Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskilling

Cary, North Carolina, USA, 18th December 2025, CyberNewsWire

HackRead
Open in Source
#vulnerability#ios#git
Adios 2025, you won’t be missed

This week, Joe laments on 2025, and what we can think of in 2026 in the wild world of cybersecurity.

GHSA-529f-9qwm-9628: tinacms is vulnerable to arbitrary code execution

### Summary ```tinacms``` uses the ```gray-matter``` package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. ### Details The ```gray-matter``` package executes by default the code in the markdown file's front matter. ```tinacms``` does not change this behavior when process markdown file, e.g., by passing a custom engine property for js/javascript in the options object. ### PoC 1. Create a tinacms app using the cli/documentation: ``` npx create-tina-app@latest ``` 2. Modify one of the blog posts to contain the following front matter: ```js ---js { "title": "Pawned" + console.log(require("fs").readFileSync("/etc/passwd").toString()) } --- ``` 3. Start the tinacms server, e.g., with ```npm run dev``` 4. Observe the console of the server printing the password file, showing that attackers can execute arbitrary commands. ### Impact RCE: attackers can execute arbitrary JavaScript code on th...

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small changes in tactics are stacking up fast, and each one hints at where the next big breach could come from. From shifting infrastructures to clever social hooks, the week’s activity shows just how fluid the threat landscape has become. Here’s the full rundown of what

Chrome extension slurps up AI chats after users installed it for privacy

The extension disclosed its AI data collection, but not in a way most users would recognize—or knowingly agree to.

Why Organizations Need to Modify Their Cybersecurity Strategy for 2026

Cybersecurity planning continues to advance as organisations integrate new software, cloud platforms, and digital tools into nearly every…

The Cybersecurity Side of AI Crypto Bots: What Users Need to Know

Many crypto investors remain sceptical about using AI in their trading. They are aware that the technology exists,…

Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in Biosig Project Libbiosig, Grassroot DiCoM, and Smallstep step-ca. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy, except for Grassroot, as the

10 Best AI Video Enhancers in 2025 to Instantly Boost Video Quality

Looking for the best AI video enhancer in 2025? Explore top AI tools to upscale videos, restore clarity, reduce noise, and achieve stunning 4K quality in just a few clicks.

Inside a purchase order PDF phishing campaign

A “purchase order” PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next.