#google

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo designs, a new investigation reveals.

Security leaders must address both internal and external risks, ranging from sophisticated cyberattacks to insider threats. At the same time, they must also adhere to an ever-growing list of regulations, including the General Data Protection Regulation (GDPR), the EU Cyber Resilience Acts (CRA) and industry-specific mandates like Payment Card Industry Data Security Standard (PCI DSS) and the Digital Operational Resilience Act (DORA). Balancing these concerns requires a strategic approach that integrates security and compliance without compromising operational efficiency.External threatsCybercr

Google has patched 47 Android vulnerabilities in its May update, including an actively exploited FreeType vulnerability.

New research shows Google Cloud and smaller providers have the highest cloud vulnerability rates as compared to AWS…

Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild. The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges. "The most severe of

**Vulnerable MobSF Versions:** <= v4.3.2 **Details:** MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external vendors. MobSF provides a feature that allows users to upload ZIP files for static analysis. Upon upload, these ZIP files are automatically extracted and stored within the MobSF directory. However, this functionality lacks a check on the total uncompressed size of the ZIP file, making it vulnerable to a ZIP of Death (zip bomb) attack. Due to the absence of safeguards against oversized extractions, an attacker can craft a specially prepared ZIP file that is small in compressed form but expands to a massive size upon extraction. Exploiting this, an attacker can exhaust the serv...

Let’s be honest: if you're one of the first (or the first) security hires at a small or midsize business, chances are you're also the unofficial CISO, SOC, IT Help Desk, and whatever additional roles need filling. You’re not running a security department. You are THE security department. You're getting pinged about RFPs in one area, and reviewing phishing alerts in another, all while sifting

A list of topics we covered in the week of April 27 to May 3 of 2025

Passwords are becoming things of the past. Passkeys are more secure, easier to manage, and speed up the log in process

These 3 cybersecurity threats may not be the most sophisticated, but they're the most effective—and serious—threats for small businesses.