Saturday , June 21 2025

Uncategorized

ClickFix Attack Exploits Fake Cloudflare Human Check to Install Malware

fake Cloudflare

A new social engineering attack uses familiar security checks to trick users into downloading malware via fake Cloudflare verification pages. The ClickFix attack technique marks a worrying shift in phishing methods, moving away from traditional file downloads to tricking users into running harmful commands on their own devices. The attack …

Read More »

Google reports 97 zero-days exploited in 2024, 50% in spyware attacks

2024

Google’s Threat Intelligence Group (GTIG) reported that in the year 2024, attackers exploited 75 zero-day vulnerabilities, with over 50% related to spyware attacks. The number of zero-day vulnerabilities is down from 97 in 2023 but up from 63 in 2022. GTIG analysts note that this year-to-year fluctuation reflects an overall …

Read More »

Hackers retain access to patched FortiGate VPNs using symlinks

FortiGate

Recent incidents continue to bring this into focus with active exploitations of known vulnerabilities as investigations by Fortinet have discovered a post exploitation technique used by a threat actor. During the investigation, a threat actor was observed using known vulnerabilities (e.g. FG-IR-22-398, FG-IR-23-097, FG-IR-24-015) to gain access to Fortinet devices. …

Read More »

Google patched 2 Android zero-days and 60 other flaws

Google

In its April 2025 security update, Google patched 62 vulnerabilities in Android, including two zero-days used in targeted attacks. Among the 62 fixed vulnerabilities, most are high-severity elevation of privilege flaws, and two are zero-day vulnerabilities that hackers can easily exploit. CVE-2024-43197 is a critical privilege escalation flaw in the …

Read More »

Apple Warns of 3 Zero Day Vulns Actively Exploited

3 Zero Da

Apple has issued an urgent security advisory about 3 critical zero-day vulnerabilities—CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085—that are being actively exploited in advanced attacks. Multiple Apple devices, including iPhones, iPads, and Macs, are affected by these vulnerabilities. Users should update their devices right away to reduce security risks. Significant Vulnerabilities Under Active …

Read More »

Cyberattack on Malaysian airports: PM rejected $10 million ransom

Airport

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4 million). On March 25, the National Cyber Security Agency (Nacsa) and Malaysia Airports Holdings Berhad (MAHB) announced a cyber-security threat targeting some computer systems at KLIA on March 23. “A …

Read More »

Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws

57 flaws

Microsoft’s March 2025 Patch Tuesday update fixes 57 flaws, including seven zero-day exploits, six of which are actively being exploited. Notably, CVE-2025-24983 is a critical use-after-free flaw in the Windows Win32 Kernel Subsystem linked to the “PipeMagic” backdoor. This update is essential for IT and security professionals as it addresses …

Read More »

Cisco alerts about a Webex flaw that exposes credentials

Webex

Cisco has alerted customers about a vulnerability in Webex for BroadWorks that could allow unauthorized attackers to access credentials remotely. Webex for BroadWorks combines Cisco Webex’s video conferencing and collaboration tools with the BroadWorks unified communications platform. Cisco has not assigned a CVE ID for a security issue but announced …

Read More »