Trend Micro patched two critical Apex One flaws (CVE-2025-54948, CVE-2025-54987) exploited in the wild, allowing RCE via console injection. Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025-54948 and CVE-2025-54987 (CVSS score of 9.4), in Apex One on-prem…
Tag: Security Affairs
WhatsApp cracks down on 6.8M scam accounts in global takedown
WhatsApp removed 6.8M accounts linked to global scam centers, mainly in Cambodia, in a crackdown with Meta and OpenAI. Meta announced that WhatsApp has removed 6.8 million accounts tied to criminal scam centers, mainly in Cambodia, in a joint effort…
Google fixed two Qualcomm bugs that were actively exploited in the wild
Google addressed multiple Android flaws, including two Qualcomm vulnerabilities that were actively exploited in the wild. Google released security updates to address multiple Android vulnerabilities, including two Qualcomm flaws, tracked as CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5),…
U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities…
Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty
Microsoft offers up to $5M for Zero Day Quest 2026 bug hacking contest; top researchers join live hacking event after fall 2025 submissions. Microsoft is bringing back its live hacking contest, Zero Day Quest, in spring 2026, and this time, it’s…
Cisco disclosed a CRM data breach via vishing attack
Cisco disclosed CRM data breach via vishing attack; basic user info was exposed, but no sensitive data or systems were compromised Cisco has confirmed a data breach involving a third-party CRM system, exposing basic profile details (e.g. names, emails, and…
Exposed Without a Breach: The Cost of Data Blindness
These are in plain sight without a Breach. No ransomware. No compromise. Just misconfigured systems, overpermissioned users, silent access. When we think of a breach, we imagine firewalls failing, malware spreading, or hackers stealing credentials. But 2025 has made something…
SonicWall investigates possible zero-day amid Akira ransomware surge
SonicWall probes possible new zero-day after spike in Akira ransomware attacks on Gen 7 firewalls with SSLVPN enabled. SonicWall is investigating a potential new zero-day after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN enabled. The…
Chaining NVIDIA’s Triton Server flaws exposes AI systems to remote takeover
New flaws in NVIDIA’s Triton Server let remote attackers take over systems via RCE, posing major risks to AI infrastructure. Newly revealed security flaws in NVIDIA’s Triton Inference Server for Windows and Linux could let remote, unauthenticated attackers fully take…
Hacking group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer
The cybercrime D4rk4rmy added the Monte-Carlo Société des Bains de Mer to the list of victims on its Tor dark web leak site. The cybercrime group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer (SBM). The company…