U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung mobile... Read more »

Hackers exploited Triofox flaw CVE-2025-12480 to bypass auth and install remote access tools via the platform’s antivirus feature. Google’s Mandiant researchers spotted threat actors exploiting a now-patched Triofox flaw,... Read more »

GlassWorm malware resurfaces in Open VSX and GitHub, infecting VS Code extensions weeks after its removal from the official marketplace. GlassWorm malware has resurfaced on the Open VSX registry... Read more »

Denmark and Norway probe a security flaw in Chinese-made Yutong buses, deepening European fears over reliance on Chinese tech and potential cyber risks. Bus operators in Denmark and Norway... Read more »

Nine NuGet packages by “shanhai666” can deploy delayed payloads to disrupt databases and industrial systems. Socket’s Threat Research Team discovered nine malicious NuGet packages, published between 2023 and 2024... Read more »

QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at... Read more »

Microsoft uncovered Whisper Leak, a side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy. Microsoft revealed a new side-channel attack called Whisper Leak,... Read more »

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new... Read more »