information security news

Chinese Android phones shipped with malware-laced WhatsApp, Telegram appsChinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June…

1 week ago
Cyber Threats Against Energy Sector Surge as Global Tensions MountCyber Threats Against Energy Sector Surge as Global Tensions Mount

Cyber Threats Against Energy Sector Surge as Global Tensions Mount

Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims.…

1 week ago
Critical Apache Roller flaw allows to retain unauthorized access even after a password changeCritical Apache Roller flaw allows to retain unauthorized access even after a password change

Critical Apache Roller flaw allows to retain unauthorized access even after a password change

A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4…

1 week ago
Meta will use public EU user data to train its AI modelsMeta will use public EU user data to train its AI models

Meta will use public EU user data to train its AI models

Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish…

1 week ago
Hertz disclosed a data breach following 2024 Cleo zero-day attackHertz disclosed a data breach following 2024 Cleo zero-day attack

Hertz disclosed a data breach following 2024 Cleo zero-day attack

Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz,…

1 week ago
Gladinet flaw CVE-2025-30406 actively exploited in the wildGladinet flaw CVE-2025-30406 actively exploited in the wild

Gladinet flaw CVE-2025-30406 actively exploited in the wild

Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress…

1 week ago
New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firmsNew malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

New malware ‘ResolverRAT’ is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. Morphisec researchers discovered a…

1 week ago
Malicious NPM packages target PayPal usersMalicious NPM packages target PayPal users

Malicious NPM packages target PayPal users

Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. Fortinet researchers discovered multiple malicious NPM packages that…

1 week ago
Tycoon2FA phishing kit rolled out significant updatesTycoon2FA phishing kit rolled out significant updates

Tycoon2FA phishing kit rolled out significant updates

The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a…

1 week ago
South African telecom provider Cell C disclosed a data breach following a cyberattackSouth African telecom provider Cell C disclosed a data breach following a cyberattack

South African telecom provider Cell C disclosed a data breach following a cyberattack

Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell…

1 week ago