Adobe has released out-of-band security updates to address two critical vulnerabilities in Adobe Experience Manager (AEM) Forms (Java Enterprise Edition, JEE), both of which already have public proof-of-concept (PoC) exploits. The flaws—tracked as CVE-2025-54253 (CVSS score: 10.0, maximum severity) and CVE-2025-54254 (CVSS score: 8.6)—could allow attackers
WhatsApp has rolled out a new security feature designed to help users identify potential scammers when someone outside their contact list invites them to a group chat. The update introduces a "Safety Overview" warning that displays key details about the group—such as its creation date, total number
In an update to its June advisory, Google disclosed that it, too, fell victim to a similar attack. “In June, one of Google’s corporate Salesforce instances was compromised by UNC6040 activity,” the company stated. “The affected instance stored contact information and related notes about small and medium-sized businesses. Our
Several critical vulnerabilities have been patched in Cursor AI, a popular AI-powered code editor. The flaws allowed attackers to silently modify MCP (Model Context Protocol) configuration files and execute arbitrary code—without any user approval. 🔍 Key Findings CVE-2025-54136 ("MCPoison") — CVSS 7.2 Discovered by Check Point, this vulnerability
SonicWall has issued an urgent advisory to its customers, warning them to disable SSL VPN services on 7th-generation firewalls amid a wave of ransomware attacks potentially exploiting a zero-day vulnerability. Key Details According to Arctic Wolf researchers, multiple attacks involving Akira ransomware have been observed since July 15, 2025. These
Google has released the August 2025 Android security updates, addressing six vulnerabilities—two of which affect Qualcomm components and were actively exploited in targeted attacks. The exploited flaws, tracked as CVE-2025-21479 and CVE-2025-27038, were initially reported to the Android security team in January 2025. * CVE-2025-21479 – A graphics framework authorization flaw
Security analysts from Beazley Security and SentinelOne have uncovered a campaign distributing an updated version of PXA Stealer, a Python-based info-stealer. The malware has reportedly compromised more than 4,000 victims across 62 countries. Believed to be operated by Vietnamese-speaking hackers, PXA Stealer is monetized through Telegram, where the stolen
![Cisco User Data Stolen from Cisco[.]com](/content/images/size/w600/2025/08/photo_2025-08-07_07-46-56.jpg)
Cisco has confirmed that unknown attackers stole user data from Cisco[.]com in a vishing (voice phishing) attack that targeted one of its employees. The breach was first detected on July 24, 2025. According to Cisco’s internal investigation, the attacker gained unauthorized access to a third-party cloud-based customer relationship
Researchers at Nextron Systems have uncovered a sophisticated Linux backdoor, dubbed Plague, that managed to stay hidden for more than a year. The malware provides attackers with persistent SSH access and enables authentication bypass on compromised systems—without triggering alerts from traditional security tools. Plague masquerades as a malicious PAM
A newly discovered Android Trojan named PlayPraetor has infected more than 11,000 devices, according to security experts at Cleafy. The malware continues to spread rapidly, with an estimated 2,000 new infections reported each week. At present, the Trojan is targeting users in Portugal, Spain, France, Morocco, Peru, and
Anthropic has revoked OpenAI’s access to its Claude API, accusing the rival AI firm of violating its Terms of Service (ToS) by using Claude during the development of GPT-5. Key Allegations Anthropic claims that OpenAI broke its commercial usage rules, which prohibit: * Using Claude to develop competing AI models
Security researchers at Safety have uncovered a malicious npm package, likely AI-generated, that was designed to steal cryptocurrency wallet data from unsuspecting developers. Key Details * Package Name: @kodane/patch-manager (now removed from npm) * Disguise: Posed as a performance optimization tool, claiming to provide “advanced license validation and registry optimization for