This cybersecurity update covers recent threats, vulnerabilities, and incidents targeting organizations worldwide, emphasizing the importance of resilience and swift action. It highlights developments involving tech giants, nation-state actors, and supply chain attacks affecting multiple systems and entities. #Microsoft #Coinbase #EarthAmmit #Konni #APT28…
Tag: MACOS
DTEX has updated its Insider Threat Advisory highlighting evolved tactics used by DPRK IT workers to infiltrate organizations globally and evade detection, particularly through behavioral and technological indicators. These activities impact corporate insider threat detection, remote access infrastructure, and recruitment systems worldwide. #DPRK #InsiderThreat #RemoteAccess
Attackers have begun using PyInstaller to bundle malicious Python code into Mach-O executables to deploy infostealers targeting macOS systems. This technique allows the malware to run without requiring Python installed on the system, posing a new threat to macOS security. #JamfThreatLabs #macOS
Google Chrome has released a critical security update addressing multiple vulnerabilities, including actively exploited zero-day flaws. This update also brings performance improvements and new user features to enhance browser stability and usability.Affected: Google Chrome, Windows, macOS, Linux…
APT37 conducted a spear phishing campaign disguised as invitations to South Korean national security events, delivering malicious LNK files via Dropbox to execute fileless RoKRAT malware. This campaign exploited trusted cloud services for command and control (C2), challenging detection efforts and impacting endpoint security defenses. #APT37 #RoKRAT #Dropbox #EndpointSecurity
Google released urgent security updates to address a critical vulnerability in Chrome that could allow attackers to take over user accounts through exploitation. The vulnerability has a known public exploit, and patches are now available for users worldwide.Affected: Google Chrome users on Windows, Linux, and macOS.
Google released Chrome 136 to fix four vulnerabilities, including one actively exploited in the wild. The update addresses a critical flaw related to cross-origin data leaks and other security issues.
Affected: Chrome browsers on Windows, macOS, and Linux systems….
Fortinet has released security patches addressing a dozen vulnerabilities across its product range, including a critical zero-day actively exploited against FortiVoice devices. The vulnerabilities could allow remote code execution and authentication bypass, posing significant risks to affected systems. Affected: FortiVoice, Fortinet products (FortiMail, FortiNDR, FortiRecorder, FortiCamera), FortiOS, FortiProxy, FortiSwitchManager, FortiClient, FortiManager,…
This article provides an overview of the top vulnerability scanning tools for 2025, highlighting their features and best-use scenarios. It helps security professionals and enthusiasts choose the right tools to identify and address vulnerabilities effectively.Affected: Security systems, IT infrastructure, web applications, networks, Windows-based environments.
Multiple critical vulnerabilities have been discovered in various Fortinet products, with the most severe allowing arbitrary code execution by remote attackers. Immediate patching and security best practices are recommended to protect affected Fortinet systems from exploitation. #Fortinet #FortiVoice #FortiOS
Microsoft’s May 2025 Patch Tuesday addresses security updates for 72 vulnerabilities, including five actively exploited zero-days and two publicly disclosed flaws. The updates fix critical flaws across various Windows components, affecting systems and services globally, with a focus on elevation of privilege, remote code execution, and information disclosure vulnerabilities.Affected: Microsoft Windows, Microsoft Defender, Microsoft Edge, Microsoft Office, Azure, Visual Studio, Remote Desktop, and other Microsoft services.
Radware has confirmed that the vulnerabilities related to its Cloud Web Application Firewall identified in 2024 were addressed in 2023. Despite initial lack of acknowledgment from Radware, the issues were fixed shortly after reporting, with one resolved immediately and the other through global signature updates. Affected: Radware Cloud WAF and its…
A newly disclosed VMware Tools vulnerability (CVE-2025-22247) allows attackers with limited access to compromise virtual machines by tampering with local files. Broadcom has issued patches for affected versions on Windows and Linux to address this moderate-severity flaw.Affected: VMware, Virtual Machines, VMware Tools, open-vm-tools…
This web content introduces various free and affordable online platforms for learning penetration testing and cybersecurity skills in 2025. It highlights resources like Hack The Box Academy, PortSwigger Web Security Academy, and TryHackMe to help aspiring pentesters accelerate their journey. Affected: cybersecurity training platforms, learners, and aspiring penetration testers
A new ClickFix attack campaign has been observed targeting Windows, Linux, macOS, and even web users by using social engineering techniques that trick victims into executing malicious commands. This campaign is linked to the APT36 group and employs impersonation tactics involving fake government websites to infect systems with information-stealing malware or…