CVE-2025-55177

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We...

CVE-2025-55177

CVE-2025-55177 affects WhatsApp products on iOS (prior to v2.25.21.73), WhatsApp Business for iOS (v2.25.21.78), and WhatsApp for Mac (v2.25.21.78). The root cause is incomplete authorization of linked device synchronization messages, which could allow an unrelated user to trigger processing of c...

Malicious code in enumerate-iam (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx bfefcae6c29da10e63d630fc7e012995d730cc5c0af3a8144dc517f26382a3bd Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

Malicious code in python-cos-sdk-v5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 9d23946b30370561c42df798c468626c8ec508cdf6f0fc22cc34bb67f2fa187e Malicious Typosquatting packages campaign targeting developers, steals cloud service credentials Source: google-open-source-security...

Apple’s Lockdown Mode

I havent written about Apples Lockdown Mode yet, mostly because I havent delved into the details. This is how Apple describes it: Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of...

New Cache Side Channel Attack Can De-Anonymize Targeted Online Users

A group of academics from the New Jersey Institute of Technology NJIT has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target i.e.,...

CentOS Web Panel Elevation of Privilege Vulnerability

CentOS Web Panel CWP is a free web hosting control panel. An elevation of privilege vulnerability exists in CentOS Web Panel version 0.9.8.851, which can be exploited by an attacker to remove targeted users from phpMyAdmin...

Twitter State-Sponsored Attack Notification

Twitter’s decision to notify users when their accounts are targeted in state-sponsored attacks earned its share of praise. But Twitter’s silence in terms of specifics about the attacks—whether by choice or gagged by a National Security Letter—has foisted some anxiety upon those who were notified....

Twitter State-Sponsored Attack Notification

Update A relatively small number of Twitter users, including a few connected to security and privacy advocacy, have been informed that their accounts have been targeted by state-sponsored hackers. Notifications began appearing in the inboxes of affected users two days ago, with very little concre...

Microsoft Office 2000/2002 Property Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18911/info Microsoft Office is prone to a code-execution vulnerability. This is due to a failure to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execu...