Aggregator

Security debt ahoy: Only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it is being created all the time.

Chinese-speaking threat actors have used the PlayPraetor Remote Access Trojan (RAT) to infiltrate more than 11,000 Android devices globally in a sophisticated Malware-as-a-Service (MaaS) operation. This allows for on-device fraud (ODF) by controlling the device in real time. First investigated by Cleafy Threat Intelligence in June 2025, the campaign impersonates legitimate Google Play Store pages […]

The post Chinese Threat Actors Hack 11,000 Android Devices to Deploy PlayPraetor Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Stack Overflow 对 4.9 万名程序员的调查发现，2025 年八成开发者在工作流程中使用 AI 辅助编程工具，但开发者对其准确性的信任度从前几年的 40% 降至今年的 29%。45% 的受访者认为，AI 辅助编程工具最让他们不满的地方是“解决方案几乎正确但并不完全正确”，相比输出明显错误的答案，几乎正确但不完全正确的答案可能会在程序中引入隐藏的 bug 或者其它难以识别需要时间解决的问题。逾三分之一的开发者表示他们如今访问 Stack Overflow 部分是为了寻找 AI 相关的问题。大模型的问题不可能完全解决，因为这是其工作原理决定的。开发者仍然使用大模型的原因包括经理要求他们使用，以及 AI 工具仍然有用但不能被误用。

A vulnerability, which was classified as problematic, was found in Zoom Workplace App and Meeting SDK up to 6.2.x on iOS. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-0150. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple macOS up to 13.6/14.6/15.5. Affected is an unknown function of the component File Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-43239. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS up to 13.6/14.6/15.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Restrictions Handler. The manipulation leads to sandbox issue. This vulnerability is known as CVE-2025-43241. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple macOS up to 15.5. This affects an unknown part of the component App. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-43235. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

Makers of the period tracking app Flo agreed to settle with plaintiffs in a suit alleging that millions of users' data was improperly shred with Meta.

CMS识别 SharePoint

CMS、WhatCMS、CmsInfo等，Cobalt Strike下用法一致，输入URL，仅识别URL对应指纹，输入非URL时，会探测常见cve-2025-53770网站、网络

Хакеры уже вовсю штудируют код — кто сумеет забрать главный приз?

A vulnerability was found in JPortal Web Portal 2.3.1. It has been classified as critical. Affected is an unknown function of the file banner.inc.php of the component Web Portal. The manipulation of the argument haslo leads to sql injection. This vulnerability is traded as CVE-2005-1071. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Just William Amazon Webstore. This affects an unknown part of the file closeup.php. The manipulation of the argument currentNumber leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2005-1403. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in JPortal Jportal Web Portal 2.2.1. Affected by this vulnerability is an unknown functionality of the file banner.php. The manipulation of the argument ID leads to sql injection. This vulnerability is known as CVE-2005-3509. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in jportal 2.3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/down.inc.php. The manipulation leads to sql injection. This vulnerability is known as CVE-2005-3052. The attack can be launched remotely. Furthermore, there is an exploit available.

San Francisco, California, 1st August 2025, CyberNewsWire

San Francisco, California, 1st August 2025, CyberNewsWire

The post Comp AI secures $2.6M pre-seed to disrupt SOC 2 market appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in NVIDIA Omniverse Launcher on Windows/Linux. This affects an unknown part. The manipulation leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2025-23289. Attacking locally is a requirement. There is no exploit available.

A vulnerability classified as critical has been found in Linux Kernel up to 6.3. Affected is the function smb2_sess_setup of the file fs/ksmbd/smb2pdu.c of the component ksmbd. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2023-32251. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in BerqWP Plugin up to 2.2.42 on WordPress. It has been rated as critical. Affected by this issue is the function store_javascript_cache of the file store_javascript_cache.php. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-7443. The attack may be launched remotely. There is no exploit available.

Staff Software Engineer Johnny Goodnow shares his thoughts on the problem Tonic is tackling, the engineering challenges it entails, and the team taking it on—and how these three key ingredients translate into energizing, impactful work.

The post Why I joined Tonic.ai: A software engineer’s perspective appeared first on Security Boulevard.