Two QNAP vulnerabilities in Qsync Central 4.5.x, CVE-2025-22482 and CVE-2025-29892, can allow remote attackers to exploit user accounts. CVE-2025-22482 involves format string exploitation, while CVE-2025-29892 relates to SQL injection. Both have been addressed in version 4.5.0.6. Users must update to this version and adopt further security measures to mitigate risks.

ClickFix Campaign Uses Fake Google Verification Page to Infect Mexican Bank Customers
A fake Google verification page is being used to infect customers of Mexican banks with a malware toolkit built for fraud, not just espionage. The


