Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Patch now: Samsung zero-day lets attackers take over your phone

A critical vulnerability that affects Samsung mobile devices was exploited in the wild to distribute LANDFALL spyware.

Malwarebytes
Open in Source
#vulnerability#ios#android#git#rce#samsung#auth#zero_day#sap#ssl
How credentials get stolen in seconds, even with a script-kiddie-level phish

Even a sloppy, low-skill phish can wreck your day. We go under the hood of this basic credential-harvesting campaign.

Stolen iPhones are locked tight, until scammers phish your Apple ID credentials

Stolen iPhones are hard to hack, so thieves are phishing the owners instead. How fake ‘Find My’ messages trick victims into sharing their Apple ID login.

CISO's Expert Guide To AI Supply Chain Attacks

AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide to AI Supply chain attacks here.  TL;DR AI-enabled supply chain attacks are exploding in scale and sophistication - Malicious package uploads to open-source repositories jumped 156% in

Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories

Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package with the intent to target GitHub-owned repositories. "We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish

Fake NPM Package With 206K Downloads Targeted GitHub for Credentials

Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation's code.

Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers

Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model. According to its seller, the malware enables device control and espionage, allowing threat actors to collect SMS messages, contacts, call logs, images, and videos, as well as intercept, reply,

CVE-2025-62453: GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass Visual Studio Code sensitive file protections.

CVE-2025-62222: Agentic AI and Visual Studio Code Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and user interaction is required (UI:R). What is the target context of the remote code execution?** A remote (AV:N) attacker could create a specially crafted GitHub issue within a user's repository. To exploit this, the user must enable a particular mode on the attacker’s crafted issue, which would execute the issue’s description and enable remote code execution by the attacker.

A deeper look at post-quantum cryptography support in Red Hat OpenShift 4.20 control plane

The age of quantum computing is on the horizon, and with its immense processing power comes a significant threat to the cryptographic foundations of our digital world. In this article, we'll explore the emerging support for post-quantum cryptography (PQC) in Red Hat OpenShift 4.20, focusing on how it enhances the core components of the Kubernetes control plane: the apiserver, kubelet, scheduler, and controller-manager. Missing is etcd, using an older version of Go.The quantum threatToday's widely used public-key cryptosystems, such as RSA and elliptic curve cryptography (ECC), form the foundat