Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

From Fitbit to financial despair: How one woman lost her life savings and more to a scammer

We often don’t find out the real details of a scam, and how one ‘like’ can turn into a nightmare that controls someone’s life for many years. This is that story.

Malwarebytes
Open in Source
#web#ios#android#google#git#auth#sap
Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms

Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR). The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the devices linked to their iCloud accounts may have been compromised as part

Charlie Kirk Shooting Suspect Identified as 22-Year-Old Utah Man

Authorities have named Tyler Robinson as a suspect in the murder of right-wing influencer Charlie Kirk, citing Discord messages as evidence of his alleged role.

Beaches and breaches

Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware.

GHSA-m662-56rj-8fmm: Prebid-universal-creative latest on npm briefly compromised

### Impact Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware detailed in the blog post below. This includes the extremely popular jsdelivr hosting of this file. ### Patches We unpublished the version on npm. ### Workarounds This has already been unpublished. See Prebid.js 9 release notes for suggestions on moving off the deprecated workflow of using the PUC or pointing to a dynamic version of it. PUC users pointing to latest should transition to 1.17.2 ASAP to avoid similar attacks in the future. ### References https://www.sonatype.com/blog/npm-chalk-and-debug-packages-hit-in-software-supply-chain-attack

UK Rail Operator LNER Confirms Cyber Attack Exposing Passenger Data

LNER cyber attack exposes passenger contact details and journey data. No financial information or passwords were taken, but…

‘Astronaut-in-distress’ romance scammer steals money from elderly woman

A Japanese octogenarian lost thousands of dollars after being scammed by someone who described himself as an astronaut in need of help.

GHSA-7cf7-9wrr-vrf4: Indico vulnerable to Cross-Site Scripting via LaTeX math code

### Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. ### Patches You should to update to [Indico 3.3.8](https://github.com/indico/indico/releases/tag/v3.3.8) as soon as possible. See [the docs](https://docs.getindico.io/en/stable/installation/upgrade/) for instructions on how to update. ### Workarounds Only let trustworthy users create content on Indico. Note that a conference doing a Call for Abstracts actively invites external speakers (who the organizers may not know and thus cannot fully trust) to submit content, hence the need to update to a a fixed version ASAP in particular when using such workflows. ### For more information If you have any questions or comments about this advisory: - Open a thread in [our forum](https://talk.getindico.io/) - Email us privately at [indico-team@cern.ch](mailto:indico-team@cern.ch)

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs

Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to

US Investment in Spyware Is Skyrocketing

A new report warns that the number of US investors in powerful commercial spyware rose sharply in 2024 and names new countries linked to the dangerous technology.