Western Digital has released firmware updates for several My Cloud NAS models. The update fixes a critical vulnerability that could be used for remote execution of arbitrary commands.
CONTINUE READING 🡒 Author: HackMag
Gemini Trifecta vulnerabilities made the Gemini AI assistant steal data
Researchers have disclosed details of three already-fixed vulnerabilities in Google’s Gemini AI assistant, collectively dubbed Gemini Trifecta. If successfully exploited, these issues allowed attackers to trick the AI into participating in data theft and other malicious activity.
CONTINUE READING 🡒 
DrayTek patches an RCE vulnerability in its routers
DrayTek, a networking equipment manufacturer, has issued an advisory about a vulnerability that affects several Vigor router models. The flaw allows remote, unauthenticated attackers to execute arbitrary code.
CONTINUE READING 🡒 
Hackers stole Discord users’ data and identity documents
Hackers stole payment information and personal data (including real names and identity documents) of some Discord users. The attack occurred on September 20, 2025 and is linked to the compromise of a third-party provider that supplies the…
CONTINUE READING 🡒 
Eight-Year-Old Vulnerability Found in the Unity Engine
A vulnerability has been discovered in the Unity game engine that has existed since 2017. The issue can be exploited for code execution on Android and for privilege escalation on Windows. Valve’s developers have already updated Steam,…
CONTINUE READING 🡒 
The Crimson Collective hacking group claims to have stolen 570…
The ransomware group Crimson Collective has claimed to have stolen 570 GB of data from 28,000 internal Red Hat repositories. Company representatives confirmed that one of its GitLab instances was breached.
CONTINUE READING 🡒 
Hackers Are Sending SMS via Vulnerable Milesight Industrial Routers
Fraudsters are exploiting unsecured Milesight industrial routers to send out phishing SMS messages. Sekoia specialists discovered that such campaigns have been ongoing since 2023.
CONTINUE READING 🡒 
Internet access in Afghanistan is starting to be restored
Analysts from the international organization NetBlocks reported that after two days of a complete shutdown, internet connections in Afghanistan have begun to be restored. Meanwhile, the country’s authorities stated that the outages were caused by aging fiber-optic…
CONTINUE READING 🡒 
New Android banking trojan Klopatra uses VNC to control infected…
An Android banking trojan and RAT called Klopatra masquerades as an IPTV and VPN app and has already infected more than 3,000 devices. The malware is a trojan capable of monitoring the device’s screen in real time,…
CONTINUE READING 🡒 
AI to detect ransomware in Google Drive
Google has introduced a new AI tool designed for Drive for desktop. The model is said to be trained on millions of real ransomware samples and can pause syncing to reduce the damage from a ransomware attack.
CONTINUE READING 🡒 
Tile Trackers Transmit Data in Plaintext
A group of researchers from the Georgia Institute of Technology claims that Tile Bluetooth trackers transmit identifying data in plaintext. This makes it easy to identify and track their owners.
CONTINUE READING 🡒 
MatrixPDF Turns PDF Files into Phishing Lures
A new phishing toolkit, MatrixPDF, has been discovered that allows attackers to turn ordinary PDF files into interactive lures that bypass email security and redirect victims to sites for credential theft or malware downloads.
CONTINUE READING 🡒 
Critical sudo vulnerability is under active exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo utility, which allows commands to be executed on Linux with root-level privileges.
CONTINUE READING 🡒 Internet Completely Shut Down Across Afghanistan
According to specialists from NetBlocks and Cloudflare, on September 29, 2025, a complete internet shutdown was imposed in Afghanistan. Analysts reported that internet service providers in the country were disconnected in stages, and telephone service is also…
CONTINUE READING 🡒 
Japan’s largest brewer halted operations after a hacker attack
Asahi Group Holdings (hereinafter, Asahi), the producer of Japan’s best-selling beer, suffered a cyberattack that disrupted operations at multiple production sites. The incident affected order intake and delivery processes, which had to be suspended. The call center…
CONTINUE READING 🡒 
Brave to add Ask Brave AI search feature
The developers at Brave Software, the company behind the privacy-focused browser and search engine, have introduced the Ask Brave feature, which combines search and an AI chat into a single interface.
CONTINUE READING 🡒 
F-Droid developers criticize Android’s restrictions on sideloading third-party apps
Recently, Google announced that starting in 2026, only apps from verified developers will be installable on certified Android devices. Representatives of F-Droid say that if developers operating outside the Google Play store are required to undergo verification,…
CONTINUE READING 🡒 
UK government to allocate £1.5 billion to Jaguar Land Rover…
The UK government will provide Jaguar Land Rover with a government-backed loan of £1.5 billion ($2 billion) to restore its supply chain after a large-scale cyberattack that forced the automaker to halt production.
CONTINUE READING 🡒 
Hackers asked a BBC journalist to help them hack a…
Operators of the Medusa ransomware offered a large sum of money to a BBC employee and wanted to use them as an insider for a cyberattack on the media company.
CONTINUE READING 🡒 
Akira ransomware hacks SonicWall SSL VPN and bypasses multi-factor authentication
Arctic Wolf experts warn that Akira ransomware attacks on SonicWall SSL VPN devices continue to evolve. Hackers are successfully logging into accounts even with multi-factor authentication (MFA) enabled using one-time passwords (OTP). It is believed that the…
CONTINUE READING 🡒