Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. […]
Landfall Android Spyware Targeted Samsung Phones via Zero-Day
Threat actors exploited CVE-2025-21042 to deliver malware via specially crafted images to users in the Middle East.
The post Landfall Android Spyware Targeted Samsung Phones via Zero-Day appeared first on SecurityWeek.
ID verification laws are fueling the next wave of breaches
ID laws are forcing companies to store massive amounts of sensitive data, turning compliance into a security risk. Acronis explains how integrated backup and cybersecurity platforms help MSPs reduce complexity and close the gaps attackers exploit. […]
Radical Empowerment From Your Leadership: Understood by Few, Essential for All
When leaders redefine power as trust instead of control, teams unlock their potential — and organizations find their edge.
The post Radical Empowerment From Your Leadership: Understood by Few, Essential for All appeared first on SecurityWeek.
Data Exposure Vulnerability Found in Deep Learning Tool Keras
The vulnerability is tracked as CVE-2025-12058 and it can be exploited for arbitrary file loading and conducting SSRF attacks.
The post Data Exposure Vulnerability Found in Deep Learning Tool Keras appeared first on SecurityWeek.
ClickFix Attacks Against macOS Users Evolving
ClickFix prompts typically contain instructions for Windows users, but now they are tailored for macOS and they are getting increasingly convincing.
The post ClickFix Attacks Against macOS Users Evolving appeared first on SecurityWeek.
Leak confirms Google Gemini 3 Pro and Nano Banana 2 could launch soon
Google is planning to ship two new models. One is Gemini 3, which is optimised for coding and regular use, and the second is Nano Banano 2 for generating realistic images. […]
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems.
According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named “shanhai666” and are designed to run malicious code after specific trigger dates in August 2027 and
According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named “shanhai666” and are designed to run malicious code after specific trigger dates in August 2027 and
DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz
Google’s acquisition of Wiz is expected to close in 2026, but there are other reviews that need to be cleared.
The post DOJ Antitrust Review Clears Google’s $32 Billion Acquisition of Wiz appeared first on SecurityWeek.
The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures
The Congressional Budget Office confirmed it had been hacked, potentially disclosing important government data to malicious actors.
The post The Congressional Budget Office Was Hacked. It Says It Has Implemented New Security Measures appeared first on SecurityWeek.