Aggregator

Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. [...]

The resurgence of XWorm in mid-2025 marks a significant escalation in malware sophistication. After a lull following the abrupt discontinuation of official support for version 5.6 in late 2024, threat actors unveiled XWorm V6.0 on June 4, 2025. A post on hackforums.net by an account named XCoderTools first announced this release, claiming to patch a […]

The post New XWorm V6 Variant Injects Malicious Code into a Legitimate Windows Program appeared first on Cyber Security News.

Белые дыры в письмах — так теперь выглядит Outlook после отказа от SVG.

Brazilian users have emerged as the target of a new self-propagating malware dubbed SORVEPOTEL that spreads via the popular messaging app WhatsApp. The campaign, codenamed Water Saci by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is "engineered for speed and propagation" rather than data theft or ransomware. "SORVEPOTEL has

An operator known as GhostSocks advertised a novel Malware-as-a-Service (MaaS) on the Russian cybercrime forum XSS.is on October 15, 2023, promising to transform compromised devices into residential SOCKS5 proxies. The service capitalized on the inherent trust placed in residential IP addresses to bypass anti-fraud systems and avoid detection by network defenders. Early promotional posts showcased […]

The post New GhostSocks Malware-as-a-Service Enables Threat Actors to Convert Compromised Devices into Proxies appeared first on Cyber Security News.

In today’s hyperconnected digital environment, organizations face increasing threats to their online presence and reputations. From cyberattacks and phishing campaigns to data breaches and brand impersonation, businesses must actively safeguard their digital footprint. Digital footprint monitoring tools are designed to provide organizations with deep insights into risk exposure across surface web, deep web, and dark […]

The post Top 10 Best Digital Footprint Monitoring Tools For Organizations in 2025 appeared first on Cyber Security News.

Разрушить багтрекер — или спасти проект: всё зависит от того, кто за клавиатурой.

Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting

On October 15, 2023, a threat actor using the handle GhostSocks published a sales post on the Russian cybercrime forum xss[.]is advertising a novel Malware-as-a-Service (MaaS) offering. The post introduced GhostSocks, a service designed to turn compromised Windows machines into residential SOCKS5 proxies, enabling cybercriminals to bypass anti-fraud defenses and monetize infected hosts. The initial […]

The post GhostSocks Malware-as-a-Service Turns Compromised Devices into Proxies for Threat Actors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. [...]

A vulnerability has been found in Red Hat Enterprise Linux and OpenShift Container Platform and classified as critical. This affects an unknown part of the component QEMU. Performing manipulation results in use after free. This vulnerability is cataloged as CVE-2025-11234. It is possible to initiate the attack remotely. There is no exploit available.

Уязвимость нашлась не в структуре, а в самой логике системных операций.

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

Patches for the targeted vulnerabilities were released in Oracle’s July 2025 security update

Modern supply chains run on code, models, and email. The last one is still the easiest way to start a very bad day.

The post When One Phish Poisons the Pipeline: Supply Chain Phishing on the Rise appeared first on Security Boulevard.

Релиз с фокусом на кибербезопасности и единой кодовой базой.

The notorious SideWinder APT group has intensified its credential harvesting operations across South Asia, deploying sophisticated phishing campaigns that target government, defense, and critical infrastructure organizations through fake webmail portals. The campaign represents a significant escalation from the group’s August 2024 activities, which initially focused on 14 malicious webpages hosted on Netlify and pages.dev platforms. […]

The post SideWinder Hacker Group Targets Users with Fake Outlook/Zimbra Portals to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.