A critical vulnerability allowing hackers to bypass multifactor authentication in network management devices made by Citrix has been actively exploited for more than a month, researchers said. The finding is at odds with advisories from the vendor saying there is no evidence of in-the-wild exploitation. Tracked as CVE-2025-5777, the vulnerability shares similarities with CVE-2023-4966, a… Read More »
Starting today, Google is implementing a change that will enable its Gemini AI engine to interact with third-party apps, such as WhatsApp, even when users previously configured their devices to block such interactions. Users who don’t want their previous settings to be overridden may have to take action. An email Google sent recently informing users… Read More »
Genevieve Stark, head of cybercrime analysis at Google Threat Intelligence Group, said DragonForce could be attempting to attract RansomHub’s affiliates. The hacking group is also believed to be behind attacks on the pages of other rivals, including BlackLock and Mamona, according to Sophos. Stark warned that whatever the motive, the fallout brings with it an… Read More »
The maker of a phone app that is advertised as providing a stealthy means for monitoring all activities on an Android device spilled email addresses, plain-text passwords, and other sensitive data belonging to 62,000 users, a researcher discovered recently. A security flaw in the app, branded Catwatchful, allowed researcher Eric Daigle to download a trove… Read More »
AT&T is rolling out a protection that prevents unauthorized changes to mobile accounts as the carrier attempts to fight a costly form of account hijacking that occurs when a scammer swaps out the SIM card belonging to the account holder. The technique, known as SIM swapping or port-out fraud, has been a scourge that has… Read More »
The Sinaloa drug cartel in Mexico hacked the phone of an FBI official investigating kingpin Joaquín “El Chapo” Guzmán as part of a surveillance campaign “to intimidate and/or kill potential sources or cooperating witnesses,” according to a recently published report by the Justice Department. The report, which cited an “individual connected to the cartel,” said… Read More »
On Wednesday, CISA added CVE-2024-54085 to its list of vulnerabilities known to be exploited in the wild. The notice provided no further details. In an email on Thursday, Eclypsium researchers said the scope of the exploits has the potential to be broad. That scope includes: Attackers could chain multiple BMC exploits to implant malicious code… Read More »
Ubuntu users could see up to a 20 percent boost in graphics performance on Intel-based systems under a change that will turn off security mitigations for blunting a class of attacks known as Spectre. Spectre, you may recall, came to public notice in 2018. Spectre attacks are based on the observation that performance enhancements built… Read More »
Hackers suspected of working on behalf of the Chinese government exploited a maximum-severity vulnerability, which had received a patch 16 months earlier, to compromise a telecommunications provider in Canada, officials from that country and the US said Monday. “The Cyber Centre is aware of malicious cyber activities currently targeting Canadian telecommunications companies,” officials for the… Read More »
Large-scale attacks designed to bring down Internet services by sending them more traffic than they can process keep getting bigger, with the largest one yet, measured at 7.3 terabits per second, being reported Friday by Internet security and performance provider Cloudflare. The 7.3Tbps attack amounted to 37.4 terabytes of junk traffic that hit the target… Read More »