Aggregator

A vulnerability has been found in Rising Technosoft CAP Back Office Application up to 2.0.3 and classified as problematic. This vulnerability affects unknown code of the component API Endpoint. The manipulation leads to weak password recovery. This vulnerability was named CVE-2025-29995. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Rising Technosoft CAP Back Office Application up to 2.0.3. This affects an unknown part of the component API Endpoint. The manipulation leads to weak authentication. This vulnerability is uniquely identified as CVE-2025-29994. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Rising Technosoft CAP Back Office Application up to 2.0.3. Affected by this issue is some unknown functionality of the component API Request Handler. The manipulation leads to authentication bypass using alternate channel. This vulnerability is handled as CVE-2025-29996. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Rising Technosoft CAP Back Office Application up to 2.0.3. Affected by this vulnerability is an unknown functionality of the component API Endpoint. The manipulation leads to improper control of interaction frequency. This vulnerability is known as CVE-2025-29998. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Cybersecurity researchers at Lookout Threat Lab have uncovered a sophisticated Android surveillance tool dubbed “KoSpy,” which appears to be the work of North Korean state-sponsored hackers. This newly discovered spyware has been active since March 2022, with the most recent samples detected in March 2024, indicating a long-running and persistent cyber espionage campaign. The malicious […]

The post North Korean Hackers Use Google Play Malware to Steal SMS, Calls & Screenshots appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Chris Ensor highlights some important elements of the NCSC's new Technology Assurance strategy.

Minister Ruben Brekelmans en staatssecretaris Gijs Tuinman riepen gisteren op de defensie-industrie sneller en efficiënter op te schalen. Dit deden zij tijdens een zogeheten ‘pre-event’ van de NAVO-top in Den Haag.

Latest version of the CAF focusses on clarification and consistency between areas of the CAF.

Reflecting on the positive impact of the Vulnerability Reporting Service – and introducing something new for selected contributors.

The NCSC now uses 'allow list' and 'deny list' in place of 'whitelist' and 'blacklist'. Emma W explains why...

Why organisations should avoid ‘blame and fear’, and instead use technical measures to manage the threat from phishing.

ThinkCyber's CEO Tim Ward reflects on the challenges that startups face when developing innovative products.

A sophisticated malware campaign targeting mobile users in South Korea has been uncovered, with clear links to North Korean threat actors. The malicious application, masquerading as a “Document Viewing Authentication App” (문서열람 인증 앱). This malicious app was identified through VirusTotal on January 21, 2025, and has been actively stealing sensitive information from compromised devices. […]

The post Beware of North Korean Hackers DocSwap Malware Disguised As Security Document Viewer appeared first on Cyber Security News.

Mozilla has issued an urgent warning to all Firefox users, emphasizing the need to update their browsers before a critical root certificate expires on March 14, 2025. This certificate is used to verify signed content and add-ons across various Mozilla projects, including Firefox. Failure to update to version 128 or higher (or ESR version 115.13+ […]

The post Mozilla Issues Urgent Firefox Update Warning to Prevent Add-on Failures appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

2025年2月，勒索软件攻击量创下历史新高，较去年同期增加了126%，其中Cl0p勒索软件团伙表现尤为突出。

Cybersecurity firm Bitdefender has disclosed two high-severity security vulnerabilities affecting its legacy BOX v1 device, exposing users to potential remote code execution and man-in-the-middle attacks. The vulnerabilities, identified on March 12th, 2025, affect a product that is no longer sold or supported by the company, but the disclosure demonstrates Bitdefender’s ongoing commitment to security transparency […]

The post Bitdefender Identifies Security Vulnerabilities Enabling Man-in-the-Middle Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Meta warned that a vulnerability, tracked as CVE-2025-27363, impacting the FreeType library may have been exploited in the wild. Meta warned that an out-of-bounds write flaw, tracked as CVE-2025-27363 (CVSS score of 8.1), in the FreeType library may have been actively exploited in attacks. “An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to […]