A severe security vulnerability has been discovered in Xiaomi’s interoperability application, potentially exposing millions of users to unauthorized device access. The vulnerability, assigned CVE-2024-45347, carries a severe CVSS score of 9.6, indicating its high-risk nature for affected users. Attackers can exploit this vulnerability to bypass authentication mechanisms and gain complete unauthorized access to victim devices […]
The post Xiaomi’s Interoperability App Vulnerability Let Hackers Gain Unauthorized Access to the Victim’s Device appeared first on Cyber Security News.
DataKrypto and Tumeryk join forces to deliver world’s first secure encrypted guardrails for AI LLMs and SLMs.
The post DataKrypto and Tumeryk Join Forces to Deliver World’s First Secure Encrypted Guardrails for AI LLMs and SLMs appeared first on Security Boulevard.
Today, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development.
Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages (MSLs) offers the most comprehensive mitigation against this class of vulnerabilities and provides built-in safeguards that enhance security by design.
CISA’s Secure by Design program advocates for integrating proactive security measures throughout the software development lifecycle, with MSLs as a central component. Consistent support for MSLs underscores their benefits for national security and resilience by reducing exploitable flaws before products reach users.
This joint guide outlines key challenges to adopting MSLs, offers practical approaches for overcoming them, and highlights important considerations for organizations seeking to transition toward more secure software development practices. Organizations in academia, U.S. government, and private industry are encouraged to review this guidance and support adoption of MSLs.
In addition to the product published today, CISA and the NSA previously released the joint guide, The Case for Memory Safe Roadmaps. To learn more about memory safety, visit Secure by Design on CISA.gov.
Please share your thoughts with us via our anonymous product survey; we welcome your feedback.
CISA released eight Industrial Control Systems (ICS) advisories on June 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.
Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall NetExtender is an SSL‑VPN client used by companies to give remote employees secure access to their internal networks. SonicWall does not mention how prospective victims were lured to the lookalike sites impersonating the company and offering the compromised version of NetExtender, but said that … More →
The post Trojanized SonicWall NetExtender app exfiltrates VPN credentials appeared first on Help Net Security.
A sophisticated phishing campaign emerged in May 2025, targeting U.S. citizens through a coordinated impersonation of state Department of Motor Vehicles (DMV) agencies. This large-scale operation utilized SMS phishing techniques combined with deceptive web infrastructure to harvest personal and financial information from unsuspecting victims across multiple states. The attackers employed alarming messages about unpaid toll […]
The post Weaponized DMV-Themed Phishing Attacking U.S. Citizens to Harvest Personal and Financial Data appeared first on Cyber Security News.
A critical vulnerability (CVE-2025-52562) in Performave Convoy—a KVM server management panel widely used by hosting providers—enables unauthenticated attackers to execute arbitrary code on affected systems. Rated the maximum CVSS score of 10.0, this flaw exposes servers to complete compromise without requiring authentication. Vulnerability Summary According to the Github report, the flaw resides in Convoy’s LocaleController component, where […]
The post Critical Convoy Flaw Allows Remote Code Execution on Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
The National Cyber Security Centre (NCSC) has issued a critical alert regarding a newly identified malware, dubbed SHOE RACK, which has been observed targeting Fortinet firewalls and other perimeter devices. Developed using the Go 1.18 programming language, this malicious software demonstrates a high level of sophistication by leveraging DNS-over-HTTPS (DoH) for command and control (C2) […]
The post NCSC Warns of SHOE RACK Malware Targeting Fortinet Firewalls via DOH & SSH Protocols appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Threats to retailers will intensify with more ransomware attacks, combined with the security implications of new technologies.
The post Fortifying Retail Security: Practical Steps to Prevent Cyberattacks appeared first on Security Boulevard.
In a landmark move for the artificial intelligence industry, Google Cloud has donated its Agent2Agent (A2A) protocol to the Linux Foundation, marking a significant step toward open, secure, and interoperable communication between AI agents. The announcement was made at the Open Source Summit North America, where the Linux Foundation unveiled the formation of the Agent2Agent […]
The post Google Cloud Donates A2A Protocol to Linux Foundation for Smarter, Secure Communication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.