Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID’s “leaked credentials” detection app called MACE. […]
New Android malware steals your credit cards for NFC relay attacks
A new malware-as-a-service (MaaS) platform named ‘SuperCard X’ has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. […]
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below –
The packages in question are listed below –
node-telegram-utils (132 downloads)
node-telegram-bots-api (82 downloads)
node-telegram-util (73 downloads)
According to supply chain
Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. […]
Google Gemini AI is getting ChatGPT-like Scheduled Actions feature
Google Gemini is testing a ChatGPT-like scheduled tasks feature called “Scheduled Actions,” which will allow you to create tasks that Gemini will execute later. […]
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices.
The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0.
The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0.
“An improper authentication control vulnerability exists in certain ASUS router firmware series,”
Interlock ransomware gang pushes fake IT tools in ClickFix attacks
The Interlock ransomware gang now uses ClickFix attacks that impersonate IT tools to breach corporate networks and deploy file-encrypting malware on devices. […]
OpenAI details ChatGPT-o3, o4-mini, o4-mini-high usage limits
OpenAI has launched three new reasoning models – o3, o4-mini, and o4-mini-high for Plus and Pro subscribers, but as it turns out, these models do not offer ‘unlimited’ usage. […]
The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools
With unapproved AI tools entrenched in daily workflows, experts say it’s time to shift from monitoring to managing Shadow AI use across the enterprise.
The post The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools appeared first on SecurityWeek.
FBI: Scammers pose as FBI IC3 employees to ‘help’ recover lost funds
The FBI warns that scammers posing as FBI IC3 employees are offering to “help” fraud victims recover money lost to other scammers. […]