-22457 to its Known Exploited Vulnerabilities (KEV) Catalog, after confirming active exploitation of the flaw in Ivanti products, including Connect Secure, Policy Secure, and Neurons for ZTA Gateways. The vulnerability is a stack-based buffer overflow in Apache Tomcat, which can […]
135/68 Wednesday, April 9, 2025 Researchers have discovered that the APT group ToddyCat, suspected to be linked to China, is exploiting a now-patched vulnerability (CVE-2024-11859) in ESET antivirus software to stealthily load and execute malware on target systems. The vulnerability, fixed in January 2024, stems from insecure DLL search order handling, allowing attackers to trick […]
134/68 Tuesday, April 8, 2025 Oracle has confirmed a data breach incident and has begun privately notifying affected customers. While the company appears to be downplaying the severity of the breach, a hacker going by the alias rose87168 claims to have accessed millions of records from Oracle Cloud, including encrypted credentials for over 140,000 users. […]
133/68 Tuesday, April 8, 2025 A growing SMS phishing campaign is targeting users by impersonating E-ZPass and other toll collection agencies such as FasTrak and the Florida Turnpike. Victims are receiving fraudulent iMessages and SMS messages designed to steal personal and credit card information. The messages typically claim that the recipient has unpaid toll fees […]
132/68 Friday, April 4, 2025 Cybersecurity researchers at Kaspersky have issued a warning about a new version of the Triada trojan that has been found embedded in the firmware of counterfeit Android smartphones designed to imitate popular models. The malware activates as soon as the device is set up for the first time. According to […]
131/68 Friday, April 4, 2025 Cisco has released patches for two critical security vulnerabilities that could lead to Denial-of-Service (DoS) attacks targeting Meraki MX and Meraki Z devices, as well as the Enterprise Chat and Email (ECE) platform. The first flaw, CVE-2025-20212, affects the VPN AnyConnect server and allows an authenticated attacker to force the […]
130/68 Thursday, April 3, 2025 Microsoft’s MORSE (Microsoft Offensive Research and Security Engineering) team has discovered a critical vulnerability, tracked as CVE-2025-1268 (CVSS 9.4), affecting Canon printer drivers. The vulnerability is classified as an out-of-bounds issue that impacts various printer driver models, including those for production printers, office/small office multifunction printers, and laser printers—particularly during […]
129/68 Thursday, April 3, 2025 Cybersecurity researchers at Wiz have uncovered an ongoing campaign targeting externally accessible PostgreSQL servers, exploiting weak or easily guessable credentials to deploy fileless cryptocurrency mining malware. One of the key payloads used in this campaign is a malware strain called PG_MEM, which was first detected by Aqua Security in August […]
