American cybersecurity company SentinelOne revealed over the weekend that a software flaw triggered a seven-hour-long outage on Thursday. […]
Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August
Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. […]
Microsoft and CrowdStrike partner to link hacking group names
Microsoft and CrowdStrike announced today that they’ve partnered to connect the aliases used for specific threat groups without actually using a single naming standard. […]
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
Cybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies.
Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and
Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations and
Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure
Cryptocurrency mining operation hits exposed Consul dashboards, Docker Engine APIs and Gitea code-hosting instances to push Monero miner.
The post Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure appeared first on SecurityWeek.
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application.
A brief description of the three flaws is as follows –
A brief description of the three flaws is as follows –
CVE-2024-13915 (CVSS score: 6.9) – A pre-installed “com.pri.factorytest” application on Ulefone and
Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently
Chipmaker says there are indications from Google Threat Analysis Group that a trio of flaws “may be under limited, targeted exploitation.”
The post Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently appeared first on SecurityWeek.
‘Russian Market’ emerges as a go-to shop for stolen credentials
The “Russian Market” cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware. […]
Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.
The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below –
The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below –
CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) – Two incorrect authorization vulnerabilities in the Graphics
vBulletin Vulnerability Exploited in the Wild
Exploitation of the vBulletin vulnerability tracked as CVE-2025-48827 and CVE-2025-48828 started shortly after disclosure.
The post vBulletin Vulnerability Exploited in the Wild appeared first on SecurityWeek.