News

A big finish to 2025 in December’s Patch Tuesday

Bys s December 11, 2025

A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up

News

Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets
Bys s November 14, 2025

The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a new espionage-focused campaign. The activity, detected in early September 2025 and assessed to be ongoing, has been codenamed SpearSpecter by the Israel National Digital Agency (INDA)….

Read More Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets
News

Hong Kong plans to revive privacy law requiring firms to report data breaches
Bys s February 7, 2026

Harvey Kong reports: Hong Kong’s privacy watchdog plans to consult lawmakers this year about introducing mandatory data breach reporting and related penalties, the body’s chief has said. Privacy Commissioner for Personal Data Ada Chung Lai-ling on Saturday revealed details about the proposed legislative amendments to the city’s privacy ordinance, after authorities stalled the plan in……

Read More Hong Kong plans to revive privacy law requiring firms to report data breaches
News

SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models
Bys s May 1, 2025

SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. The vulnerabilities in question are listed below – CVE-2023-44221 (CVSS score: 7.2) – Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to

Read More SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models
News

New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Bys s March 18, 2025

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. “This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent

Read More New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
News

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
Bys s May 15, 2025

Cybersecurity researchers have discovered a malicious package named “os-info-checker-es6” that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. “This campaign employs clever Unicode-based steganography to hide its initial malicious code and utilizes a Google Calendar event short link as a dynamic dropper for its final

Read More Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
News

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More
Bys s January 27, 2025

Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to…

Read More Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More

Similar Posts