Aggregator

Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play

The Hackers News
5 months ago
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's official app marketplace. The malware, disguised as a "PDF Update" to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their banking application, claiming
The Hacker News

Anatsa Android Banking Malware from Google Play Targeting Users in the U.S. and Canada

Cyber Security News
5 months ago

ThreatFabric researchers have identified a sophisticated new campaign by the Anatsa banking trojan specifically targeting mobile banking customers across the United States and Canada, marking the malware’s third major offensive against North American financial institutions. The latest campaign represents a significant escalation in the threat landscape, with cybercriminals successfully infiltrating the official Google Play Store […]

The post Anatsa Android Banking Malware from Google Play Targeting Users in the U.S. and Canada appeared first on Cyber Security News.

Kaaviya

CISA Warns of Rails Ruby on Rails Path Traversal Vulnerability Exploited in Attacks

Cyber Security News
5 months ago

CISA has issued a critical warning regarding a path traversal vulnerability in the Ruby on Rails framework that poses significant risks to web applications worldwide.  The vulnerability, cataloged as CVE-2019-5418, affects the Action View component of Rails and enables attackers to exploit specially crafted accept headers in combination with render file: calls to access arbitrary […]

The post CISA Warns of Rails Ruby on Rails Path Traversal Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Kaaviya

FortiOS Buffer Overflow vulnerability Enables Remote Code Execution by Attackers

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
5 months ago

Fortinet has disclosed a critical security vulnerability in FortiOS that could allow authenticated attackers to execute arbitrary code through a heap-based buffer overflow in the cw_stad daemon, affecting multiple versions of the popular network security operating system. Critical Security Flaw Discovered in FortiOS Fortinet announced today the discovery of a significant security vulnerability, designated as CVE-2025-24477, […]

The post FortiOS Buffer Overflow vulnerability Enables Remote Code Execution by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2025-21006 | Samsung libsavsvc.so MPEG4 Codec out-of-bounds write (EUVD-2025-20439)

Vuldb Updates
5 months ago
A vulnerability classified as critical was found in Samsung libsavsvc.so. Affected by this vulnerability is an unknown functionality of the component MPEG4 Codec Handler. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-21006. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-41666 | Phoenix Contact AXC F 1152 prior 2025.0.2 link following (VDE-2025-054 / EUVD-2025-20398)

Vuldb Updates
5 months ago
A vulnerability, which was classified as critical, was found in Phoenix Contact AXC F 1152, AXC F 2152, AXC F 3152, BPC 9102S and RFC 4072S. Affected is an unknown function. The manipulation leads to link following. This vulnerability is traded as CVE-2025-41666. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad