Akira
You must login to view this content
Aggregator
Owner of Stalkerware Maker pcTattletale Pleads Guilty to Hacking
5 months 1 week ago
Bryan Fleming, who founded the stalkerware business pcTattletale, pleaded guilty in federal court to hacking and conspiracy charges. Investigators said he crossed the line when he started marketing the software to people who wanted to covertly plant it on the smartphones of unsuspecting victims to track their activities and movements.
The post Owner of Stalkerware Maker pcTattletale Pleads Guilty to Hacking appeared first on Security Boulevard.
Jeffrey Burt
Akira
5 months 1 week ago
You must login to view this content
cohenido
CVE-2025-59955 | coollabsio coolify up to 4.0.0-beta.428 API Endpoint members insertion of sensitive information into sent data (GHSA-927g-56xp-6427 / WID-SEC-2026-0031)
5 months 1 week ago
A vulnerability classified as problematic was found in coollabsio coolify up to 4.0.0-beta.428. This vulnerability affects unknown code of the file /api/v1/teams/{team_id}/members of the component API Endpoint. Such manipulation leads to insertion of sensitive information into sent data.
This vulnerability is traded as CVE-2025-59955. The attack may be launched remotely. There is no exploit available.
vuldb.com
PoC Exploit Released for Android/Linux Kernel Vulnerability CVE-2025-38352
5 months 1 week ago
A proof-of-concept (PoC) exploit for CVE-2025-38352, a critical race condition vulnerability in the Linux kernel, has been publicly released on GitHub. The vulnerability, discovered earlier this year, targets the POSIX CPU timers implementation and was previously exploited in limited, targeted attacks against 32-bit Android devices. CVE-2025-38352 is a use-after-free (UAF) vulnerability in the Linux kernel’s handle_posix_cpu_timers() function. […]
The post PoC Exploit Released for Android/Linux Kernel Vulnerability CVE-2025-38352 appeared first on Cyber Security News.
Abinaya
Why Palo Alto Is Eyeing a $400M Buy of Endpoint Vendor Koi
5 months 1 week ago
Deal Represents Return to Tuck-In M&A for Palo After 3 Multi-Billion Dollar Deals
Palo Alto Networks is in talks to buy Washington D.C-based endpoint security startup Koi for $400 million. Koi is focused on securing extensions, AI models, code packages and containers, and its differentiation lies in mapping, assessing risk and govern the software landscape at enterprise scale.
Palo Alto Networks is in talks to buy Washington D.C-based endpoint security startup Koi for $400 million. Koi is focused on securing extensions, AI models, code packages and containers, and its differentiation lies in mapping, assessing risk and govern the software landscape at enterprise scale.
Zero Trust for the Age of Autonomous AI Agents - Part 1
5 months 1 week ago
Why Human-Centric Zero Trust Models Fail in a World of Autonomous AI Agents
Zero trust was built for humans, not autonomous AI agents. As organizations adopt agentic AI at scale, human-centric security assumptions break down - creating a paradox between utility and least privilege that traditional zero trust models cannot resolve.
Zero trust was built for humans, not autonomous AI agents. As organizations adopt agentic AI at scale, human-centric security assumptions break down - creating a paradox between utility and least privilege that traditional zero trust models cannot resolve.
Conduent Hack Victim Count Soars by at Least 50%
5 months 1 week ago
Why Are Third-Party Vendor Breaches So Hard to Figure Out?
The victim tally of a 2024 hacking incident at back office services provider Conduent again soared after a new regulatory disclosure by the company, in this case to Texas authorities. The company told Lone Star state officials the breach affected nearly 14.8 million Texans, alone.
The victim tally of a 2024 hacking incident at back office services provider Conduent again soared after a new regulatory disclosure by the company, in this case to Texas authorities. The company told Lone Star state officials the breach affected nearly 14.8 million Texans, alone.
FCC Loses Lead Support for Biden-Era IoT Security Labeling
5 months 1 week ago
FCC Lacks Lead for Cyber Trust Mark Program After UL Solutions Steps Down From Post
UL Solutions has exited its role as lead administrator of the FCC's Cyber Trust Mark, leaving the flagship consumer IoT labeling program without oversight just months after internal security reviews raised concerns over foreign influence in program management.
UL Solutions has exited its role as lead administrator of the FCC's Cyber Trust Mark, leaving the flagship consumer IoT labeling program without oversight just months after internal security reviews raised concerns over foreign influence in program management.
Threats to Critical Infrastructure Expected to Intensify
5 months 1 week ago
Geopolitics Puts OT at Greater Risk From Nation States, Criminals and Hacktivists
Attacks against critical infrastructure are expected to increase in scope and intensity including hacks on operational technology systems. State actors are now looking for ways to cause damage and disrupt operations, rather than simply steal secrets, according to cybersecurity experts.
Attacks against critical infrastructure are expected to increase in scope and intensity including hacks on operational technology systems. State actors are now looking for ways to cause damage and disrupt operations, rather than simply steal secrets, according to cybersecurity experts.
Australia's Scams Framework Criticized Over Major Exclusions
5 months 1 week ago
Treasury Submissions Want Broader Coverage; Gaps Could Weaken Protections
Australia's proposed Scams Prevention Framework leaves key scam-enabling entities outside its initial scope, raising questions about whether the model can deliver the consumer protection it promises.
Australia's proposed Scams Prevention Framework leaves key scam-enabling entities outside its initial scope, raising questions about whether the model can deliver the consumer protection it promises.
Why Legitimate Bot Traffic Is a Growing Security Blind Spot
5 months 1 week ago
Security teams have spent years improving their ability to detect and block malicious bots. That effort remains critical.…
Owais Sultan
FCC Loses Lead Support for Biden-Era IoT Security Labeling
5 months 1 week ago
FCC Lacks Lead for Cyber Trust Mark Program After UL Solutions Steps Down From Post
UL Solutions has exited its role as lead administrator of the FCC's Cyber Trust Mark, leaving the flagship consumer IoT labeling program without oversight just months after internal security reviews raised concerns over foreign influence in program management.
UL Solutions has exited its role as lead administrator of the FCC's Cyber Trust Mark, leaving the flagship consumer IoT labeling program without oversight just months after internal security reviews raised concerns over foreign influence in program management.
Threats to Critical Infrastructure Expected to Intensify
5 months 1 week ago
Geopolitics Puts OT at Greater Risk From Nation States, Criminals and Hacktivists
Attacks against critical infrastructure are expected to increase in scope and intensity including hacks on operational technology systems. State actors are now looking for ways to cause damage and disrupt operations, rather than simply steal secrets, according to cybersecurity experts.
Attacks against critical infrastructure are expected to increase in scope and intensity including hacks on operational technology systems. State actors are now looking for ways to cause damage and disrupt operations, rather than simply steal secrets, according to cybersecurity experts.
Cyberattacks Likely Part of Military Operation in Venezuela
5 months 1 week ago
Cyber's role in the US raid on Venezuela remains a question, though President Trump alluded to "certain expertise" in shutting down the power grid in Caracas.
Robert Lemos, Contributing Writer
DDoSia Powers Affiliate-Driven Hacktivist Attacks
5 months 1 week ago
Pro-Russian group NoName057(16) uses a custom denial-of-service tool to mobilize volunteers and disrupt government, media, and institutional sites tied to Ukraine and the West.
Jai Vijayan, Contributing Writer
China intensifies Cyber-Attacks on Taiwan as Energy Sector Sees Tenfold Spike
5 months 1 week ago
Taiwan recorded an average of 2.63 million cyber intrusion attempts to it critical infrastructure per day coming from China in 2025
CVE-2025-6923 | TalentSoft UNIS 42321 cross site scripting
5 months 1 week ago
A vulnerability classified as problematic was found in TalentSoft UNIS 42321. The affected element is an unknown function. The manipulation results in cross site scripting.
This vulnerability is identified as CVE-2025-6923. The attack can be executed remotely. There is not any exploit available.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-15171 | SohuTV CacheCloud up to 3.2.0 ServerController.java index cross site scripting (Issue 367 / EUVD-2025-205549)
5 months 1 week ago
A vulnerability was found in SohuTV CacheCloud up to 3.2.0. It has been rated as problematic. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2025-15171. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com
CVE-2025-15172 | SohuTV CacheCloud up to 3.2.0 RedisConfigTemplateController.java preview cross site scripting (Issue 368 / EUVD-2025-205548)
5 months 1 week ago
A vulnerability categorized as problematic has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting.
This vulnerability is identified as CVE-2025-15172. The attack can be executed remotely. Additionally, an exploit exists.
The project was informed of the problem early through an issue report but has not responded yet.
vuldb.com