Docker fixed a critical flaw in the Docker Desktop app for Windows and macOS that could potentially allow an attacker to escape the confines of a container. Docker fixed a critical vulnerability, tracked as CVE-2025-9074 (CVSS score of 9.3), impacting Docker Desktop app for Windows and macOS. An attacker can exploit the flaw to potentially escape […]
New Android spyware Android.Backdoor.916.origin is disguised as an antivirus linked to Russia’s intelligence agency FSB, and targets business executives. Doctor Web researchers observed a multifunctional backdoor Android.Backdoor.916.origin targeting Android devices belonging to representatives of Russian businesses. The malware executes attacker commands, enabling surveillance, keylogging, and theft of chats, browser data, and even live camera/audio streams. […]
China-linked Silk Typhoon APT group ramp up North America attacks, exploiting n-day and zero-day flaws for system access, CrowdStrike warns. China-linked Silk Typhoon APT group (aka Murky Panda) targets organizations in North America exploiting n-day and zero-day flaws for system access, CrowdStrike warns. This Chinese APT has one of the widest targeting scopes. In March, […]
Microsoft halts PoC exploit sharing with Chinese firms after SharePoint zero-day leaks, giving only written bug details to curb future abuse. Microsoft has reportedly stopped giving Chinese firms proof-of-concept exploit code through its Microsoft Active Protections Program (MAPP) program after July’s mass exploitation of SharePoint flaws, believed linked to a leak of early bug disclosures. […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS, iPadOS, and macOS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS, iPadOS, and macOS flaw, tracked as CVE-2025-43300, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Apple addressed the actively exploited zero-day CVE-2025-43300 in iOS, iPadOS, and […]
Orange Belgium revealed that a July attack resulted in the exposure of the information of 850,000 customer accounts. Orange Belgium announced that 850,000 customer accounts were impacted by a July data breach. Threat actors had access to one of the IT systems containing customers data, including surname, first name, telephone number, SIM card number, PUK […]
Apple addressed a vulnerability impacting iOS, iPadOS, and macOS that it is under active exploitation in the wild. Apple addressed an actively exploited zero-day, tracked as CVE-2025-43300, in iOS, iPadOS, and macOS. The vulnerability is zero-day out-of-bounds write issue that resides in the ImageIO framework, an attacker could exploit it to cause memory corruption when processing […]
Hackers exploit Apache ActiveMQ flaw to install DripDropper on Linux, then patch it to block rivals and hide their tracks. Red Canary researchers observed attackers exploit a 2-year-old Apache ActiveMQ vulnerability, tracked as CVE-2023-46604 (CVSS score of 10.0), to gain persistence on cloud Linux systems and deploy DripDropper malware. Uniquely, they patch the flaw post-exploit […]
A 20-year-old Scattered Spider member gets 10 years in prison and $13M restitution for SIM-swapping crypto thefts. Scattered Spider hacker, Noah Michael Urban (20), was sentenced to 10 years in U.S. prison and ordered to pay $13M restitution for SIM-swapping crypto thefts. “A 20-year-old Palm Coast man linked to a massive cybercriminal gang was sentenced […]
FBI warns FSB-linked group Static Tundra is exploiting a 7-year-old Cisco IOS/IOS XE flaw to gain persistent access for cyber espionage. The FBI warns that Russia-linked threat actor Static Tundra exploits Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to target organizations in the […]