Two Android vulnerabilities were actively exploited as zero-days before patches became available, according to Google’s December Android Security Bulletin. Both flaws affect the Framework component and enable data access and privilege escalation, making it...
Apple Podcasts has begun launching itself spontaneously, displaying peculiar religious and “educational” programs and, in some cases, directing users to potentially malicious websites. Researchers have discovered that the app can be triggered invisibly from...
ASUS continues to patch dangerous flaws in its home routers following a wave of attacks targeting the AiCloud service. The company has released a new firmware version addressing nine vulnerabilities, including a critical authentication...
Cato Networks has unveiled a new attack technique, dubbed HashJack, which conceals malicious AI prompts behind the “#” symbol within legitimate URLs — coercing AI-powered browsers into executing them while remaining invisible to traditional...
A recently patched vulnerability in Microsoft’s Windows Server Update Services has triggered a wave of attacks involving one of the most notable espionage tools of recent years. The incidents underscore how swiftly adversaries move...
An updated patch set for the GRUB2 bootloader has been released publicly, addressing six vulnerabilities at once, most of which stem from accessing memory after it has been freed. Such flaws could potentially allow...
GreyNoise has recorded a dramatic surge in automated requests targeting Palo Alto Networks’ GlobalProtect authentication portals. The scale of this spike is highly atypical: within just 24 hours, the volume of network sessions hitting...
Cl0p struck a blow against Oracle by exploiting a critical zero-day vulnerability in the E-Business Suite. Researchers report that attacks leveraging this flaw have been underway since July 2025, already compromising numerous major organizations...
A widespread infection of outdated ASUS routers has become the focal point of a new covert campaign that quietly unfolded over the past six months, compromising tens of thousands of devices across the globe....
In recent days it has become apparent that FortiWeb had been accumulating issues the manufacturer chose not to disclose in advance. After Fortinet acknowledged active exploitation of the critical vulnerability CVE-2025-64446 — which allows...