Cyber Security – Page 47 – Simply Secure Group

WhatsApp Vulnerabilities Leaks Users Metadata Including Devices Operating System

WhatsApp’s multi-device encryption protocol has long leaked metadata, allowing attackers to fingerprint users’ device operating systems, aiding targeted malware delivery. Recent research highlights partial fixes by Meta, but transparency issues persist. Meta’s WhatsApp, with over 3 billion monthly active users, uses end-to-end encryption (E2EE) for message security; however, its multi-device feature reveals device information. In […]

Gmail to Discontinue POP3 Mail Fetching for External Email Accounts

Google has announced that Gmail will discontinue support for two key features regarding third-party email accounts. Starting in January 2026, the platform will drop support for “Gmailify” and the widely utilized “Check mail from other accounts” feature via POP3 fetching. For over a decade, power users have relied on Gmail not just as an email […]

Threat Actor Allegedly Claim Leak of NordVPN Salesforce Database with Source Codes

A threat actor operating under the identifier 1011 has publicly claimed to have obtained and leaked sensitive data from NordVPN’s development infrastructure on a dark web forum. The breach reportedly exposes over ten database source codes, along with critical authentication credentials that could pose significant risks to the VPN provider’s operational security. The attacker alleges […]

Infostealers Enable Attackers to Hijack Legitimate Business Infrastructure for Malware Hosting

A dangerous cybercrime feedback loop has emerged where stolen credentials from infostealer malware enable attackers to hijack legitimate business websites and turn them into malware distribution platforms. Recent research by the Hudson Rock Threat Intelligence Team reveals this self-sustaining cycle transforms victims into unwitting accomplices. The ClickFix Attack Method Cybercriminals use a sophisticated social engineering […]

Finland Arrests Two Cargo Ship Crew Members Over Undersea Cable Damage

Finnish authorities have detained all 14 crew members of a cargo vessel suspected of deliberately damaging an undersea telecommunications cable connecting Helsinki to Estonia. The ship, named Fitburg, was sailing from St. Petersburg, Russia, to Haifa, Israel, under a St. Vincent and the Grenadines flag when the incident occurred. The crew, comprising Russian, Georgian, Kazakh, […]

VVS Stealer Uses PyArmor Obfuscation to Evade Static Analysis and Signature Detection

The cybersecurity landscape is witnessing a rise in sophisticated malware that leverages legitimate tools to mask malicious intent. A prime example is VVS Stealer (also styled VVS $tealer). This Python-based malware family has been actively marketed on Telegram since April 2025. This threat targets Discord users explicitly to exfiltrate sensitive credentials, tokens, and browser data. […]

10,000+ Fortinet Firewalls Still Exposed to 5-year Old MFA Bypass Vulnerability

Over 10,000 Fortinet firewalls worldwide remain vulnerable to CVE-2020-12812, a multi-factor authentication (MFA) bypass flaw disclosed over five and a half years ago. Shadowserver recently added the issue to its daily Vulnerable HTTP Report, highlighting persistent exposure amid active exploitation confirmed by Fortinet in late 2025. CVE-2020-12812 stems from improper authentication in FortiOS SSL VPN […]

Handala Hackers Targeted Israeli Officials by Compromising Telegram Accounts

In December 2025, the Iranian-linked hacking group Handala claimed to have fully compromised the mobile devices of two prominent Israeli political figures. However, detailed analysis by Kela cyber intelligence researchers revealed a more limited scope—the breaches targeted Telegram accounts specifically, not complete device access. The group claimed to have breached former Prime Minister Naftali Bennett’s […]

Hackers Abusing Google Tasks Notification for Sophisticated Phishing Attack

Hackers have launched a sophisticated phishing campaign exploiting Google Tasks notifications to target over 3,000 organizations worldwide, primarily in the manufacturing sector. The December 2025 attacks signal a dangerous shift in email-based threats, in which attackers abuse legitimate Google infrastructure rather than spoofing domains or forging email headers. The phishing emails originated from a legitimate […]

RondoDoX Botnet Weaponizing a Critical React2Shell Vulnerability to Deploy Malware

A sophisticated threat group has intensified its campaign against organizations by leveraging the latest vulnerabilities in web applications and Internet of Things (IoT) devices. The RondoDoX botnet, tracked through exposed command-and-control logs spanning nine months from March to December 2025, demonstrates a relentless approach to compromising enterprise infrastructure. The malware operates through a multi-stage infection […]

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.