Aggregator

You must login to view this content

Malware increasingly travels through the infrastructure that delivers online advertising. The Media Trust’s Global Report on Digital Trust, Ad Integrity, and the Protection of People describes a digital ad ecosystem where scam campaigns, malicious redirects, and malware delivery appear alongside marketing traffic. The financial impact of these threats continues to grow. Estimated consumer and business losses in the United States tied to malware, scams, and ad-borne fraud exceeded $12.5 billion in 2025. Exposure also remains … More →

The post That attractive online ad might be a malware trap appeared first on Help Net Security.

Cyberattacks linked to Iranian threat actors are taking on a new and alarming form in the ongoing Middle East conflict. Since late February 2026, a coordinated campaign to compromise internet-connected IP cameras has been underway across multiple countries in the region, raising serious concerns about how cyber operations are being actively used to support physical […]

The post Threat Actors Intensify Targeting of IP Cameras Across Middle East Amid Ongoing Conflict appeared first on Cyber Security News.

You must login to view this content

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2017-7921 Hikvision Multiple Products Improper Authentication Vulnerability
• CVE-2021-22681 Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
• CVE-2021-30952 Apple Multiple Products Integer Overflow or Wraparound Vulnerability
• CVE-2023-41974 Apple iOS and iPadOS Use-After-Free Vulnerability
• CVE-2023-43000 Apple Multiple products Use-After-Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially crafted email to a FreeScout mailbox. CVE-2026-28289 exploitation FreeScout is a free, open-source help desk and shared inbox system used by businesses or teams to manage customer support conversations in one place. It is built with PHP (Laravel) and MySQL, and it’s designed to be self-hosted – either on-premises, on a … More →

The post FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289) appeared first on Help Net Security.

Google is making changes to the Play Store after settling its legal fight with Epic Games, focusing on three areas: more billing options, lower fees with new programs for developers, and a program for registered app stores. The rollout begins in the European Economic Area, the United Kingdom and the United States by June 30, 2026. Australia follows in September, while Japan and South Korea receive the changes by the end of 2026. The rest … More →

The post Google changes Play Store policies after settling Epic Games dispute appeared first on Help Net Security.