Elevation of privilege flaws in Android Runtime (CVE-2025-48543) and Linux kernel (CVE-2025-38352) have been exploited in targeted attacks.
The post Two Exploited Vulnerabilities Patched in Android appeared first on SecurityWeek.
Tidal Cyber Raises $10 Million for CTI and Adversary Behavior Platform
Co-founded by former MITRE experts, the startup will use the funding to accelerate product innovation and fuel company growth.
The post Tidal Cyber Raises $10 Million for CTI and Adversary Behavior Platform appeared first on SecurityWeek.
Threat actors abuse X’s Grok AI to spread malicious links
Threat actors are using Grok, X’s built-in AI assistant, to bypass link posting restrictions that the platform introduced to reduce malicious advertising. […]
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar.
“The two npm packages abused smart contracts to conceal malicious
“The two npm packages abused smart contracts to conceal malicious
US offers $10 million bounty for info on Russian FSB hackers
The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organizations on behalf of the Russian government. […]
US Cybersecurity Agency Flags Wi-Fi Range Extender Vulnerability Under Active Attack
Flaw allows attackers to reset and hijack TP-Link TL-WA855RE devices; CISA urges users to retire discontinued extenders.
The post US Cybersecurity Agency Flags Wi-Fi Range Extender Vulnerability Under Active Attack appeared first on SecurityWeek.
Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws
Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws. […]
US sues robot toy maker for exposing children’s data to Chinese devs
The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children’s geolocation data without their knowledge and parental consent. […]
Police disrupts Streameast, largest pirated sports streaming network
The Alliance for Creativity and Entertainment (ACE) and Egyptian authorities have shut down Streameast, the world’s largest illegal live sports streaming network, and arrested two people allegedly associated with the operation. […]
SaaS giant Workiva discloses data breach after Salesforce attack
Workiva, a leading cloud-based SaaS (Software as a Service) provider, notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data. […]