Aggregator

Wireshark снова доказал, почему он остаётся незаменимым в мире сетевой безопасности.

A critical vulnerability in TeleMessageTM SGNL, an enterprise messaging platform modeled after Signal, is being actively exploited by threat actors to steal passwords and sensitive data from government agencies and enterprises. The flaw, tracked as CVE-2025-48927, was added to CISA’s Known Exploited Vulnerabilities catalog on July 14th, indicating widespread exploitation in the wild. Vulnerability Details […]

The post Signal App Clone Vulnerability Actively Exploited for Password Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an eleventh-hour reprieve saved the day. While CVEs do not encompass the full scope of network security issues, they are still a critical component to track as part of a security program. Over the last 25 years, the CVE program has evolved into a critical, shared, and global … More →

The post Why we must go beyond tooling and CVEs to illuminate security blind spots appeared first on Help Net Security.

PsMapExec 是一款专为 Windows 环境设计的 PowerShell 原生横向移动工具，支持 WinRM、SMB 和 RDP 协议，提供模块化功能如凭证喷洒、枚举和远程命令执行。它轻量灵活，适合内部渗透测试和快速横向移动操作。

7月16日，影石创新科技股份有限公司与四叶草安全正式签署战略合作协议。

即使Huntress观察到针对其客户的失败攻击，黑客也可能会扫描可访问的Wing FTP实例，并试图利用易受攻击的服务器。因此，强烈建议相关公司尽快升级到该产品的7.4.4版本。

A vulnerability was found in LoginPress Pro Plugin up to 5.0.1 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality of the component OAuth Provider. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2025-7444. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Broadcom Brocade ASCG up to 3.2.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to inadequate encryption strength. This vulnerability is known as CVE-2025-7398. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Broadcom Brocade ASCG up to 3.2.x. It has been classified as problematic. Affected is an unknown function of the component Command Line Interface. The manipulation leads to cleartext storage of sensitive information. This vulnerability is traded as CVE-2025-7397. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in NVIDIA Jetson Orin, IGX Orin and Xavier on Linux and classified as critical. This issue affects some unknown processing of the component UEFI Management Mode. The manipulation leads to missing report of error condition. The identification of this vulnerability is CVE-2025-23270. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Broadcom Brocade ASCG up to 3.2.x and classified as problematic. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to sensitive information in log files. This vulnerability was named CVE-2025-6391. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in NVIDIA Jetson Orin and Xavier on Linux. This affects an unknown part of the component Kernel. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-23269. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

一项新研究披露，一种基于全球安卓智能手机的地震检测和预警系统能够实时检测地震活动并发出可拯救生命的预警，其效用堪比传统的地震监测网络。许多地震多发国家缺乏地震预警基础设施。智能手机在全球的广泛使用为感测和发送地震警报创建了强大的平台。虽然智能手机中的传感器不如传统地震监测台站的传感器精确，但它们仍然能在强震期间感测地面的震动。安卓地震预警（AEA）功能以默认方式内置于安卓手机，该手机约占全球智能手机用户中的 7 成。在运行的头 3 年（2021-2024 年）中，该 AEA 系统在 98 个国家中平均每月可检测到 312 次地震，震级范围在 1.9 级到最高的 7.8 级之间。对于震级在 4.5 级或以上的地震，该系统向用户发出的警报每月约为 60 次，总计 1800 万次。AES 用户的反馈显示，85% 的警报接收者感受到了地震，其中 36% 是在地面震动开始前收到警报的，28% 是在震动期间收到警报的，23% 则是在震动之后收到警报的。研究人员认为其效用可与已建立的地震监测系统媲美。

Теперь он может самостоятельно выполнять задачи от анализа до оформления презентаций.

The Internet Systems Consortium (ISC) has disclosed two critical security vulnerabilities in BIND 9, one of the most widely used DNS software implementations worldwide. Published on July 16, 2025, these vulnerabilities could allow attackers to poison DNS caches and disrupt DNS resolution services, potentially affecting millions of internet users and organizations globally. Critical Security Flaws […]

The post BIND 9 Vulnerabilities Enable Cache Poisoning and Service Disruption appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability in Microsoft Entra ID allows attackers to escalate privileges to the Global Administrator role through the exploitation of first-party applications.  The vulnerability, reported to Microsoft Security Response Center (MSRC) in January 2025, affects organizations using hybrid Active Directory environments with federated domains. Key Takeaways1. Attackers with certain admin or app permissions can […]

The post Microsoft Entra ID Vulnerability Let Attackers Escalate Privileges to Global Admin Role appeared first on Cyber Security News.

Netflix 正式开始着手制作《刺客信条》真人剧集，双方是在约五年前商谈合作。真人剧集的主创和执行制作人为 Roberto Patino 和 David Wiener。Roberto Patino 此前制作了 HBO Max 迷你剧《DMZ》，担任过 Robert De Niro 主演剧集《Zero Day》的编剧和联合执行制作人，参与了《Westworld》和《Sons of Anarchy》等剧集。David Wiener 担任过《Halo》第二季以及《Brave New World》的制作人，为《Fear the Walking Dead》和《Homecoming》写过剧本。Ubisoft Film & Television 的 Gerard Guillemot、Margaret Boykin 和 Austin Dill 也将担任联合制作人。《刺客信条》系列是最畅销的游戏系列之一，2007 年至今共售出逾 2.3 亿份拷贝，主线作品已推出 14 部，最新一部是今年初发布的以日本为背景的《刺客信条：影》。真人剧集的剧情将围绕两个神秘派系的秘密战争展开，一派试图通过控制和操纵决定人类的未来，另一派则致力于维护自由意志。

Security researchers have uncovered a critical vulnerability in Microsoft Entra ID that allows attackers to escalate privileges and gain Global Administrator access, potentially compromising entire organizational environments. This flaw represents a significant security risk for enterprises relying on Microsoft’s cloud identity and access management platform. Security Vulnerability Details The discovered vulnerability in Microsoft Entra ID […]

The post Microsoft Entra ID Flaw Enables Privilege Escalation to Global Admin appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In this Help Net Security interview, Galal Ibrahim Maghola, former Head of Cybersecurity at G42 Company, discusses strategic approaches to implementing DevSecOps at scale. Drawing on experience in regulated industries such as finance, telecom, and critical infrastructure, he offers tips on ownership models, automation, and compliance. His approach focuses on collaborative practices that balance speed, security, and developer productivity. How do you recommend companies structure ownership of DevSecOps? Should security teams drive it, or is … More →

The post Making security and development co-owners of DevSecOps appeared first on Help Net Security.