The Tanzeem app update triggers a fake chat page that can dupe users into granting invasive permissions. The app seeks permissions to access contact, call log, location, account information, and conduct external storage file exfiltration activities, according to an analysis by Cyfirma.

Ivanti patches serious Connect Secure flaw
Ivanti has patched a critical flaw in its Connect Secure VPN reportedly exploited by Chinese state-backed actors. Identified as CVE-2025-22457, the buffer overflow vulnerability was