Welcome to this week’s Threatsday Bulletin—your Thursday check-in on the latest twists and turns in cybersecurity and hacking.
The digital threat landscape never stands still. One week it’s a critical zero-day, the next it’s a wave of phishing lures or a state-backed disinformation push. Each headline is a reminder that the rules keep changing and that defenders—whether you’re protecting a global enterprise or your own personal data—need to keep moving just as fast.
In this edition we unpack fresh exploits, high-profile arrests, and the newest tactics cybercriminals are testing right now. Grab a coffee, take five minutes, and get the key insights that help you stay a step ahead of the next breach.
-
Firmware fights back
SonicWall has released a firmware update that it said will help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. “SonicWall SMA 100 10.2.2.2-92sv build has been released with additional file checking, providing the capability to remove known rootkit malware present on the SMA devices,” the company said. “SonicWall strongly recommends that users of the SMA 100 series products (SMA 210, 410, and 500v) upgrade to the 10.2.2.2-92sv version.” The update comes after a report from Google that found a threat actor tracked as UNC6148 deploying OVERSTEP malware on end-of-life (EoL) SonicWall SMA 100 devices. SonicWall has also disclosed that expediting the end-of-support (EoS) date for all SMA 100 devices to October 31, 2025, citing “significant vulnerabilities presented by legacy VPN appliances.”
-
Texts laid bare
A permission bypass vulnerability (CVE-2025-10184, CVSS score: 8.2) has been discovered in multiple versions of OnePlus OxygenOS installed on its Android devices. The shortcoming has to do with the fact that sensitive internal content providers are accessible without permission, and are vulnerable to SQL injection. “When leveraged, the vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider (the package com.android.providers.telephony) without permission, user interaction, or consent,” Rapid7 said. “The user is also not notified that SMS data is being accessed.” Successful exploitation of the flaw could lead to the theft of sensitive information, such as multi-factor authentication (MFA) codes sent as SMS messages. The issue appears to have been introduced as part of OxygenOS 12, released in 2021. The vulnerability remains unpatched as of writing, but OnePlus has acknowledged it’s investigating the issue.
-
Stop Guessing, Start Securing
Join this session to discover why code-to-cloud visibility is fast becoming the cornerstone of modern Application Security Posture Management (ASPM). You’ll see how mapping risks from where…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
