Magánszemélyeknek

ASUS has disclosed that its routers with the AiCloud feature activated are affected by the critical authentication bypass vulnerability, tracked as CVE-2025-2492, which could be leveraged to facilitate unauthorized function execution, Security Affairs reports.

BleepingComputer reports that Google was discovered by Ethereum Name Service lead developer Nick Johnson to have had an OAuth vulnerability leveraged to facilitate the delivery of a bogus email purporting to be a security alert from the company with a valid DomainKeys Identified Mail authentication key as part of a DKIM replay phishing intrusion.

Android devices have been targeted with the new SuperCard X malware-as-a-service platform to pilfer funds from payment cards as part of a new scam that also involves social engineering and NFC exploitation, according to The Record, a news site by cybersecurity firm Recorded Future.

Massive ongoing US toll fraud underpinned by Chinese smishing kit Numerous threat actors have been leveraging an SMS phishing kit developed by Chinese threat actor "Wang Duo Yu" to conduct a widespread smishing attack campaign against toll road users across several U.S. states that has been underway since October, The Hacker News reports.

Distributed denial-of-service malware XorDDoS has been enhanced with a more advanced controller as it continued to proliferate around the world from November 2023 to February 2025, according to Cyber Security News.

Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.

A ransomware attack and incident involving former employees led to potential HIPAA violations.

Threat actors would be at least temporarily derailed, experts say. But the real issue ladders back to organizations’ weak cyber hygiene.