Aggregator

You must login to view this content

You must login to view this content

You must login to view this content

Messaging service WhatsApp is launching passkey-encrypted chat backups for iOS and Android, allowing users to encrypt their stored message history using their face, fingerprint, or device screen-lock code. Backups have long been a weak link in messaging-security. Even if chats and calls are encrypted in transit, stored backups may rely on a password or key that users must remember or manage. By adding passkey-encryption for backups, WhatsApp shifts more of the security burden onto the … More →

The post WhatsApp now lets you secure chat backups with passkeys appeared first on Help Net Security.

The Jenkins project released Security Advisory 2025-10-29 on October 28, 2025, disclosing multiple vulnerabilities across 13 plugins that power the popular open-source automation server. These flaws range from high-severity authentication bypasses to permission misconfigurations and credential exposures, potentially exposing enterprise CI/CD pipelines to unauthorized access and code execution. While fixes are available for two critical […]

The post Multiple Jenkins Vulnerability SAML Authentication Bypass And MCP Server Plugin Permissions appeared first on Cyber Security News.

The cybersecurity landscape continues to shift toward cloud-based attacks, with threat actors increasingly exploiting legitimate security tools for malicious reconnaissance. AzureHound, a penetration testing utility designed for authorized security professionals, has become a weapon of choice for attackers seeking to understand and compromise Azure and Microsoft Entra ID environments. Understanding the Threat AzureHound is a […]

The post Threat Actors Abuse AzureHound Tool to Enumerate Azure and Entra ID Environments appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

AdaptixC2, a legitimate and open red team tool used to assess an organization's security, is being repurposed by threat actors for use in their malicious campaigns. Threat researchers with Silent Push have linked the abuse of the technology back to a Russian-speaking bad actor who calls himself "RalfHacker."

The post Threat Actors Weaponizing Open Source AdaptixC2 Tied to Russian Underworld appeared first on Security Boulevard.

A Brazilian cybercriminal group has refined its long-running malware distribution campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, which has operated continuously since at least June 2024 following its initial discovery in 2019, demonstrates the threat actor’s commitment to operational stealth and evasion. The […]

The post Lampion Stealer Resurfaces with ClickFix Attack to Steal User Credentials Stealthily appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researcher Jofpin has disclosed “Brash,” a critical flaw in Google’s Blink rendering engine that enables attackers to crash Chromium-based browsers almost instantly. Affecting billions of users worldwide, this architectural weakness exploits unchecked updates to the document.title API, overwhelming the browser’s main thread and triggering system-wide denial of service without sophisticated tools or privileges. The […]

The post Critical Vulnerability in Chromium’s Blink Let Attackers Crash Chromium-based Browsers Within Seconds appeared first on Cyber Security News.

Upwind has launched its Exposure Validation Engine, a capability that introduces dynamic, real-time validation into the Cloud Security Posture Management (CSPM) layer. This innovation enables security, engineering, and compliance teams to validate live cloud exposures with precision under real-world conditions. “Cloud security teams are tasked to do the impossible, to protect digital assets in ever changing cloud environment.” said Amiram Shachar, CEO of Upwind. “Our job is to simplify the work of cloud security leaders … More →

The post Upwind unveils AI-powered Exposure Validation Engine to redefine dynamic CSPM appeared first on Help Net Security.