Security
Headlines
HeadlinesLatestCVEs

Tag

#git

How China’s Propaganda and Surveillance Systems Really Operate

A series of corporate leaks show that Chinese technology companies function far more like their Western peers than one might imagine.

Wired
#web#git#intel#auth
AI-Enhanced Malware Sports Super-Stealthy Tactics

With legit sounding names, EvilAI's "productivity" apps are reviving classic threats like Trojans while adding new evasion capabilities against modern antivirus defenses.

Beaches and breaches

Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware.

GHSA-765j-9r45-w2q2: Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

### Impact When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT tokens even after the user is disabled on the authentication provider. ### Patches Upgrade to Flask-AppBuilder version 4.8.1 or later ### Workarounds If immediate upgrade is not possible: - Manually disable password reset routes in the application configuration - Implement additional access controls at the web server or proxy level to block access to the reset my password URL. - Monitor for suspicious password reset attempts from disabled accounts

New Google AppSheet Phishing Scam Deliver Fake Trademark Notices

A phishing scam is exploiting Google’s trusted AppSheet platform to bypass email filters. Learn how hackers are using…

Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity

Google on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content. To that end, support for C2PA's Content Credentials has been added to Pixel Camera and Google Photos apps for Android. The move, Google said, is designed to further digital media

Fake Bureau of Motor Vehicles texts are after your personal and banking details

Many state departments are warning about scam text messages targeting motorists. Here's how you can recognize them.

Siemens SIMOTION Tools

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable locally Vendor: Siemens Equipment: SIMOTION Tools Vulnerability: Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code with SYSTEM privileges when a legitimate user installs an application that uses the affected setup component. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SIMATIC Technology Package TPCamGen (6ES7823-0FE30-1AA0): All versions SIMOTION OA MIIF (6AU1820-3DA20-0AB0): All versions SIMOTION OACAMGEN (6AU1820-3EA20-0AB0): All versions...

‘Astronaut-in-distress’ romance scammer steals money from elderly woman

A Japanese octogenarian lost thousands of dollars after being scammed by someone who described himself as an astronaut in need of help.

SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers

Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. Cybersecurity firm Rapid7 said it observed a spike in intrusions involving SonicWall appliances over the past month, particularly following reports about renewed Akira ransomware activity since late July 2025. SonicWall subsequently revealed the SSL VPN activity aimed at its