Cybersecurity researchers are warning about a new Android malware campaign that takes advantage of legitimate AI infrastructure to distribute malicious software, highlighting a growing trend where attackers hide in plain sight by abusing trusted platforms. According to a recent analysis by Bitdefender Labs, attackers have been using Hugging Face, a popular hosting platform for machine

Continue Reading

WhatsApp has just rolled out a new feature aimed at providing users with stronger safeguards against sophisticated cyber threats. Called Strict Account Settings, this functionality is designed for individuals who need an extra layer of protection—such as journalists, public-facing figures, or anyone concerned about targeted attacks. At its core, WhatsApp continues to offer default end-to-end

Continue Reading

Cisco has released multiple security updates affecting enterprise communications, contact center, and infrastructure platforms widely deployed in production environments. Among the issues addressed is a critical remote code execution vulnerability that Cisco reports is being actively exploited. The most severe issue is a remote code execution vulnerability affecting multiple Cisco Unified Communications products. Tracked as

Continue Reading

Zoom has patched a command injection vulnerability affecting its Node Multimedia Router infrastructure in on-premises and hybrid deployments. Zoom Node is an enterprise hybrid deployment platform that allows large organizations to run Zoom workloads on their own infrastructure rather than solely in Zoom’s cloud. Organizations typically use Zoom Node to meet compliance requirements, keep meeting

Continue Reading

Cloudflare has resolved a security vulnerability in its certificate validation logic that could temporarily bypass web application firewall (WAF) protections. The issue, affecting ACME (Automatic Certificate Management Environment), was reported by security researchers late last year through Cloudflare’s bug bounty program. Cloudflare has implemented a fix, no action is required from customers, and there is

Continue Reading

Security researchers have demonstrated a new way that artificial intelligence features can be misused without exploiting traditional software bugs. In recent research published by application security firm Miggo, a standard Google Calendar invite was used to influence Google’s Gemini AI assistant and bypass expected privacy boundaries using language alone. The finding highlights a growing concern

Continue Reading

A Windows authentication method that security experts have warned about for decades is once again in the spotlight. Net-NTLMv1, a legacy protocol used in some Microsoft Active Directory environments, is being actively pushed toward retirement following a new release from Google-owned threat intelligence firm Mandiant. The company has made public a large dataset that dramatically

Continue Reading

Cybersecurity researchers from KU Leuven, a Belgian university, have disclosed a Bluetooth vulnerability called WhisperPair, affecting certain audio devices that implement Google Fast Pair technology. The findings were published as part of a coordinated security disclosure and document weaknesses in how some wireless accessories handle Fast Pair connections. Google has been informed of the findings

Continue Reading