Aggregator

Hackers are posing as Empire podcast hosts, tricking crypto influencers and developers with fake interview invites to deliver macOS AMOS Stealer malware.

SonicWall has alerted its customers to reset all login credentials after a recent leak exposed firewall configuration backups. The vendor emphasizes three critical stages—containment, remediation, and monitoring—to minimize risk and restore secure access. Users should follow each stage in order, beginning with containment to block further exposure, proceeding to remediation to reset passwords and shared […]

The post SonicWall Advises Users to Reset Logins After Config Backup Leak appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Luca Deri ntop 2.0. It has been rated as critical. The impacted element is the function syslog of the component TraceEvent Handler. This manipulation causes format string. This vulnerability is tracked as CVE-2002-0412. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is advised.

A vulnerability described as problematic has been identified in Endymion Mailman Webmail up to 3.0. Affected by this issue is some unknown functionality of the file mmstdo*.cgi. The manipulation of the argument ALTERNATE_TEMPLATES results in path traversal. This vulnerability is reported as CVE-2002-0417. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Endymion Sake Mail up to 1.0.36. This affects an unknown part of the component Servlet Handler. This manipulation of the argument param_name causes path traversal. This vulnerability appears as CVE-2002-0418. The attack may be initiated remotely. There is no available exploit.

A vulnerability categorized as problematic has been discovered in ReBB 1.0. This affects an unknown function of the component IMG Tag Handler. Such manipulation leads to basic cross site scripting. This vulnerability is listed as CVE-2002-0413. The attack may be performed from remote. In addition, an exploit is available.

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows systems. "SilentSync is capable of remote command execution, file exfiltration, and screen capturing," Zscaler ThreatLabz's Manisha Ramcharan Prajapati and Satyam Singh said. "SilentSync also extracts

Как библиотека x86-simd-sort осиротела и быстро нашла новую семью.

A newly discovered phishing campaign is exploiting Facebook’s external URL warning feature to dupe users into handing over their login credentials. By abusing Facebook’s “You’re about to leave Facebook” redirect mechanism, attackers can conceal malicious URLs behind the social media giant’s official domain and graphic style—making the lure appear bona fide even to cautious users. […]

The post Hackers Target Facebook Accounts in Latest Phishing Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

AI’s growing role in enterprise environments has heightened the urgency for Chief Information Security Officers (CISOs) to drive effective AI governance. When it comes to any emerging technology, governance is hard – but effective governance is even harder. The first instinct for most organizations is to respond with rigid policies. Write a policy document, circulate a set of restrictions, and

A vulnerability was found in Huawei HarmonyOS 5.0.0 and classified as critical. Affected is an unknown function of the component Print Module. Executing manipulation can lead to improper access controls. This vulnerability is registered as CVE-2025-46593. The attack needs to be launched locally. No exploit is available.

A vulnerability labeled as critical has been found in Huawei HarmonyOS and EMUI. Affected is an unknown function of the component Notepad Module. Executing manipulation can lead to improper privilege management. This vulnerability is handled as CVE-2024-42036. It is possible to launch the attack on the local host. There is not any exploit available.

A vulnerability classified as problematic has been found in Huawei HarmonyOS 5.0.0. This affects an unknown function of the component VPN Module. This manipulation causes denial of service. This vulnerability appears as CVE-2024-51513. The attack requires local access. There is no available exploit.

A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been rated as problematic. This affects an unknown part of the component Image Decoding Module. This manipulation causes denial of service. The identification of this vulnerability is CVE-2024-54107. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as problematic has been discovered in Huawei HarmonyOS 5.0.0. This vulnerability affects unknown code of the component Image Decoding Module. Such manipulation leads to denial of service. This vulnerability is referenced as CVE-2024-54108. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in RURBAN Cpanel::JSON::XS up to 4.39 on Perl and classified as critical. This vulnerability affects unknown code. This manipulation causes heap-based buffer overflow. This vulnerability is registered as CVE-2025-40929. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, has been found in HPE Aruba Networking ClearPass Policy Manager up to 6.11.12/6.12.5. This impacts an unknown function of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-37122. The attack may be initiated remotely. There is no available exploit.

关键词安全漏洞Jenkins 发布了关键更新，修复了四个安全漏洞，这些漏洞可能被未经认证或低权限的攻击者利用，

关键词恶意软件2025年9月17日，安全研究团队 Point Wild 下属的 Lat61 威胁情报小组披露了

关键词勒索软件德国豪华汽车制造商 宝马集团（BMW Group） 被 Everest 勒索软件组织 在暗网泄露