Skip to content
Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. “This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems,” Blackfog researcher Brenda RobbRead More »Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function thatRead More »CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

Friday Squid Blogging: New “Squid” Sneaker

I did not know Adidas sold a sneaker called “Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

More on Rewiring Democracy

It’s been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good. Some of the book’s forty-three chapters are available online: chapters 2, 12, 28, 34, 38, and 41. We need more reviews—six on Amazon is notRead More »More on Rewiring Democracy

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioningRead More »Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring

Other noteworthy stories that might have slipped under the radar: surge in Palo Alto Networks scanning, WEL Companies data breach impacts 120,000 people, AI second-order prompt injection attack. The post In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring appeared first on SecurityWeek.

Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple’s equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices. The cross-platform sharing feature is currently limited to the Pixel 10Read More »Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

Copyright © 2026 infosecintel.net