Security
Headlines
HeadlinesLatestCVEs

Tag

#google

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 (CVSS score: 8.0), relates to a case of insufficient authorization of linked device synchronization messages. Internal researchers on the

The Hacker News
Open in Source
#vulnerability#ios#android#mac#apple#google#auth#zero_day#sap#The Hacker News
GHSA-5jch-xhw4-r43v: Google Sign-In for Rails allowed redirect to protocol-relative URI

## Summary It is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. ## Details The google_sign_in gem persists an optional URL for redirection after authentication. If this URL is set to a protocol-relative URL, it improperly passes the "same origin" check, and it's possible for the user to be redirected to another origin after authentication, possibly resulting in exposure of authentication information if this attack is chained with other attacks. Normally the value of this URL is only written and read by the library or the calling application. However, it may be possible to set this session value from a malicious site with a form submission. ## Impact Any Rails applications using the google_sign_in gem may be vulnerable, if this vector can be chained with another attack that is able to modify the OAuth2 request parameters. ## Workarounds No known workarounds. ## Credits This issue was responsibly r...

8 Malicious NPM Packages Stole Chrome User Data on Windows

JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser…

TransUnion Data Breach: 4.4 Million US Consumers’ Data Stolen

A TransUnion data breach exposed 4.4 million US consumers’ Social Security numbers via a Salesforce hack. The attack…

Google Warns Salesloft OAuth Breach Extends Beyond Salesforce, Impacting All Integrations

Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it impacts all integrations. "We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised," Google Threat Intelligence Group (GTIG) and

UK and US Blame Three Chinese Tech Firms for Global Cyberattacks

A coalition of international cybersecurity agencies led by the UK’s National Cyber Security Centre (NCSC) has publicly linked…

Google Big Sleep AI Tool Finds Critical Chrome Vulnerability

Make sure your Chrome browser is updated to the latest version to stay protected.

China Hijacks Captive Portals to Spy on Asian Diplomats

The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites.

Google: Salesforce Attacks Stemmed From Third-Party App

A group tracked as UNC6395 engaged in "widespread data theft" via compromised OAuth tokens from a third-party app called Salesloft Drift.

ShinyHunters and Scattered Spider Linked to Farmers Insurance Data Breach

Farmers Insurance reports a breach affecting 1.1 million customers. Learn how the attack, linked to groups ShinyHunters and…