Federal prosecutors unsealed criminal complaints today against David Jose Gomez Cegarra, 24, and Jesus Segundo Hernandez-Gil, 19, members of the Tren de Aragua Gang, for allegedly orchestrating a coordinated ATM “jackpotting” campaign across four U.S. states. The defendants face charges…
Tag: Cyber Security News
ZITADEL IDOR Vulnerabilities Let Attackers Modify Sensitive Settings
A critical Insecure Direct Object Reference (IDOR) vulnerability chain in ZITADEL’s administration interface (CVE-2025-27507) has exposed organizations to systemic risks of account takeover and configuration tampering. Rated 9.0/10 on the CVSS v3.1 scale, these flaws enable authenticated low-privilege users to…
Google Announces AI-Powered Scam Detector For Android Users
In its latest Android security update, Google has unveiled a dual-layer defense system combining AI-powered scam detection for both text messages and voice calls. The new features, powered by Gemini Nano AI models operating entirely on-device, aim to combat the…
LibreOffice Vulnerability Let Attackers Execute Arbitrary Script Using Macro URL
A critical security vulnerability in LibreOffice tracked as CVE-2025-1080, has exposed millions of users to potential remote code execution attacks through manipulated macro URLs. Patched in versions 24.8.5 and 25.2.1 released on March 4, 2025, this flaw allowed attackers to…
Critical Kibana Vulnerability Let Attackers Execute Arbitrary Code
Elastic has issued an urgent security advisory for a critical vulnerability in Kibana, tracked as CVE-2025-25012, that allows authenticated attackers to execute arbitrary code on affected systems. The flaw, rated 9.9 on the CVSS v3.1 scale, stems from a prototype…
Google Silently Tracks Android Device Even No Apps Opened by User
Google collects and stores significant amounts of user data on Android devices, even when users haven’t opened any Google apps. The study by Professor D.J. Leith from Trinity College Dublin, documents for the first time how pre-installed Google apps silently…
Android App With 220,000+ Downloads From Google Play Installs Banking Trojan
A sophisticated Android banking trojan campaign leveraging a malicious file manager application accumulated over 220,000 downloads on the Google Play Store before its removal. Dubbed Anatsa (also known as TeaBot), the malware targets global financial institutions through a multi-stage infection…
SecP0 Ransomware Group Threatens Organizations to Leak Vulnerability Details
A new ransomware group, SecP0, has emerged on the cybercrime landscape, adopting a novel and deeply concerning tactic: demanding ransom payments not for encrypted data, but for undisclosed software vulnerabilities. This shift in strategy represents a significant evolution in ransomware…
Two Hackers Arrested for Stealing Taylor Swift Era Concert Tickets Worth $600k
In a sophisticated cybercrime operation targeting high-demand events, two individuals were arrested this week for allegedly orchestrating a $600,000 ticket theft scheme involving Taylor Swift’s Eras Tour and other major concerts. Queens District Attorney Melinda Katz revealed that Tyrone Rose,…
Google Announces GoStringUngarbler Tool to Decrypt Go Based Malware
In a landmark development for cybersecurity infrastructure, Google’s Mandiant subsidiary has unveiled GoStringUngarbler – an open-source deobfuscation framework designed to neutralize advanced string encryption techniques in Go-based malware. This innovation specifically targets binaries obfuscated using garble, an increasingly prevalent obfuscation…