brangberg – Page 415

Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.
The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary

In Other News: Controversial Ransomware Report, Gootloader Returns, More AN0M Arrests

Other noteworthy stories that might have slipped under the radar: rogue ransomware negotiators charged, F5 hack prompts OT security guidance, Germany targets Huawei tech.

The post In Other News: Controversial Ransomware Report, Gootloader Returns, More AN0M Arrests appeared first on SecurityWeek.

From Log4j to IIS, China’s Hackers Turn Legacy Bugs into Global Espionage Tools

A China-linked threat actor has been attributed to a cyber attack targeting an U.S. non-profit organization with an aim to establish long-term persistence, as part of broader activity aimed at U.S. entities that are linked to or involved in policy issues.
The organization, according to a report from Broadcom’s Symantec and Carbon Black teams, is “active in attempting to influence U.S. government

Cisco: Actively exploited firewall flaws now abused for DoS attacks

Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. […]

Landfall Android Spyware Targeted Samsung Phones via Zero-Day

Threat actors exploited CVE-2025-21042 to deliver malware via specially crafted images to users in the Middle East.

The post Landfall Android Spyware Targeted Samsung Phones via Zero-Day appeared first on SecurityWeek.

ID verification laws are fueling the next wave of breaches

ID laws are forcing companies to store massive amounts of sensitive data, turning compliance into a security risk. Acronis explains how integrated backup and cybersecurity platforms help MSPs reduce complexity and close the gaps attackers exploit. […]

Radical Empowerment From Your Leadership: Understood by Few, Essential for All

When leaders redefine power as trust instead of control, teams unlock their potential — and organizations find their edge.

The post Radical Empowerment From Your Leadership: Understood by Few, Essential for All appeared first on SecurityWeek.

Data Exposure Vulnerability Found in Deep Learning Tool Keras

The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks.

The post Data Exposure Vulnerability Found in Deep Learning Tool Keras appeared first on SecurityWeek.

ClickFix Attacks Against macOS Users Evolving

ClickFix prompts typically contain instructions for Windows users, but now they are tailored for macOS and they are getting increasingly convincing.

The post ClickFix Attacks Against macOS Users Evolving appeared first on SecurityWeek.

Leak confirms Google Gemini 3 Pro and Nano Banana 2 could launch soon

Google is planning to ship two new models. One is Gemini 3, which is optimised for coding and regular use, and the second is Nano Banano 2 for generating realistic images. […]

Author: brangberg