The Hacker News

Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp

LANDFALL spyware exploited a Samsung Galaxy flaw (CVE-2025-21042) via WhatsApp images before April 2025 patch.
American Hospital Association

H-ISAC TLP White Threat Bulletin: POC Exploit Available for the Recent Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability

In March 2024, a vulnerability in Microsoft Windows Cloud Files Minifilter driver, tracked as CVE-2025-55680 (CVSS score of 7.8), was initially discovered by Exodus Intelligence.
SecurityWeek

Chrome 142 Update Patches High-Severity Flaws

Google pushed out a Chrome 142 update to address five vulnerabilities in the browser, including three high-severity flaws.

Popular JavaScript library expr-eval vulnerable to RCE flaw

A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
SecurityWeek

Cisco Patches Critical Vulnerabilities in Contact Center Appliance

Cisco announced patches for nearly a dozen vulnerabilities, including two critical flaws leading to remote code execution.

Hackers targeting Cisco IOS XE devices with BadCandy implant

A critical vulnerability in Cisco IOS XE is being exploited to install an implant called BadCandy in a renewed wave of ...
Dark Reading

APT 'Bronze Butler' Exploits Zero-Day to Root Japan Orgs

A critical security issue in a popular endpoint manager allowed Chinese state-sponsored attackers to backdoor Japanese businesses.