New ‘WhoAmI’ Attack Targets AWS AMI Naming to Slip Malicious Images Into Cloud Deployments Introduction A recently discovered cybersecurity threat, referred to as the WhoAmI attack, is taking aim at Amazon Web Services (AWS). By manipulating the naming of Amazon Machine Images (AMIs), attackers can introduce harmful images into AWS instances. This tactic allows them […]
Article Summary A newly discovered vulnerability in PostgreSQL has attracted attention from both security researchers and cybercriminals. Attackers have reportedly exploited this flaw to gain unauthorised access, potentially placing sensitive information at risk. The vulnerability allows malicious users to manipulate database queries and, in some cases, even escalate privileges. PostgreSQL maintainers have issued patches, emphasising […]
Meta Confirms Zero-Click WhatsApp Vulnerability on iOS Meta has publicly confirmed that WhatsApp, one of the world’s most-used messaging services, recently contained a serious zero-click vulnerability on iOS devices. This flaw allowed attackers to compromise a target’s smartphone without requiring the user to tap or open any link. How the Attack Worked A zero-click exploit […]
A recent article explores how quickly modern cybercriminals can crack various types of passwords. Thanks to advancements in hardware and new cracking techniques, the time it takes to breach weak or common passwords has drastically shortened. The piece highlights why basic combinations (like “123456” or “password”) are exceptionally vulnerable and how even seemingly complex passwords […]
A new ransomware strain is actively targeting VMware ESXi systems through a previously disclosed security flaw, according to a recent report. Attackers exploit unpatched servers running virtual machines, enabling them to encrypt large numbers of workloads swiftly. By focusing on the hypervisor rather than individual machines, criminals aim for maximum operational disruption. Security researchers indicate […]
A series of unpatched security flaws in the PHP-based Voyager admin panel has left numerous websites vulnerable to remote code execution and privilege escalation attacks. These weaknesses centre on insufficient input sanitisation and inadequate access controls, potentially enabling attackers to manipulate website databases or execute arbitrary commands. Despite awareness of these issues, no official fixes […]
DeepSeek AI Exposes Over 1 Billion Personal Records Through Misconfigured Database Summary: A misconfigured database belonging to DeepSeek AI, a company specialising in artificial intelligence-driven data analysis, was recently found leaking over 1.1 billion personal records. These records appear to include names, email addresses, phone numbers, and other sensitive information sourced from both public and […]
Apple Issues Critical Updates to Address Actively Exploited Zero-Day in iOS, macOS, iPadOS, and watchOS Apple has released a series of urgent software updates to patch a critical zero-day vulnerability affecting iOS, macOS, iPadOS, and watchOS. According to Apple, the flaw (which it has confirmed is being actively exploited in the wild) could allow malicious […]
SonicWall has issued an urgent advisory concerning a critical security flaw in its Secure Mobile Access (SMA) 1000 Series appliances. The vulnerability, identified as CVE-2025-23006, carries a severity rating of 9.8 out of 10 on the CVSS scale, indicating its high potential impact. Nature of the Vulnerability The flaw stems from a pre-authentication deserialisation of […]
