Category Security

Jan 28, 2025Ravie LakshmananVulnerability / Endpoint Security Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085, has been…

Security researchers have revealed how attackers could exploit a vulnerability in Subaru vehicle infotainment systems to remotely track and even unlock and start connected cars. Ethical hacker, Sam Curry, explained in a blog post late last week that he found…

A newly uncovered phishing campaign is targeting mobile users with advanced social engineering tactics and malicious PDF files designed to compromise sensitive data. The campaign, which impersonates the United States Postal Service (USPS), employs a never-before-seen obfuscation technique to deliver its…

The Open Web Application Security Project has recently introduced a new Top 10 project – the Non-Human Identity (NHI) Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10…

Residents of Tbilisi, the capital city of Georgia, experienced an unexpected and unusual start to their Friday morning commute. As they boarded their public transport buses, they were greeted by a barrage of sound emanating from the vehicles’ speakers. These…

A new report has revealed a surge in the use of so-called “hidden text salting” techniques to evade email security measures in the latter half of 2024.  This method, also known as “poisoning,” allows cybercriminals to bypass spam filters, confuse…

Jan 27, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user’s Git credentials. “Git…

Software as a Service (SaaS) breaches surged by 300% from in the 12 months from September 2023 as traditional security measures fail to prevent such attacks. This according to new findings by Obsidian Security, which observed that sophisticated cybercriminal groups…

Jan 27, 2025Ravie LakshmananCybersecurity / Recap Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key…

Most CISOs plan to enhance their crisis simulation capabilities in 2025 to better prepare for potential full-scale cyber crises, according to a new study by Hack The Box. Of the 200 UK and US-based CISOs surveyed, 74% said they plan…