⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs.…
Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs
New research from CrowdStrike has revealed that DeepSeek’s artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities…
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors…
China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services
The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the…
Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means…
CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity…
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or…
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security
In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer…
Why IT Admins Choose Samsung for Mobile Security
Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have.…
APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to…