Development

The hidden risks of browser extensions – and how to stay safe

July 31, 2025

Not all browser add-ons are handy helpers – some may contain far more than you have bargained for Source: Read…

Development

Minnesota National Guard Deployed After Major Cyberattack on St. Paul City Systems

July 31, 2025

The state of Minnesota has activated the National Guard to assist the city of St. Paul after a massive cyberattack…

Development

From Automation to Augmentation: The Future of SOCs in Enterprise Cybersecurity

July 31, 2025

Vaibhav Dutta, Associate Vice President and Global Head-Cybersecurity Products & Services at Tata Communications The sophistication and continuous threat of…

Development

Scattered Spider Hacker Arrests Halt Attacks, But Copycat Threats Sustain Security Pressure

July 31, 2025

Google Cloud’s Mandiant Consulting has revealed that it has witnessed a drop in activity from the notorious Scattered Spider group,…

Development

CodeIgniter4 Flaw CVE-2025-54418 Enables Remote Code Execution via File Uploads

July 31, 2025

A major security flaw has been detected in the popular PHP framework CodeIgniter4. The tag of a critical vulnerability, CVE-2025-54418,…

Development

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

July 31, 2025

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack…

Development

India’s Financial Capital Mumbai Suffers $135 Million Loss in Cyber Frauds

July 31, 2025

The financial capital of India, Mumbai, has suffered staggering financial losses amounting to Rs 1,127 crore (approximately $135 million) between January…

Development

Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero

July 31, 2025

Google has announced that it’s making available a security feature called Device Bound Session Credentials (DBSC) in open beta to…

Development

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

July 31, 2025

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over…

Development

Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

July 31, 2025

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could…

Development

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

July 31, 2025

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said…

Development

Product Walkthrough: A Look Inside Pillar’s AI Security Platform

July 31, 2025

In this article, we will provide a brief overview of Pillar Security’s platform to better understand how they are tackling…

Development

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

July 31, 2025

Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files…

Development

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

July 31, 2025

Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8…

Development

U.S. Data Breach Costs Rise as Global Average Falls

July 31, 2025

Data breaches in the U.S. are getting more costly even as they’re getting cheaper in the rest of the world. …

Smashing Security podcast #428: Red flags, leaked chats, and a final farewell

July 31, 2025

The viral women-only dating safety app Tea, built to flag red flags, gets flagged itself – after leaking over 70,000…

Development

iOS 18.6 to macOS 15.6: Apple Releases Comprehensive Security Updates

July 31, 2025

Apple has rolled out a wide-ranging series of Apple security updates and Rapid Security Responses, spanning iOS, iPadOS, macOS, tvOS,…

Development

Hackers Exploit Critical WordPress Theme Flaw to Hijack Sites via Remote Plugin Install

July 31, 2025

Threat actors are actively exploiting a critical security flaw in “Alone – Charity Multipurpose Non-profit WordPress Theme” to take over…

Development

Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs

July 31, 2025

Security Operations Centers (SOCs) are stretched to their limits. Log volumes are surging, threat landscapes are growing more complex, and…

Development

UNC2891 Breaches ATM Network via 4G Raspberry Pi, Tries CAKETAP Rootkit for Fraud

July 31, 2025

The financially motivated threat actor known as UNC2891 has been observed targeting Automatic Teller Machine (ATM) infrastructure using a 4G-equipped…

Highlights

CVE-2025-46327 – Snowflake Golang Driver Local File Configuration TOCTOU

April 29, 2025

CVE ID : CVE-2025-46327

Published : April 28, 2025, 11:15 p.m. | 3 hours, 50 minutes ago

Description : gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and macOS the Driver verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Driver. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 1.13.3.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…