Aggregator

Её придумали для удобства, а она дала полный доступ киберпреступникам.

Synology has issued an urgent security advisory addressing critical vulnerabilities in its BeeDrive desktop application for Windows that could allow attackers to execute malicious code and delete arbitrary files. The company disclosed three separate Common Vulnerabilities and Exposures (CVE) identifiers on July 22, 2025, all classified with “Important” severity ratings, prompting immediate user action to […]

The post Synology BeeDrive for Desktop on Windows Vulnerabilities Let Hackers Run Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Remote Monitoring and Management (RMM) software has long been the silent partner of help-desk engineers, automating patch cycles and troubleshooting sessions across sprawling enterprises. Over the past year, however, the same remote consoles have been quietly repurposed by ransomware gangs that crave the built-in trust, elevated privileges, and encrypted tunnels these tools provide. By masquerading […]

The post Ransomware Gangs Leveraging RMM Tools to Attack Organizations and Exfiltrate Data appeared first on Cyber Security News.

Нажимаешь в поиске “узнать цену” — и бот уже общается с администратором вместо тебя.

A sophisticated new variant of the macOS.ZuRu malware, originally identified in 2021, has resurfaced, employing a trojanized version of the Termius SSH client to deploy a modified Khepri command-and-control (C2) beacon. This iteration, detected in late May 2025, demonstrates advanced evasion techniques aimed at developers and IT professionals, facilitating persistent remote access while circumventing macOS […]

The post New ZuRu Malware Variant Targets macOS via Termius SSH Exploit appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ANY.RUN’s services processes data on current threats daily, including attacks affecting supply chains. In this case study, we analyze examples of DHL brand abuse. The company is a leading global logistic operator, and attackers exploit its recognition to send phishing emails, potentially targeting its partners.   We will demonstrate how ANY.RUN’s solutions can be used to […]

The post Beating Supply Chain Attacks: DHL Impersonation Case Study   appeared first on ANY.RUN's Cybersecurity Blog.

The Clorox Company, a leading household goods manufacturer, has filed a $380 million lawsuit against IT services provider Cognizant Technology Solutions. The lawsuit accuses Cognizant’s help-desk agents of inadvertently providing hackers with access to Clorox’s network during a security breach in August 2023. This intrusion severely disrupted operations and led to months of product shortages. […]

The post Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers appeared first on Cyber Security News.

The individual is accused of numerous illicit cybercrime and ransomware activities that have generated at least $7m in profit

New York Gov. Kathy Hochul unveiled proposed cyber regulations for the state's water sector intended to fend off increasing threats to public infrastructure from hackers.

One or more vulnerabilities affecting Cisco Identity Services Engine (ISE) are being exploited in the wild, Cisco has confirmed by updating the security advisory for the flaws. About the vulnerabilities The three vulnerabilities affect Cisco’s Identity Services Engine (ISE) – a network security policy and access control system for enterprises – and Cisco ISE Passive Identity Connector (ISE-PIC), which is a lightweight identity service that allows Cisco ISE to passively gather user identity information. CVE-2025-20281 … More →

The post Maximum severity Cisco ISE vulnerabilities exploited by attackers appeared first on Help Net Security.

Он не сверяет фото и не просит документы, но абсолютно точно знает, кто ты такой.

经公安部计算机信息系统安全产品质量监督检验中心检测，33款移动应用存在违法违规收集使用个人信息情况，具体通报如下……

近日，中国信息通信研究院泰尔终端实验室、技术与标准研究所联合发布《移动互联网应用程序（APP）风险分类分级指南（2025年）》。

在数字化浪潮席卷全球的当下，网络已深度融入人们生活的方方面面。随之而来的是严峻的网络安全挑战，其中身份的安全性与便捷性问题尤为突出。为应对这一挑战，国家网络身份认证公共服务应运而生，成为保障个人身份安全、推动数字经济健康发展的关键力量。

增强全民网络安全意识具有重要性与紧迫性。深入分析当前网络安全形势，为增强网络安全意识提出合适的对策建议，对深入推进国家网络安全治理相关问题研究具有参考意义。

The French employment agency’s partner web portal has been accessed by a malicious actor

Currently trending CVE - Hype Score: 15 - The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

The ringleader of the Jetflicks illegal paid streaming operation, a massive service with tens of thousands of subscribers, was sentenced to seven years in prison. [...]

Просто отправь запрос — и ты уже root.