Police Fanned Out Early Sunday Brandishing an Advisory of a CVSS 10 Vulnerability David Meyer • March 25, 2026 German police apparently on their way to wake up a system administrator at 3 a.m. (Image: Shutterstock) Police officers across Germany roused corporate IT administrators during the early hours of Sunday morning. Their message … Read more
CRM-Obsessed ShinyHunters Gang Exploits Misconfigured Customer Experience Portals Mathew J. Schwartz (euroinfosec) • March 10, 2026 Image: Jonathan Weiss/Shutterstock A prolific and noisy cybercrime gang with a penchant for stealing Salesforce customers’ data and holding it ransom is taking advantage of misconfigured guest accounts meant to provide public access to services meant to … Read more
Researchers Say PromptSpy Automates Persistence on Infected Devices Pooja Tikekar (@PoojaTikekar) • February 20, 2026 Image: Shutterstock A newly discovered Android malware strain is using Google’s Gemini generative artificial intelligence model to automate part of its persistence mechanism, marking what researchers describe as the second known case of AI-driven mobile malware. See Also: … Read more
ShinyHunters Campaign Uses Voice Phishing to Bypass MFA and Steal Corporate Data Mathew J. Schwartz (euroinfosec) • January 28, 2026 Image: Oleksandr Yashchuk/Shutterstock Single sign-on customers of identity provider Okta should be on alert against attackers seeking to gain access to their corporate network, steal data and hold it to ransom, security experts … Read more
Critical Infrastructure Security Telnet Flaw Allows Unauthenticated Users to Gain Root Access Mathew J. Schwartz (euroinfosec) • January 27, 2026 Hackers are on the hunt for open Telnet ports in servers after discovering that a version of legacy client-server application protocol is vulnerable to an authentication bypass vulnerability. More than 800,000 servers could … Read more
Ravie LakshmananJan 27, 2026Zero-Day / Vulnerability Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office. “Reliance on untrusted inputs in a … Read more
Jun 03, 2025Ravie LakshmananUnited States Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified “malicious multi-stage downloader Powershell scripts” hosted on lure websites that … Read more
Jun 03, 2025Ravie LakshmananBrowser Security / Vulnerability Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in … Read more
Jun 02, 2025Ravie LakshmananMobile Security / Vulnerability Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows – CVE-2024-13915 (CVSS score: … Read more
Apr 09, 2025Ravie LakshmananEndpoint Security / Vulnerability Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild. Of the 126 vulnerabilities, 11 are rated Critical, 112 are rated Important, and two are rated Low in … Read more