More results...
VexTrio, a sophisticated threat actor known for operating a massive traffic distribution system (TDS), has expanded its malicious activities by deploying fake VPN applications on major app stores, including Google Play and the Apple App Store. Originat…
Google’s vulnerability finding team is again pushing the envelope of responsible disclosure:
Google’s Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period allowed for patch adoption if the bug is fixed before the deadline.
However, as of July 29, Project Zero will also release limited details about any discovery they make within one week of vendor disclosure. This information will encompass:
- The vendor or open-source project that received the report
…
July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly disclosed CVE, s…
Google confirms a data breach by ShinyHunters hackers, who used a vishing scam to access a Salesforce database with small business customer info.
Here’s a look inside Black Hat USA 2025. The featured vendors are: Stellar Cyber, Vonahi Security, Gurucul, Check Point, HackerOne, EasyDMARC, Elastic, Gogole, Tines, Veracode, VioletX, Pentera, Keep Aware, Oleria, SpyCloud, and Picus Security.
T…
Google has confirmed that one of its corporate Salesforce instances was breached in June by sophisticated threat actors, resulting in the theft of contact information for small and medium businesses. The incident highlights the growing threat of voice …
The China-aligned threat actor Mustang Panda, also known as Earth Preta, HIVE0154, RedDelta, and Bronze President, has been deploying the ToneShell backdoor against Windows users, primarily targeting government and military entities in the Asia-Pacific…
A Google Salesforce instance may have been targeted as part of a ShinyHunters campaign that hit several major companies.
The post Google Discloses Salesforce Hack appeared first on SecurityWeek.
Google addressed multiple Android flaws, including two Qualcomm vulnerabilities that were actively exploited in the wild. Google released security updates to address multiple Android vulnerabilities, including two Qualcomm flaws, tracked as CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), that were actively exploited in the wild. In June, Google Android Security team reported three […]
AI prevented real-world cyberattacks before they began. Can AI continue to beat human threat actors to zero-day vulnerabilities?