Today's security news highlights a critical, long-standing Samsung KNOX flaw and ongoing exploitation of FortiGate firewalls for credential theft. Additionally, several major data breaches and new malware campaigns underscore the persistent threat landscape for both individuals and organizations.

Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices — A high-severity use-after-free vulnerability in Samsung's KNOX security framework, present for eight years, affected Android-powered Galaxy devices from the S9 through S25, exposing them to kernel attacks. Read more →
FortiBleed Attackers Turn Firewalls Into Credential Stealers — Threat actors are using a Golang-based sniffer to target 430,000 FortiGate firewalls, identifying 110 million credentials in an ongoing global campaign. Read more →
FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers — A newly disclosed flaw in FFmpeg's libavcodec library, dubbed 'PixelSmash,' allows attackers to execute code by sending crafted media files to applications using the library, including video players, media servers, and NAS appliances. Read more →
Xsolis Data Breach Affects 1.4 Million Individuals — Threat actors gained access to personal and protected health information that Xsolis received from its clients, impacting 1.4 million individuals. Read more →
Canadian Electricity Provider London Hydro Discloses Data Breach — Hackers stole customers’ names, addresses, email addresses, phone numbers, and account information from London Hydro. Read more →
Malicious npm Packages Deliver Windows RAT — Cybersecurity researchers discovered malicious npm packages, including "aes-decode-runner-pro," "postcss-minify-selector," and "postcss-minify-selector-parser," designed to deliver a Windows-based remote access trojan (RAT). Read more →
WhatsApp VBScript Campaign Installs ManageEngine RMM Tool — An active campaign is using direct messages via WhatsApp to distribute malicious VBScript files, leading to the installation of legitimate Remote Monitoring and Management (RMM) software on victims' systems. Read more →
Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data — A heap over-read vulnerability, dubbed Squidbleed, in the Squid web proxy can leak another user's cleartext HTTP requests, including credentials or session tokens, to anyone allowed to send traffic through the same proxy. Read more →