SecurityWeek

Researcher Spotlights WhatsApp Metadata Leak as Meta Begins Rolling Out Fixes

Meta starts addressing WhatsApp vulnerabilities that expose user metadata that allows adversaries to ‘fingerprint’ a device’s ...

Washington officials blast conservatives for Minnesota-style day care fraud claims in new state

Citizen journalists film alleged fraudulent daycare addresses in Washington, claiming 539 centers list Somali as primary ...
Cybernews

Got an AI agent on your computer? Assume a breach, security researcher warns

AI coding agents are highly vulnerable to zero-click attacks hidden in simple prompts on websites and repositories, a ...
Government Technology

The Top 26 Security Predictions for 2026 (Part 1)

What cyber trends and predictions are coming for 2026? Here’s your annual security industry prediction report roundup for the ...
Forbes

Dartmouth Data Breach Exposes 40,000 Social Security Numbers In Cl0p’s Oracle Rampage

Forbes contributors publish independent expert analyses and insights. Lars Daniel covers digital evidence and forensics in life and law. Dartmouth College has confirmed that a three-day cyberattack in ...
Lifehacker

Google's December Security Update Fixes Two Zero-Day Exploits (and 105 Others)

In its Android Security Bulletin for December, Google is pushing an especially large number of updates to address vulnerabilities across different components—and two of the flaws may have been ...
Hosted on MSN

Urgent: zero-day exploit discovered in Chromium browsers

A zero-day vulnerability in Chromium-based browsers, identified as CVE-2025-10585, allows active exploitation through the V8 JavaScript engine's just-in-time compiler. Users are advised to update ...
Healthcare IT News

Cyber threat roundup: Akira ransomware, zero-day vulnerabilities and more

With the end of the government shutdown comes reauthorization of the Cybersecurity and Infrastructure Security Agency. The Department of Homeland Security agency has released a series of cybersecurity ...
CSOonline

Zero-day exploits hit Cisco ISE and Citrix systems in an advanced campaign

According to the Amazon Threat Intelligence team, attackers exploited bugs in Cisco and Citrix appliances before they were made public, deploying custom in-memory tooling against core identity ...
Dark Reading

Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs

With 63 unique CVEs, Microsoft's November security update is considerably slimmer than the company's record-busting patch rollout last month, which contained fixes for as many as 175 vulnerabilities.
Android

Galaxy Zero-Day: Spyware Hid in Samsung Phones for Nearly a Year

The LANDFALL spyware exploited a Samsung Galaxy zero-day (CVE-2025-21042) for nearly a year, targeting flagship phones via malicious DNG images sent through apps like WhatsApp. The sophisticated ...
Infosecurity-magazine.com

CISA Adds Zero-Day Bug Used in Spyware Attacks to KEV

US federal agencies have been told to patch a zero-day vulnerability used by threat actors since last year to deploy spyware to Samsung devices. The out-of-bounds write flaw CVE-2025-21042 has a CVSS ...