A novel social engineering technique called “FileFix” that exploits Windows File Explorer’s address bar functionality to execute malicious commands, presenting a dangerous alternative to the increasingly popular ClickFix attack method. The technique, discovered by security researcher mr.d0x, leverages browser file…
Tag: Cyber Security News
Threat Actors Abuse ConnectWise Configuration to Build a Signed Malware
A sophisticated malware campaign has emerged that exploits legitimate ConnectWise remote access software to create validly signed malicious applications, representing a significant evolution in cybercriminal tactics. Since March 2025, security researchers have observed a dramatic increase in attacks using what…
Google Cloud Donates A2A Protocol to Linux Foundation Enables Secure, Intelligent Communication
Google Cloud has transferred its groundbreaking Agent2Agent (A2A) protocol to the Linux Foundation, marking a pivotal moment in artificial intelligence interoperability. The announcement, made at Open Source Summit North America on June 23, 2025, establishes a new collaborative framework for…
Zimbra Classic Web Client Vulnerability Let Attackers Execute Arbitrary JavaScript
A critical security vulnerability has been discovered in Zimbra Classic Web Client that enables attackers to execute arbitrary JavaScript code through stored cross-site scripting (XSS) attacks. The vulnerability, designated as CVE-2025-27915, poses significant risks to organizations using affected Zimbra installations,…
Facebook, Netflix, Microsoft Hijacked to Insert Fake Phone Number
A sophisticated scam operation targeting major American companies, including Netflix, Microsoft, and Bank of America, where attackers manipulate legitimate websites to display fraudulent phone numbers. The attack, technically classified as a search parameter injection attack, exploits vulnerabilities in website search…
2,000+ Devices Hacked Using Weaponized Social Security Statement Themes
A sophisticated phishing campaign masquerading as official Social Security Administration (SSA) communications has successfully compromised more than 2,000 devices, according to a recent investigation. The attack, which leverages the trust associated with government correspondence, represents a concerning evolution in social…
Critical Convoy Vulnerability Let Attackers Execute Remote Code on Affected Servers
A critical security vulnerability has been discovered in Performave Convoy that allows unauthenticated remote attackers to execute arbitrary code on affected servers. The vulnerability, identified as CVE-2025-52562, affects all versions from 3.9.0-rc.3 through 4.4.0 of the ConvoyPanel/panel package. Security researcher…
Xiaomi’s Interoperability App Vulnerability Let Hackers Gain Unauthorized Access to the Victim’s Device
A severe security vulnerability has been discovered in Xiaomi’s interoperability application, potentially exposing millions of users to unauthorized device access. The vulnerability, assigned CVE-2024-45347, carries a severe CVSS score of 9.6, indicating its high-risk nature for affected users. Attackers can…
OPPO Clone Phone Weak WiFi Hotspot Exposes Sensitive Data
A critical security vulnerability has been discovered in OPPO’s Clone Phone feature that could expose sensitive user data through inadequately secured WiFi hotspots. The vulnerability, designated CVE-2025-27387, affects ColorOS 15.0.2 and earlier versions, presenting a high-severity risk with a CVSS…
Pro-Iranian Hacktivists Targeting US Networks Department of Homeland Security Warns
The Department of Homeland Security has issued a critical advisory warning of escalating cyber threats from pro-Iranian hacktivist groups targeting United States networks, as tensions between Iran and the US reach a dangerous new peak following recent military exchanges. The…