NCSC Warns of Malware Campaign Using Fake PDF Editors
September 2, 2025
The NCSC uncovered a malware campaign using fake PDF editors and manual finder tools to turn devices into residential proxies,
Application Security
NCSC Warns of Malware Campaign Using Fake PDF Editors
The NCSC uncovered a malware campaign using fake PDF editors and manual finder tools to turn devices into residential proxies, enabling criminals to mask their ...
Brokewell Android Malware Spread Through Fake TradingView Ads
Cybercriminals are exploiting Meta’s ad network to push fake TradingView Premium apps that secretly install Brokewell malware on Android devices, stealing data and hijacking user ...
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
A critical zero-day in Microsoft SharePoint, tracked as CVE-2025-53770, is being widely exploited in espionage and ransomware campaigns. Dubbed “ToolShell,” the flaw enables unauthenticated remote ...
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
GreyNoise detected nearly 1,971 IPs scanning Microsoft RDP Web Auth portals to test timing flaws and enumerate usernames, potentially preparing credential-based attacks during US back-to-school ...
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
MathWorks disclosed a ransomware attack exposing PII for more than 10,000 users; intrusion lasted from April 17 to May 18, with services disrupted for nearly ...
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
A newly advertised data-scraping service claims to index 1.8 billion Discord messages, 207 million voice sessions, and profiles from 35 million users. Researchers warn the ...
Silk Typhoon Hackers Hijack Captive Portals to Deliver PlugX Backdoor
Silk Typhoon used captive-portal AitM redirects to deliver a signed dropper that decrypts and side-loads a PlugX-variant backdoor, GTIG reports and blocks domains.
Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks
Microsoft has patched CVE-2025-53783, a heap-based buffer overflow in Teams that enables remote code execution across desktop, mobile, and hardware devices. Though exploitation requires social ...
Google to Verify Android Developers: A New Era in App Security Emerges
Google is rolling out its Developer Verification program, requiring all Android developers—inside and outside the Play Store—to verify their identity by 2027. The policy aims ...
Brokewell Android Malware Spread Through Fake TradingView Ads
September 2, 2025
Cybercriminals are exploiting Meta’s ad network to push fake TradingView Premium apps that secretly install Brokewell malware on Android devices,
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
September 2, 2025
A critical zero-day in Microsoft SharePoint, tracked as CVE-2025-53770, is being widely exploited in espionage and ransomware campaigns. Dubbed “ToolShell,”
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
August 28, 2025
GreyNoise detected nearly 1,971 IPs scanning Microsoft RDP Web Auth portals to test timing flaws and enumerate usernames, potentially preparing
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
August 28, 2025
MathWorks disclosed a ransomware attack exposing PII for more than 10,000 users; intrusion lasted from April 17 to May 18,
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
August 28, 2025
A newly advertised data-scraping service claims to index 1.8 billion Discord messages, 207 million voice sessions, and profiles from 35
Silk Typhoon Hackers Hijack Captive Portals to Deliver PlugX Backdoor
August 28, 2025
Silk Typhoon used captive-portal AitM redirects to deliver a signed dropper that decrypts and side-loads a PlugX-variant backdoor, GTIG reports
Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks
August 28, 2025
Microsoft has patched CVE-2025-53783, a heap-based buffer overflow in Teams that enables remote code execution across desktop, mobile, and hardware
Google to Verify Android Developers: A New Era in App Security Emerges
August 27, 2025
Google is rolling out its Developer Verification program, requiring all Android developers—inside and outside the Play Store—to verify their identity
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.