Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign

A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025. "The campaign is targeted towards employees of KazMunaiGas or KMG where the threat entity

The Hacker News
Open in Source
#web#android#mac#windows#google#microsoft#nodejs#js#git#backdoor#The Hacker News
Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

A misconfiguration in the sudoers file permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user (www-data) or accessible through a command injection vector, an attacker can overwrite or replace them with malicious payloads. Upon execution with sudo, these scripts run with elevated privileges, allowing the attacker to gain full root access remotely.

Popular Android VPN apps found to have security flaws and China links

A recent report has revealed that many VPNs might allow others to sniff your data—and they're not being honest about who's behind them.

Google Fined $379 Million by French Regulator for Cookie Consent Violations

The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, for violating cookie rules. Both companies set advertising cookies on users' browsers without securing their consent, the National Commission on Informatics and Liberty (CNIL) said. Shein has since updated its systems to comply with

Update your Android! Google patches 111 vulnerabilities, 2 are critical

Google has issued updates to patch a whopping 111 Android vulnerabilities, including two actively exploited ones.

PayPal users targeted in account profile scam

A highly sophisticated email scam is targeting PayPal users with the subject line of "Set up your account profile."

What Is a Passkey? Here’s How to Set Up and Use Them (2025)

Passkeys were built to enable a password-free future. Here's what they are and how you can start using them.

Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack

Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks. The vulnerabilities are listed below - CVE-2025-38352 (CVSS score: 7.4) - A privilege escalation flaw in the Linux Kernel component  CVE-2025-48543 (CVSS score: N/A) - A

Tax refund scam targets Californians

Californians are receiving scammy text messages that tell them they're owed a tax refund. Don't click any links or reply!

Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans

Cybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to deliver banking trojans, to also distribute simpler malware such as SMS stealers and basic spyware. These campaigns are propagated via dropper apps masquerading as government or banking apps in India and other parts of Asia, ThreatFabric said in a report