Auchan confirms that the personal information of hundreds of thousands of customers was stolen in a data breach. The post Hundreds of Thousands Affected by Auchan Data Breach appeared first on SecurityWeek.
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. “A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims to coerce the victim into remitting a ransom payment,”Read More »HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote code execution. The post Organizations Warned of Exploited Git Vulnerability appeared first on SecurityWeek.
Tech giants have received a letter from the FTC urging them not to weaken security and privacy at the request of foreign governments. The post FTC Calls on Tech Firms to Resist Foreign Anti-Encryption Demands appeared first on SecurityWeek.
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store. “Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices,”Read More »Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and Git to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2024-8068 (CVSS score: 5.1) – An improper privilege managementRead More »CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance Beijing’s strategic interests. “This multi-stage attack chain leverages advanced social engineering including valid code signing certificates, an adversary-in-the-middle (AitM) attack, and indirectRead More »UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It hasRead More »Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Researchers unveil OneFlip, a Rowhammer-based attack that flips a single bit in neural network weights to stealthily backdoor AI systems without degrading performance. The post OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail appeared first on SecurityWeek.
Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to deliver a malware loader called UpCrypter. The campaign leverages “carefully crafted emails to deliver malicious URLs linked to convincing phishing pages,” Fortinet FortiGuard Labs researcher Cara Lin said. “These pages are designed to enticeRead More »Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
