Blog – Page 550 – Cyber Mike

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container.
The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3.
“A malicious container running on Docker Desktop could access the

OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail

Researchers unveil OneFlip, a Rowhammer-based attack that flips a single bit in neural network weights to stealthily backdoor AI systems without degrading performance.

The post OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail appeared first on SecurityWeek.

Malicious Android apps with 19M installs removed from Google Play

Seventy-seven malicious Android apps containing different types of malware were found on Google Play after being downloaded more than 19 million times. […]

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to deliver a malware loader called UpCrypter.
The campaign leverages “carefully crafted emails to deliver malicious URLs linked to convincing phishing pages,” Fortinet FortiGuard Labs researcher Cara Lin said. “These pages are designed to entice recipients into downloading JavaScript

Critical Docker Desktop flaw lets attackers hijack Windows hosts

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. […]

Defending against malware persistence techniques with Wazuh

Malware persistence keeps attackers in your systems long after reboots or resets. Wazuh helps detect and block hidden techniques like scheduled tasks, startup scripts, and modified system files—before they turn into long-term compromise. […]

Pakistani Hackers Back at Targeting Indian Government Entities

Pakistani state-sponsored hacking group APT36 is targeting Linux systems in a fresh campaign aimed at Indian government entities.

The post Pakistani Hackers Back at Targeting Indian Government Entities appeared first on SecurityWeek.

Aspire Rural Health System Data Breach Impacts Nearly 140,000

Aspire Rural Health System was targeted last year by the BianLian ransomware group, which claimed to have stolen sensitive data.

The post Aspire Rural Health System Data Breach Impacts Nearly 140,000 appeared first on SecurityWeek.

⚡ Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More

Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper hand. For leaders, this means defense isn’t just a matter of firewalls and patches—it’s about strategy. The strongest organizations aren’t the ones with the most tools, but the ones that see how cyber risks connect to business

Chip Programming Firm Data I/O Hit by Ransomware

Data I/O has disclosed a ransomware attack that disrupted the company’s operations, including communications, shipping and production.

The post Chip Programming Firm Data I/O Hit by Ransomware appeared first on SecurityWeek.

Cyber News