Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

Tile trackers plagued by weak security, researchers warn

Researchers found several security problems in Life360's Tile trackers, most of which could be solved with encryption.

Malwarebytes
Open in Source
#vulnerability#mac#apple#amazon#sap
Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024

A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), a local privilege escalation bug affecting the following versions - VMware Cloud Foundation 4.x and 5.x VMware

New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events

Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly. Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting "active senior

A week in security (September 22 – September 28)

A list of topics we covered in the week of September 22 to September 28 of 2025

Inside the Nuclear Bunkers, Mines, and Mountains Being Retrofitted as Data Centers

Companies are going to great lengths to protect the infrastructure that provides the backbone of the world’s digital services—by burying their data deep underground.

Neon App pays users to record their phone calls, sells data for AI training

An app called Neon Mobile which pays a small price for privacy is storming the popularity chart in the US Apple app store.

GHSA-q475-2pgm-7hvp: Apache Airflow: Connection sensitive details exposed to users with READ permissions

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was unintentionally violated: sensitive connection information could be viewed by users with READ permissions through both the API and the UI. This behavior also bypassed the `AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS` configuration option. This issue does not affect Airflow 2.x, where exposing sensitive information to connection editors was the intended and documented behavior. Users of Airflow 3.0.3 are advised to upgrade Airflow to >=3.0.4.

New SVG-based phishing campaign is a recipe for disaster

Another phishing campaign using SVG files to trick targets. This delicious-looking recipe turns out to hide malicious code.

PSF Warns of Fake PyPI Login Site Stealing User Credentials

The Python Software Foundation (PSF) warns developers of phishing emails leading to a fake PyPI login site designed to steal account credentials.

How One Bad Password Ended a 158-Year-Old Business

Most businesses don't make it past their fifth birthday - studies show that roughly 50% of small businesses fail within the first five years. So when KNP Logistics Group (formerly Knights of Old) celebrated more than a century and a half of operations, it had mastered the art of survival. For 158 years, KNP adapted and endured, building a transport business that operated 500 trucks