Hackers tied to ShinyHunters extort PornHub after stealing search and viewing history of Premium users in a Mixpanel data breach. PornHub faces extortion after hackers linked to ShinyHunters allegedly stole search and viewing history of Premium users via a Mixpanel data breach. Mixpanel is a product analytics platform that companies use to understand how people interact […]
The French interior minister confirmed that a cyberattack breached the Interior Ministry, compromising its email servers. The French Interior Minister Laurent Nunez announced on Friday that threat actors compromised email servers at the Ministry of the Interior. The attack was detected overnight between December 11 and 12, and according to the French interior minister, attackers […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Last week, Apple and […]
The CERT-FR (French Computer Emergency Response Team) is advising iPhone and Android users to fully disable Wi-Fi to reduce risk. CERT-FR warns iPhone and Android users to fully disable Wi-Fi to reduce exposure, citing multiple vulnerabilities across wireless interfaces, apps, OSs, and even hardware. The agency reiterates basic hygiene: install apps only from official stores, review […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [1, 2] Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-14174 is an […]
Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users. Apple and Google have both pushed out urgent security updates after uncovering a highly targeted attacks against an unknown number of users. The attacks abused zero‑day vulnerabilities in their software. The campaign appears to involve nation-state […]
Notepad++ addressed an updater vulnerability that allows attackers hijack update traffic due to weak file authentication. Notepad++ addressed a flaw in its updater that allowed attackers to hijack update traffic due to improper authentication of update files in earlier versions. The popular security researcher Kevin Beaumont first reported that several Notepad++ users faced security incidents. […]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer flaw, tracked as CVE-2025-58360 (CVSS Score of 8.2), to its Known Exploited Vulnerabilities (KEV) catalog. GeoServer is an open-source server that allows users to share and edit geospatial […]
Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising around 700 Internet-facing servers. Gogs is a self-hosted Git service, similar to GitHub, GitLab, or Bitbucket, but designed to be lightweight and easy to deploy. It allows individuals or organizations to host their own Git repositories on their servers, offering features like version […]
Google fixed GeminiJack, a zero-click Gemini Enterprise flaw that could leak corporate data via crafted emails, invites, or documents, Noma Security says. Google addressed a Gemini Enterprise flaw dubbed GeminiJack, which can be exploited in zero-click attacks triggered via crafted emails, invites, or documents. The vulnerability could have exposed sensitive corporate data, according to Noma […]