Aggregator

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

Operation Checkmate Disrupts One of the Large Russian-Speaking Ransomware Groups
An international law enforcement operation has disrupted BlackSuit, a ransomware group tied to hundreds of victims and ransom demands that exceeded half a billion dollars. The takedown occurred as security experts tracked the rise of a new group called Chaos, which may be a BlackSuit rebrand.

Attackers Stole US Customer Data Using Social Engineering
A malicious actor breached a customer relationship management platform used by Allianz Life Insurance of North America on July 16 and stole personally identifiable information of most of its 1.4 million U.S. customers, financial professionals and some employees, the company said.

Lawsuit Claims BJC Health Shared Patient Info From MyChart Portal Without Consent
A Missouri healthcare system has agreed to pay up to $9.25 million to settle a proposed class action lawsuit alleging that its use of online tracking tools in its patient portals transmitted sensitive patient information to third-party firms without the patients' knowledge or consent.

SaaS Enhancements Aim to Boost Network Detection, Response for Small Security Teams
Corelight’s SaaS platform Investigator is designed to bring scalable network detection and response to smaller security teams. CEO Brian Dye says Gen AI workflows and enriched network context help defenders identify threats faster and with greater confidence than ever.

Operation Checkmate Disrupts One of the Large Russian-Speaking Ransomware Groups
An international law enforcement operation has disrupted BlackSuit, a ransomware group tied to hundreds of victims and ransom demands that exceeded half a billion dollars. The takedown occurred as security experts tracked the rise of a new group called Chaos, which may be a BlackSuit rebrand.

Attackers Stole US Customer Data Using Social Engineering
A malicious actor breached a customer relationship management platform used by Allianz Life Insurance of North America on July 16 and stole personally identifiable information of most of its 1.4 million U.S. customers, financial professionals and some employees, the company said.

Lawsuit Claims BJC Health Shared Patient Info From MyChart Portal Without Consent
A Missouri healthcare system has agreed to pay up to $9.25 million to settle a proposed class action lawsuit alleging that its use of online tracking tools in its patient portals transmitted sensitive patient information to third-party firms without the patients' knowledge or consent.

SaaS Enhancements Aim to Boost Network Detection, Response for Small Security Teams
Corelight’s SaaS platform Investigator is designed to bring scalable network detection and response to smaller security teams. CEO Brian Dye says Gen AI workflows and enriched network context help defenders identify threats faster and with greater confidence than ever.

The cybercriminal landscape has witnessed a dramatic shift with the emergence of sophisticated malware-as-a-service (MaaS) platforms targeting Android devices. Criminal enterprises no longer require extensive technical expertise to deploy advanced mobile threats, as ready-to-use malware kits are now available for subscription fees as low as $300 per month. This democratization of cybercrime tools has transformed […]

The post Renting Android Malware With 2FA Interception, AV Bypass is Getting Cheaper Now appeared first on Cyber Security News.

The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members. [...]

The Atomic macOS Stealer (AMOS) has undergone a significant evolution, transforming from a traditional information stealer into a sophisticated persistent threat capable of maintaining long-term access to compromised macOS systems. This development marks a critical escalation in the malware’s capabilities, enabling attackers to execute remote commands and deploy additional payloads beyond its original data theft […]

The post Atomic macOS Stealer Comes With New Backdoor to Enable Remote Access appeared first on Cyber Security News.

The findings are part of a growing list of instances where “agentic” AI software has taken actions that are more akin to a malicious hacker than a helpful AI assistant. 

The post Researchers flag flaw in Google’s AI coding assistant that allowed for ‘silent’ code exfiltration  appeared first on CyberScoop.

Currently trending CVE - Hype Score: 10 - tj-actions/branch-names is a Github actions repository that contains workflows to retrieve branch or tag names with support for all events. In versions 8.2.1 and below, a critical vulnerability has been identified in the tj-actions/branch-names' GitHub Action workflow which ...

Currently trending CVE - Hype Score: 14 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's ...

Currently trending CVE - Hype Score: 28 - A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

Currently trending CVE - Hype Score: 1 - NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data ...

Currently trending CVE - Hype Score: 1 - CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

Currently trending CVE - Hype Score: 1 - Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Currently trending CVE - Hype Score: 25 - Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update ...