Security News

Filter by:

Viral call-recording app Neon goes dark after exposing users’ phone numbers, call recordings, and transcripts

Call recording app Neon was one of the top-ranked iPhone apps, but was pulled offline after a security bug allowed any logged-in user to access the call recordings and transcripts of any other user.
TechCrunch 26 Sep 2025 4192 Views

New string of phishing attacks targets Python developers

If you recently got an email asking you to verify your credentials to a PyPI site, better change that password The Python Software Foundation warned users of a new string of phishing attacks using a phony Python Package Index (PyPI) website and asking victims to verify...
The Register 25 Sep 2025 7672 Views

Microsoft Entra ID flaw allowed hijacking any company's tenant

A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. [...]
Bleepingcomputer 22 Sep 2025 2664 Views

224 Malicious Android Apps on Google Play With 38 Million Downloads Delivering Malicious Payloads

A sophisticated mobile ad fraud operation dubbed “SlopAds” has infiltrated Google Play Store with 224 malicious applications that collectively amassed over 38 million downloads across 228 countries and territories. The campaign represents one of the most extensive mobile fraud schemes discovered to date, utilizing advanced steganography...
Cyber Security News 18 Sep 2025 2653 Views

FileFix attacks use fake Facebook security alerts to trick victims into running infostealers

Tech evolved from PoC to global campaign in under two months An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader on Windows machines.…
The Register 17 Sep 2025 9008 Views

Self-propagating worm fuels latest npm supply chain compromise

Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.…
The Register 17 Sep 2025 8193 Views

Hijacker helper VoidProxy boosts Google, Microsoft accounts on demand

Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and...
The Register 12 Sep 2025 8815 Views

Akira ransomware crims abusing trifecta of SonicWall security holes for extortion attacks

Patch, turn on MFA, and restrict access to trusted networks…or else Affiliates of the Akira ransomware gang are again exploiting a critical SonicWall vulnerability abused last summer, after a suspected zero-day flaw actually turned out to be related to a year-...
The Register 11 Sep 2025 9178 Views

Claude’s new AI file creation feature ships with deep security risks built in

Expert calls security advice "unfairly outsourcing the problem to Anthropic's users."
Ars Technica 10 Sep 2025 4495 Views

Phishing Empire Runs Undetected on Google, Cloudflare

What's believed to be a global phishing-as-a-service enterprise using cloaking techniques has been riding on public cloud infrastructure for more than 3 years.
Dark Reading 5 Sep 2025 25482 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY