Nov 21, 2025Ravie LakshmananVulnerability / Threat Mitigation Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations. The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of… Read More "Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation"
Nov 21, 2025Ravie LakshmananData Protection / Technology In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple’s equipment AirDrop, allowing users to more easily share files and… Read More "Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security"
Nov 21, 2025The Hacker NewsMobile Security / Data Protection Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have. Mobile devices are essential for modern work—but with mobility comes risk. IT admins,… Read More "Why IT Admins Choose Samsung for Mobile Security"
Nov 21, 2025Ravie LakshmananCompliance / Cyber Attack The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, alleging that the company had misled investors about the security practices that led to… Read More "SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny"
Nov 21, 2025Ravie LakshmananData Breach / SaaS Security Salesforce has warned of detected “unusual activity” related to Gainsight-published applications connected to the platform. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data through the… Read More "Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity"
Nov 20, 2025Ravie LakshmananMalware / Mobile Security Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. “A key differentiator is its ability to bypass… Read More "New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices"
Nov 20, 2025Ravie LakshmananBotnet / Malware Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that’s targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control (C2) server, Kaspersky… Read More "Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows"
Nov 20, 2025Ravie LakshmananVulnerability / Cloud Computing Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet.… Read More "ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet"
Nov 20, 2025The Hacker NewsOnline Fraud / Web Security CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp’s familiar web… Read More "CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat"
Nov 20, 2025Ravie LakshmananCybersecurity / Hacking News This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we’ve seen arrests, spies at work, and big power moves online. Hackers are… Read More "0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves"
