Samsung Patches Zero-Day Exploited Against Android Users
Samsung’s September 2025 security updates for Android devices include a patch for a vulnerability that has been exploited in the wild. The exploited bug, tracked…
Month: September 2025
New VoidProxy PhaaS Service Attacking Microsoft 365 and Google Accounts
In recent months, security teams have observed a significant increase in sophisticated phishing campaigns leveraging a newly discovered Phishing-as-a-Service (PhaaS) platform dubbed VoidProxy. The operation,…
AppSuite-PDF, PDF Editor Operators Exploited 26 Code-Signing Certificates to Fake Legitimacy
Analysis reveals that the developers behind the AppSuite-PDF and PDF Editor campaigns have abused at least 26 distinct code-signing certificates over the past seven years…
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns
A new artificial intelligence (AI)-powered penetration testing tool linked to a China-based company has attracted nearly 11,000 downloads on the Python Package Index (PyPI) repository,…
Microsoft Warns Of Windows 11 23H2 Support Ending In 60 Days
Microsoft has issued an official reminder that support for Windows 11 version 23H2 Home and Pro editions is set to expire in approximately 60 days.…
Microsoft Warns Windows 11 23H2 Support Ending in 60 Days
Microsoft has issued an urgent reminder to enterprise and educational institutions worldwide about the impending end of support for Windows 11 version 22H2. With just…
Go big or go home: Should UK IT buyers favour US clouds or homegrown providers?
Governments across the continent are increasingly championing the use of local, homegrown providers and tightening the rules on where the data of their citizens can…
INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance
INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance Pierluigi Paganini September 15, 2025 Panama’s Ministry of Economy and Finance disclosed…
FlowiseAI Password Reset Token Vulnerability Allows Account Takeover
A critical vulnerability affecting FlowiseAI’s Flowise platform has been disclosed, revealing a severe authentication bypass flaw that allows attackers to perform complete account takeovers with…
Yurei Ransomware Uses PowerShell to Deploy ChaCha20 File Encryption
A newly discovered ransomware group called Yurei has emerged with sophisticated encryption capabilities, targeting organizations through double-extortion tactics while leveraging open-source code to rapidly scale…
Most enterprise AI use is invisible to security teams
Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen,…
HiddenGh0st, Winos and kkRAT Exploit SEO, GitHub Pages in Chinese Malware Attacks
Chinese-speaking users are the target of a search engine optimization (SEO) poisoning campaign that uses fake software sites to distribute malware. “The attackers manipulated search…