- Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wildby info@thehackernews.com (The Hacker News) on 05/08/2025 at 13:59
Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025. CVE-2025-21479
- Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approvalby info@thehackernews.com (The Hacker News) on 05/08/2025 at 13:01
Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in remote code execution. The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to the fact that it exploits a quirk in the way the software handles modifications to Model
- Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risksby info@thehackernews.com (The Hacker News) on 05/08/2025 at 11:25
In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that distinction can quietly create real exposure. This confusion isn’t just semantics. It reflects a deeper misunderstanding of the shared responsibility model, particularly in SaaS environments where the line between vendor and customer
- How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidentsby info@thehackernews.com (The Hacker News) on 05/08/2025 at 10:00
Why do SOC teams still drown in alerts even after spending big on security tools? False positives pile up, stealthy threats slip through, and critical incidents get buried in the noise. Top CISOs have realized the solution isn’t adding more and more tools to SOC workflows but giving analysts the speed and visibility they need to catch real attacks before they cause damage. Here’s how
- 15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaignby info@thehackernews.com (The Hacker News) on 05/08/2025 at 07:27
Cybersecurity researchers have lifted the veil on a widespread malicious campaign that's targeting TikTok Shop users globally with an aim to steal credentials and distribute trojanized apps. "Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users," CTM360 said. "The core tactic involves a deceptive