In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost profits for M&S alone.
This coverage is extremely valuable for the cybersecurity community as it raises
The Hacker News – Read More
The latest Android updates fix vulnerabilities in Runtime, Framework, System, and third-party components of the mobile OS.
The post Over 30 Vulnerabilities Patched in Android appeared first on SecurityWeek.
SecurityWeek – Read More
Covered organizations in Australia are now required to report ransomware and other cyber extortion payments within three days.
The post Australia Enforces Ransomware Payment Reporting appeared first on SecurityWeek.
SecurityWeek – Read More
A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America.
The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim’s contacts list.
“Recent
The Hacker News – Read More
Reported by the Google Threat Analysis Group, the vulnerability might have been exploited by commercial spyware.
The post Google Researchers Find New Chrome Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft and CrowdStrike are running a project that aims to align threat actor names, and Google and Palo Alto Networks will also contribute.
The post Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping.
“By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence,” Vasu Jakkal, corporate vice president at Microsoft
The Hacker News – Read More
Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing “patterns of concerning behavior observed over the past year.”
The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137.
The update will affect all Transport Layer Security (TLS)
The Hacker News – Read More
Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild.
The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine.
“Out of bounds read and write in V8 in Google
The Hacker News – Read More
The Emergency Management and Response – Information Sharing and Analysis Center provided essential information to the emergency services sector on physical and cyber threats and its closure leaves an information vacuum for these organizations.
darkreading – Read More