A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek.
I wrote about this in 2023. Here’s the story: Three Dutch security analysts discovered the vulnerabilities—five in total—in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, butRead More »Encryption Backdoor in Military/Police Radios
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners. The large-scale cybercrime campaign, first detected in August 2025, has been codenamed ShadowCaptchaRead More »ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners
Researchers show how popular AI systems can be tricked into processing malicious instructions by hiding them in images. The post AI Systems Vulnerable to Prompt Injection via Image Scaling Attack appeared first on SecurityWeek.
Auchan confirms that the personal information of hundreds of thousands of customers was stolen in a data breach. The post Hundreds of Thousands Affected by Auchan Data Breach appeared first on SecurityWeek.
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. “A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims to coerce the victim into remitting a ransom payment,”Read More »HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote code execution. The post Organizations Warned of Exploited Git Vulnerability appeared first on SecurityWeek.
Tech giants have received a letter from the FTC urging them not to weaken security and privacy at the request of foreign governments. The post FTC Calls on Tech Firms to Resist Foreign Anti-Encryption Demands appeared first on SecurityWeek.
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store. “Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices,”Read More »Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and Git to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2024-8068 (CVSS score: 5.1) – An improper privilege managementRead More »CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
