Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

QR codes sent in attachments are the new favorite for phishers

Phishers are putting QR codes as images in attachments because it helps them bypass email filters.

Malwarebytes
Open in Source
#web#ios#android#mac#google#microsoft#git
CVE-2025-25001: Microsoft Edge for iOS Spoofing Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability?** An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability).

CVE-2025-29796: Microsoft Edge for iOS Spoofing Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** A user could be tricked into entering credentials or responding to a pop up after opening a specially crafted file or clicking on a link, typically by way of an enticement in an email or URL.

CVE-2025-29815: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?** This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution.

CVE-2025-25000: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 135.0.3179.54 4/3/2025 135.0.7049.41/.42/.52

China’s FamousSparrow APT Hits Americas with SparrowDoor Malware

China-linked APT group FamousSparrow hits targets in the Americas using upgraded SparrowDoor malware in new cyberespionage campaign, ESET reports.

Canon Printer Drivers Flaw Could Let Hackers Run Malicious Code

A critical vulnerability (CVE-2025-1268) in Canon printer drivers allows remote code execution. See which drivers are affected, how to patch them.

Microsoft Teams Vishing Used to Deploy Malware via TeamViewer

A vishing scam via Microsoft Teams led to attackers misusing TeamViewer to drop malware and stay hidden using simple but effective techniques.

“Urgent reminder” tax scam wants to phish your Microsoft credentials

With tax season in full swing, we're seeing scammers flexing their social engineering muscles. Be prepared.

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of