Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that…
Chrome 141 Stable Fixes Two High-Severity Flaws: Heap Overflow in Sync and UAF in Storage
Google has released a new Stable Channel update for Chrome 141.0.7390.65/.66 on Windows and macOS and 141.0.7390.65 for Linux, addressing…
Spyware Disguised as Signal and ToTok Apps Targets UAE Android Users
If you use messaging apps in the United Arab Emirates (UAE), cybersecurity researchers at ESET have identified two mobile spyware campaigns…
Week in review: Many Cisco ASA firewalls still unsecure, hackers claim Red Hat’s GitLab breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Keeping the internet afloat: How…
Leaked Apple iPad Pro M5 benchmark shows massive improvements
A new leaked benchmark shows Apple's alleged M5 chip on an iPad, and it's almost as fast as a desktop CPU. We know that Apple is really good…
New Study Warns Several Free iOS and Android VPN Apps Leak Data
Millions who rely on free mobile Virtual Private Network (VPN) apps for online privacy may actually be putting their data at greater risk,…
Chinese-Speaking Cybercrime Group Hijacks IIS Servers for SEO Fraud
A Chinese-speaking cybercrime group is hijacking trusted Internet Information Services (IIS) worldwide to run SEO scams that redirect users to…
Brave browser surpasses the 100 million active monthly users mark
Brave browser reached 101 million monthly active users and 42 million daily active users this September, marking a new record in the…
Microsoft Defender bug triggers erroneous BIOS update alerts
Microsoft is working to resolve a bug that causes Defender for Endpoint to incorrectly tag some devices' BIOS (Basic Input/Output…
Free VPN Apps Found Riddled With Security Flaws
A large-scale study of free virtual private network (VPN) apps has uncovered serious privacy and security risks that affect both consumers and…
ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More
From unpatched cars to hijacked clouds, this week's Threatsday headlines remind us of one thing — no corner of technology is safe.…
Android spyware campaigns impersonate Signal and ToTok messengers
Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok…
Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro
Cybersecurity researchers have discovered two Android spyware campaigns dubbed ProSpy and ToSpy that impersonate apps like Signal and ToTok to…
Qualcomm Wins “Complete Victory” Over Arm in Major Chip Licensing Lawsuit
The long-standing licensing dispute between Qualcomm and Arm has finally reached its conclusion. On October 1, a U.S. District Court formally…
CISA Warns of Critical RCE Flaw (CVE-2025-10659, CVSS 9.8) in Megasys Telenium Online Web Application
The U.S. Cybersecurity and Infrastructure Agency (CISA) has issued a advisory warning of a critical in the Megasys Telenium Online Web…
Cyber Brief 25-10 – September 2025
Cyber Brief (September 2025)October 1, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 285 open source reports for this Cyber Security…
Sendit sued by the FTC for illegal collection of children data
The Federal Trade Commission (FTC) is suing Sendit's operating company and its CEO for unlawful collection of data from underage users, as…
Apple Security Update Addresses Critical Font Parser Vulnerability Across Multiple Platforms
Apple has rolled out a series of important security updates across multiple platforms, addressing a vulnerability affecting the system font…
WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File
WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple’s iOS, macOS, and iPadOS platforms, detailed with a proof of…
Google Project Zero Exposes ASLR Bypass Vulnerability in Apple’s Serialization Framework
Google Project Zero has revealed a new technique capable of bypassing Address Space Layout Randomization (ASLR) protections on Apple devices.…
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module
Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited…
Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs
Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating…
LastPass: Fake password managers infect Mac users with malware
LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through…
Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More
The security landscape now moves at a pace no patch cycle can match. Attackers aren't waiting for quarterly updates or monthly…
Apple’s In-House Chips Pave the Way for On-Device AI Revolution
In recent years, Apple has vigorously advanced its strategy of self-developing chips, evolving from the A-series and M-series processors to…
Top Zero-Day Vulnerabilities Exploited in the Wild in 2025
The cybersecurity landscape in 2025 has been marked by an unprecedented surge in zero-day vulnerabilities actively exploited by threat actors.…
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that…
Microsoft starts rolling out Gaming Copilot on Windows 11 PCs
Microsoft has begun rolling out the beta version of its AI-powered Gaming Copilot to Windows 11 systems for users aged 18 or older, excluding…
17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge
The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316…
The iPhone Fold is Coming: Apple’s 2026 Strategy Revealed
According to a report by Nikkei Asia, Apple has recently informed its supply chain partners that shipments of the iPhone 18 series, slated for…
Google pushes emergency patch for Chrome 0-day – check your browser version now
Google pushed an emergency patch for a high-severity Chrome flaw, already under active exploitation. So it's time to make sure you're running…
Fake Empire Podcast Invites Target Crypto Industry with macOS AMOS Stealer
A new phishing campaign is targeting developers and influencers in the crypto industry with fake interview requests that impersonate a popular…
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
Google on Wednesday released security updates for the Chrome web browser to address four vulnerabilities, including one that it said has been…
CVE-2025-43300: Apple’s Critical Zero-Day ImageIO Vulnerability
IntroductionSecurity researchers and Apple users alike are on high alert following the discovery and active exploitation of…
Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad
Apple has released iOS 16.7.12 and iPadOS 16.7.12 on September 15, 2025, delivering critical security updates to older-generation…
Apple 0-day likely used in spy attacks affected devices as old as iPhone 8
Apple backported a fix to older iPhones and iPads for a serious bug it patched last month – but only after it may have been exploited in…
New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site
Cybersecurity researchers have warned of a new campaign that's leveraging a variant of the FileFix social engineering tactic to deliver the…
Apple backports zero-day patches to older iPhones and iPads
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that…
Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in…
Apple Ends iCloud Support for Older Devices
According to Apple’s newly published support documentation, devices running iOS 10 or macOS 10.12 no longer meet the minimum system…
Apple Releases iOS 26: Key Updates and Vulnerability Patches
On September 15, 2025, Apple officially rolled out iOS 26 and iPadOS 26, bringing a fresh set of features and critical security fixes aimed at…
⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
In a world where threats are persistent, the modern CISO's real job isn't just to secure technology—it's to preserve institutional trust…