Alert

NVIDIA has issued important software updates to fix vulnerabilities in its BlueField DPUs, DOCA software, Mellanox DPDK, ConnectX network adapters, Cumulus Linux, and NVOS products. Many of these issues have high to critical severity and can lead to privilege escalation, denial of service, or information disclosure. The most severe vulnerability, …

Google released security updates for September 2025, fixing 120 security flaws in Android, including two vulnerabilities actively exploited in targeted attacks. The vulnerabilities are listed below: CVE-2025-38352 (CVSS score: 7.4): A privilege escalation flaw in the Linux Kernel component CVE-2025-48543 (CVSS score: N/A): A privilege escalation flaw in the Android …

A viral story claims that Google has warned all 2.5 billion Gmail users about account risks due to a recent Salesforce breach, but this is false; no such warning exists. Google has now responded, that “unfortunately, several inaccurate claims surfaced this week incorrectly claiming we issued a broad warning to …

A critical security flaw in the Next.js framework, marked as CVE-2025-29927, lets attackers bypass authorization, threatening web applications. This vulnerability stems from the mishandling of the x-middleware-subrequest header in Next.js middleware, which could allow unauthorized access to sensitive admin areas and protected resources. The vulnerability affects various versions of the …

A new Android malware called SikkahBot is targeting students in Bangladesh by pretending to be official apps from the Bangladesh Education Board. Cyble Research and Intelligence Labs (CRIL) found that this malware has been active since July 2024. According to CRIL, the SikkahBot malware is distributed through shortened URLs, including …

Meta’s WhatsApp Security Team has fixed a zero-day vulnerability (CVE-2025-55177) in WhatsApp for iOS (before v2.25.21.73), WhatsApp Business for iOS (before v2.25.21.78), and WhatsApp for Mac (before v2.25.21.78). According to the advisory, “Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS …

The Hikvision Security Response Center issued advisory revealing three critical vulnerabilities in HikCentral products. CVE identifiers CVE-2025-39245, CVE-2025-39246, and CVE-2025-39247 represent vulnerabilities with moderate to high severity, potentially allowing attackers to execute unauthorized commands, gain elevated privileges, or obtain administrative access. Summary:  (1) There is a CSV Injection Vulnerability in …

Storm-0501 has erased data and backups after stealing information from a victim’s Microsoft Azure environment in a new cloud based ransomware attack. Microsoft Threat Intelligence recently provided details of the tactics deployed by the actor tracked as Storm-0501 in a blog published on August 27. Sherrod DeGrippo, director of Microsoft …

Cisco Systems released a security advisory about a critical denial-of-service vulnerability in the Nexus 3000 and 9000 Series Switches using NX-OS software. The flaw, identified as CVE-2025-20241 and rated 7.4 on the CVSS scale, can let an unauthenticated nearby attacker interrupt essential network services. Cisco explains that “a vulnerability in …

Research by Group-IB has linked cyber-attacks on government organizations in Central Asia and the Asia-Pacific to a threat group called ShadowSilk. The activity started in 2023 and is still ongoing in July 2025, showing clear links to the YoroTrooper group. What’s different now is the size and structure of the …