Android Spyware in the UAE Masquerades as … Spyware
In a clever, messed-up twist on brand impersonation, attackers are passing off their spyware as a notorious UAE government surveillance app.
-
-
Google Sheds Light on ShinyHunters’ Salesforce Tactics
Mandiant provided proactive defenses against UNC6040’s social engineering attacks that have led to several Salesforce breaches.
-
Shutdown Threatens US Intel Sharing, Cyber Defense
Lapse of critical information sharing and mass furloughs at CISA are just some of the concerns.
-
New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer
In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel’s Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data. SGX is designed as a hardware feature in Intel server processors that allows applications to be…
-
A $50 ‘Battering RAM’ Can Bust Confidential Computing
Researchers have demonstrated an attack that can break through modern Intel and AMD processor technologies that protect encrypted data stored in memory.
-
Undead Operating Systems Haunt Enterprise Security Networks
Windows 10 reaches end-of-life on Oct. 14, which will triple the number of vulnerable enterprise systems and create a massive attack surface for cybercriminals.
-
OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances. The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as…
-
How Leading Security Teams Blend AI + Human Workflows (Free Webinar)
AI is changing automation—but not always for the better. That’s why we’re hosting a new webinar, “Workflow Clarity: Where AI Fits in Modern Automation,” with Thomas Kinsella, Co-founder & Chief Customer Officer at Tines, to explore how leading teams are cutting through the hype and building workflows that actually deliver.The rise of AI has changed…
-
Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover
A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions. OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale and across hybrid cloud environments….
-
Introducing Sophos Advisory Services
See how your networks, systems, and employees stand up to simulated attacks before an adversary strikes.