Laravel admin package Voyager vulnerable to one-click RCE flaw

Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. The issues remain unfixed and can be exploited against an authenticated Voyager user that clicks on a malicious link. Vulnerability researchers at SonarSource, a code quality and security company, say that they tried to report the […]

Uncover Hidden Browsing Threats: Get a Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks

As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, […]

Hackers exploiting flaws in SimpleHelp RMM to breach networks

Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks. The flaws, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, allow threat actors to download and upload files on devices and escalate privileges to administrative levels. The vulnerabilities were discovered and disclosed by Horizon3 […]

New Apple CPU side-channel attacks steal data from browsers

A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers. The Georgia Institute of Technology and Ruhr University Bochum researchers, who presented another attack dubbed ‘iLeakage‘ in October 2023,  presented their new findings in two separate papers, namely FLOP and SLAP, which show distinct flaws […]

Apple fixes this year’s first actively exploited zero-day bug

​Apple has released security updates to fix this year’s first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users. The zero-day fixed today is tracked as CVE-2025-24085 [iOS/iPadOS, macOS, tvOS, watchOS, visionOS] and is a privilege escalation security flaw in Apple’s Core Media framework. “A malicious application may be able to elevate privileges. […]

EU sanctions Russian GRU hackers for cyberattacks against Estonia

The European Union sanctioned three hackers, part of Unit 29155 of Russia’s military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia’s government agencies in 2020. Today, the Council of the EU says that GRU officers Nikolay Korchagin, Vitaly Shevchenko, and Yuriy Denisov stole thousands of sensitive documents containing classified information after breaching several […]

UnitedHealth now says 190 million impacted by 2024 data breach

UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure. In October, UnitedHealth reported to the US Department of Health and Human Services Office for Civil Rights that the attack affected 100 million people. However, as first reported by TechCrunch, […]