A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Man-in-the-Prompt:…
Tag: Security Affairs
Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems
Man-in-the-Prompt: a new threat targeting AI tools like ChatGPT and Gemini via simple browser extensions, no complex attack needed. A new type of threat is alarming the world of cyber security: it is called Man-in-the-Prompt and is capable of compromising…
EncryptHub abuses Brave Support in new campaign exploiting MSC EvilTwin flaw
EncryptHub actor exploits Windows flaw CVE-2025-26633 (“MSC EvilTwin”) with rogue MSC files and social engineering to drop malware. The threat actor EncryptHub exploits the now-patched Windows flaw CVE-2025-26633 (“MSC EvilTwin”) using rogue MSC files and social engineering to deliver malware,…
Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset
APT group UAT-7237, linked to UAT-5918, targets web infrastructure in Taiwan using customized open-source tools to maintain long-term access. A Chinese-speaking advanced persistent threat (APT) group, tracked as UAT-7237, has been observed targeting web infrastructure entities in Taiwan using customized…
New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers
PhantomCard, an NFC-driven Android Trojan in Brazil, relays card data to fraudsters, spread via fake Google Play “card protection” apps. ThreatFabric warns of PhantomCard, a new Android NFC-driven trojan targeting Brazilian banking customers and possibly expanding globally. The malicious code is based…
‘Blue Locker’ Ransomware Targeting Oil & Gas Sector in Pakistan
Blue Locker ransomware hits Pakistan’s oil & gas sector, severely impacting Pakistan Petroleum; NCERT warns ministries of severe ongoing risk. This week Pakistan’s National Cyber Emergency Response Team (NCERT – National CERT – Pakistan) has issued an advisory to 39…
Cisco fixed maximum-severity security flaw in Secure Firewall Management Center
Cisco patches critical Secure Firewall Management Center flaw allowing remote code execution on vulnerable systems. Cisco released security updates to address a maximum-severity security vulnerability, tracked as CVE-2025-20265 (CVSS score of 10.0), in Secure Firewall Management Center (FMC) Software. The…
Hackers exploit Microsoft flaw to breach Canada ’s House of Commons
Hackers breached Canada ’s House of Commons, exploiting a recent Microsoft flaw, compromising data, according to CBC News. Threat actors reportedly breached Canada’s House of Commons by exploiting a recently disclosed Microsoft vulnerability. “The House of Commons and Canada’s cybersecurity…
Norway confirms dam intrusion by Pro-Russian hackers
Norway’s security service PST says pro-Russian hackers took over a dam in April, opening outflow valves. Norway’s Police Security Service (PST) says pro-Russian hackers seized control of a dam’s systems in April, opening outflow valves. On April 7, the attackers…
U.S. CISA adds N-able N-Central flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds N-able N-Central flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added N-able N-Central flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for…