Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

TeaOnHer, the male version of Tea, is leaking personal information on its users too

TeaOnHer turns out to be at least as leaky as its female counterpart, Tea Dating Advice app.

Malwarebytes
Open in Source
#vulnerability#web#ios#auth#sap
New Promptware Attack Hijacks User’s Gemini AI Via Google Calendar Invite

Cybersecurity researchers demonstrate a new attack on Google Gemini AI for Workspace. Discover how a simple calendar invite can be used to perform phishing, steal emails, and even control home appliances.

How Google, Adidas, and more were breached in a Salesforce scam

Hackers tricked workers over the phone at Google, Adidas, and more to grant access to Salesforce data.

Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug. "In an Exchange hybrid deployment, an

SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse. "We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability," the company said. "Instead, there is a significant correlation with threat activity related to CVE-2024-40766."

Malwarebytes earns MRG Effitas Android 360° Certificate for mobile threat detection 

Malwarebytes has been awarded the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security.

CVE-2025-53787: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.

CVE-2025-53774: Microsoft 365 Copilot BizChat Information Disclosure Vulnerability

**Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability?** This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information.