Skip to content
Security News, Assessments & Alerts Page 115

Security News, Assessments & Alerts

Security Issues, Vulnerabilities, Exploits & Government Alerts

Schneider Electric Modicon M340 Controller and Communication Modules

Schneider Electric Modicon M340 Controller and Communication Modules

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and Communication Modules Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could… 

Read More »Schneider Electric Modicon M340 Controller and Communication Modules
CISA Unveils Tool to Boost Procurement of Software Supply Chain Security

CISA Unveils Tool to Boost Procurement of Software Supply Chain Security

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Software Acquisition Guide: Supplier Response Web Tool, a no-cost, interactive resource designed to empower information technology (IT) and industry decision makers, procurement professionals and… 

Read More »CISA Unveils Tool to Boost Procurement of Software Supply Chain Security
ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and… 

Read More »ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners
HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

Aug 26, 2025Ravie Lakshmanan Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages. “A prominent characteristic of the latest variant is… 

Read More »HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

Aug 26, 2025Ravie LakshmananMobile Security / Data Privacy Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play… 

Read More »Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

Aug 26, 2025Ravie LakshmananVulnerability / Data Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and Git to its Known Exploited Vulnerabilities (KEV) catalog, based… 

Read More »CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

Aug 25, 2025Ravie LakshmananMalware / Cyber Espionage A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance… 

Read More »UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Aug 25, 2025Ravie LakshmananContainer Security / Vulnerability Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out… 

Read More »Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads

Cybersecurity researchers have flagged a new phishing campaign that’s using fake voicemails and purchase orders to deliver a malware loader called UpCrypter. The campaign leverages “carefully crafted emails to deliver malicious URLs linked to convincing… 

Read More »Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More

Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More

Aug 25, 2025Ravie LakshmananCybersecurity News / Hacking Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the… 

Read More »Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More