Taiwan warns Chinese apps like TikTok and WeChat pose security risks due to excessive data collection and data transfers to China. Taiwan National Security Bureau (NSB) warns that Chinese apps like TikTok, WeChat, Weibo, and Baidu Cloud pose security risks due to excessive data collection and data transfer to China, following an official inspection with […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is […]
Hunters International ransomware gang announced its shutdown, citing unspecified “recent developments” and acknowledging its impact. The ransomware group Hunters International announced on its dark web site that it is shutting down, citing “recent developments” without specifying details. The group stated the decision was made after careful consideration and acknowledged the impact on affected organizations. “We, […]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 10 Things I Hate About Attribution: RomCom vs. TransferLoader macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware Warning Against Distribution of Malware Disguised as Research Papers (Kimsuky Group) Dissecting Kimsuky’s […]
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates Critical Sudo bugs expose […]
Critical Sudo flaws let local users gain root access on Linux systems, the vulnerabilities affect major Linux distributions. Cybersecurity researchers disclosed two vulnerabilities in the Sudo command-line utility for Linux and Unix-like operating systems. Local attackers can exploit the vulnerabilities to escalate privileges to root on affected systems. Sudo (short for “superuser do”) is a […]
Google must pay $314M after a California court ruled it misused idle Android users’ data. The case ends a class-action suit filed in August 2019. A San Jose jury ruled that Google misused Android users’ cell phone data and must pay over $314.6 million in damages to affected users in California. Google is liable for […]
A flaw in Catwatchful spyware exposed logins of 62,000 users, turning the spy tool into a data leak, security researcher Eric Daigle revealed. A flaw in the Catwatchful Android spyware exposed its full user database, leaking email addresses and plaintext passwords of both customers and its admin, TechCrunch first reported. Security researcher Eric Daigle first discovered […]
China-linked group Houken hit French govt, telecom, media, finance and transport sectors using Ivanti CSA zero-days, says France’s ANSSI. France’s cyber agency ANSSI revealed that a Chinese hacking group used Ivanti CSA zero-days to target government, telecom, media, finance, and transport sectors. The campaign, active since September 2024, is linked to the Houken intrusion set, […]
Resecurity found a breach in Brazil’s CIEE One platform, exposing PII and documents, later sold by data broker “888” on the dark web. Resecurity identified a data breach of one of the major platforms in Brazil connecting businesses and trainees called CIEE One – leading to the compromise of sensitive PII, including ID records, contact […]