Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Beware of Zelle transfer scams

Zelle scams are back, or perhaps they never went away. Here's what to look out for.

Malwarebytes
Open in Source
#ios#android#mac#google#git
Airport Chaos Shows Human Impact of 3rd-Party Attacks

Major EU airports such as Heathrow were disrupted over the weekend after a cyberattack hit the provider of check-in kiosk software, which caused delays and flight cancellations.

⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More

The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow’s breach. This week’s recap explores the trends driving that constant churn: how threat

Cyberattack Disrupts Airport Check-In Systems Across Europe

Cyberattack on Collins Aerospace check-in system disrupts major European airports, causing flight delays and cancellations across hubs.

17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge

The phishing-as-a-service (PhaaS) offering known as Lighthouse and Lucid has been linked to more than 17,500 phishing domains targeting 316 brands from 74 countries. "Phishing-as-a-Service (PhaaS) deployments have risen significantly recently," Netcraft said in a new report. "The PhaaS operators charge a monthly fee for phishing software with pre-installed templates impersonating, in some cases,

GHSA-hx2h-vjw2-8r54: DragonFly has weak integrity checks for downloaded files

### Impact The DragonFly2 uses a variety of hash functions, including the MD5 hash. This algorithm does not provide collision resistance; it is secure only against preimage attacks. While these security guarantees may be enough for the DragonFly2 system, it is not completely clear if there are any scenarios where lack of the collision resistance would compromise the system. There are no clear benefits to keeping the MD5 hash function in the system. ```golang var pieceDigests []string for i := int32(0); i < t.TotalPieces; i++ { pieceDigests = append(pieceDigests, t.Pieces[i].Md5) } digest := digest.SHA256FromStrings(pieceDigests...) if digest != t.PieceMd5Sign { t.Errorf("invalid digest, desired: %s, actual: %s", t.PieceMd5Sign, digest) t.invalid.Store(true) return ErrInvalidDigest } ``` Alice, a peer in the DragonFly2 system, creates two images: an innocent one, and one with malicious code. Both images consist of two pieces, and Alice generates the pieces ...

Can Codeless Testing Tools Detect Common Security Vulnerabilities?

Learn what Codeless Testing Tools are and how effective they are in detecting common security vulnerabilities, along with understanding their strengths and limitations.

Rethinking AI Data Security: A Buyer's Guide 

Generative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in office suites to dedicated large language model (LLM) platforms, employees now rely on these tools to code, analyze, draft, and decide. But for CISOs and security architects, the very speed of adoption has created a paradox: the more powerful the tools, the