News

Breaking News

Entertainment

Movies & Series

Music

Science & Technology

Sport

Business & Money

Education & Personal Development

Life

Culture & Art

Hobbies

News

Entertainment

Science & Technology

Sport

Business & Money

Education & Personal Development

Life

Culture & Art

Hobbies

home
›
Security Affairs
›
Software

Security Affairs - Software

8 | Follower

Security Affairs

12.08.2025

Chrome sandbox escape nets security researcher $250,000 reward

Researcher earns Google Chrome ’s top $250K bounty for a sandbox escape vulnerability enabling remote code execution.

Security Affairs

12.08.2025

Smart Buses flaws expose vehicles to tracking, control, and spying

Researchers showed how hackers can exploit flaws in a bus’ onboard and remote systems for tracking, control and spying.

Security Affairs

11.08.2025

MedusaLocker ransomware group is looking for pentesters

MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters.......

Security Affairs

11.08.2025

Google confirms Salesforce CRM breach, faces extortion threat

Google disclosed a Salesforce Customer Relationship Management (CRM) breach that exposed data of some prospective Google Ads customers.

Security Affairs

10.08.2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

Security Affairs

10.08.2025

Security Affairs newsletter Round 536 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box

Security Affairs

10.08.2025

BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks

Lenovo webcam flaws, dubbed BadCam, let attackers turn them into BadUSB devices to inject keystrokes and launch OS-independent attacks.

Security Affairs

10.08.2025

Embargo Ransomware nets $34.2M in crypto since April 2024

Embargo ransomware, likely a BlackCat/Alphv successor, has netted $34.2M in crypto since mid-2024, researchers say.

Security Affairs

09.08.2025

Germany limits police spyware use to serious crimes

Germany’s top court ruled police can use spyware only for crimes punishable by at least three years in prison.

Security Affairs

09.08.2025

French firm Bouygues Telecom suffered a data breach impacting 6.4M customers

Bouygues Telecom suffered a cyberattack that compromised the personal information of 6.4 million customers.

Security Affairs

09.08.2025

Columbia University data breach impacted 868,969 people

Columbia University was hit by a cyberattack, exposing personal data of over 860,000 students, applicants, and employees.

Security Affairs

09.08.2025

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phishing attacks to install RomCom malware.

Security Affairs

08.08.2025

WhatsApp cracks down on 6.8M scam accounts in global takedown

WhatsApp removed 6.8M accounts linked to global scam centers, mainly in Cambodia, in a crackdown with Meta and OpenAI.

Security Affairs

08.08.2025

U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog.

Security Affairs

08.08.2025

Microsoft unveils Project Ire: AI that autonomously detects malware

Microsoft’s Project Ire uses AI to autonomously reverse engineer and classify software as malicious or benign.

Security Affairs

08.08.2025

CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786

CISA and Microsoft warn of CVE-2025-53786, a high-severity Exchange flaw allowing privilege escalation in hybrid cloud environments.

Security Affairs

08.08.2025

Over 100 Dell models exposed to critical ControlVault3 firmware bugs

ReVault flaws in Dell ControlVault3 firmware allow firmware implants and Windows login bypass on 100+ laptop models via physical access.

Security Affairs

08.08.2025

How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments

CTEM is a continuous strategy that assesses risk from an attacker’s view, helping orgs prioritize threats across cloud and hybrid environments

Security Affairs

08.08.2025

CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector

Ukraine's CERT-UA warns of phishing attacks by UAC-0099 targeting defense sectors, using malware like MATCHBOIL, MATCHWOK, and DRAGSTARE.

Security Affairs

08.08.2025

Air France and KLM disclosed data breaches following the hack of a third-party platform

Air France and KLM warn of a data breach exposing customer data via unauthorized access to a third-party platform.

Security Affairs

08.08.2025

SonicWall dismisses zero-day fears after Ransomware probe

SonicWall found no evidence of a new vulnerability after probing reports of a zero-day used in ransomware attacks.

Security Affairs

08.08.2025

Trend Micro fixes two actively exploited Apex One RCE flaws

Trend Micro patched two critical Apex One flaws (CVE-2025-54948, CVE-2025-54987) exploited in the wild, allowing RCE via console injection.

Security Affairs

03.08.2025

New Linux backdoor Plague bypasses auth via malicious PAM module

A stealthy Linux backdoor named Plague, hidden as a malicious PAM module, allows attackers to bypass auth and maintain persistent SSH access.

Security Affairs

03.08.2025

China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions

China questioned Nvidia over suspected backdoors in its H20 chips, adding to rising tensions in the tech fight between the U.S. and Beijing.

Security Affairs

02.08.2025

Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits

Meta backs Pwn2Own Ireland 2025 in Cork, offering up to $1M for WhatsApp exploits; targets include phones and wearables.

Security Affairs

02.08.2025

ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants.

Security Affairs

02.08.2025

Malicious AI-generated npm package hits Solana users

AI-created npm package @kodane/patch-manager drained Solana wallets; 1,500+ downloads before takedown on July 28, 2025.

Security Affairs

01.08.2025

CISA released Thorium platform to support malware and forensic analysis

CISA has released Thorium, an open-source tool for malware and forensic analysis, now available to analysts.

Security Affairs

01.08.2025

PyPI maintainers alert users to email verification phishing attack

PyPI warns of phishing emails from noreply@pypj[.]org posing as "[PyPI] Email verification" to redirect users to fake package sites.

Security Affairs

01.08.2025

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware.

Security Affairs

01.08.2025

Apple fixed a zero-day exploited in attacks against Google Chrome users

Apple addressed a high-severity vulnerability that has been exploited in zero-day attacks targeting Google Chrome users.

Security Affairs

01.08.2025

Dahua Camera flaws allow remote hacking. Update firmware now

Critical flaws in Dahua cameras let hackers take control remotely. The vendor has released patches, users should update firmware asap.

Security Affairs

01.08.2025

Attackers actively exploit critical zero-day in Alone WordPress Theme

Hackers exploit a critical vulnerability, tracked as CVE-2025-5394 (CVSS score of 9.8), in the 'Alone WordPress theme to hijack sites.

Security Affairs

01.08.2025

FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

FBI Dallas seized 20 BTC from Chaos ransomware affiliate "Hors," tied to cyberattacks on Texas firms, on April 15, 2025.

Security Affairs

01.08.2025

Researchers released a decryptor for the FunkSec ransomware

Researchers have released a decryptor for the ransomware FunkSec, allowing victims to recover their encrypted files for free.

Security Affairs

30.07.2025

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm.

Security Affairs

30.07.2025

Orange reports major cyberattack, warns of service disruptions

Orange, France’s largest telecom provider, reported a cyberattack on one of its internal systems, impacting its operations in EU and Africa.

Security Affairs

30.07.2025

Hackers leak images and comments from women dating safety app Tea

The dating safety app Tea was hacked, leaking images, and comments of thousands of users who shared anonymous "red flag" reports on men

Security Affairs

30.07.2025

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

A cyberattack claimed by Ukrainian group Silent Crow and Belarusian Cyber-Partisans crippled Aeroflot ’s systems, canceling over 100 flights.

Security Affairs

29.07.2025

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched.

home›Security Affairs›Software

Security Affairs - Software

Chrome sandbox escape nets security researcher $250,000 reward

Smart Buses flaws expose vehicles to tracking, control, and spying

MedusaLocker ransomware group is looking for pentesters

Google confirms Salesforce CRM breach, faces extortion threat

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

Security Affairs newsletter Round 536 by Pierluigi Paganini – INTERNATIONAL EDITION

BadCam: Linux-based Lenovo webcam bugs enable BadUSB attacks

Embargo Ransomware nets $34.2M in crypto since April 2024

Germany limits police spyware use to serious crimes

French firm Bouygues Telecom suffered a data breach impacting 6.4M customers

Columbia University data breach impacted 868,969 people

Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

WhatsApp cracks down on 6.8M scam accounts in global takedown

U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

Microsoft unveils Project Ire: AI that autonomously detects malware

CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786

Over 100 Dell models exposed to critical ControlVault3 firmware bugs

How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments

CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector

Air France and KLM disclosed data breaches following the hack of a third-party platform

SonicWall dismisses zero-day fears after Ransomware probe

Trend Micro fixes two actively exploited Apex One RCE flaws

New Linux backdoor Plague bypasses auth via malicious PAM module

China Presses Nvidia Over Alleged Backdoors in H20 Chips Amid Tech Tensions

Meta Offers $1M bounty at Pwn2Own Ireland 2025 for WhatsApp exploits

ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

Malicious AI-generated npm package hits Solana users

CISA released Thorium platform to support malware and forensic analysis

PyPI maintainers alert users to email verification phishing attack

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

Apple fixed a zero-day exploited in attacks against Google Chrome users

Dahua Camera flaws allow remote hacking. Update firmware now

Attackers actively exploit critical zero-day in Alone WordPress Theme

FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

Researchers released a decryptor for the FunkSec ransomware

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

Orange reports major cyberattack, warns of service disruptions

Hackers leak images and comments from women dating safety app Tea

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

home
›
Security Affairs
›
Software