Aggregator

A sophisticated new phishing campaign targeting Gmail users through a multi-layered attack that uses legitimate Microsoft Dynamics infrastructure to bypass security measures and steal login credentials. The attack begins with deceptive “New Voice Notification” emails that appear to come from legitimate voicemail services. These emails contain spoofed sender information and feature prominent “Listen to Voicemail” […]

The post New Gmail Phishing Attack With Weaponized Login Flow Steals Credentials appeared first on Cyber Security News.

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. [...]

Microsoft recently revealed that it's currently enhancing protection against dangerous file types and malicious URLs in Teams chats and channels. [...]

Security researchers have uncovered four serious vulnerabilities in ImageMagick, one of the world’s most widely used open-source image processing software suites, potentially exposing millions of users to security risks. The vulnerabilities, discovered by researcher “urban-warrior” and published three days ago, include two high-severity flaws that could allow attackers to execute malicious code through specially crafted […]

The post Multiple ImageMagick Vulnerabilities Cause Memory Corruption and Integer Overflows appeared first on Cyber Security News.

Rotherham hacker Al-Tahery Al-Mashriky jailed for 20 months after global cyberattacks, stealing millions of logins and targeting government…

F5 Networks has disclosed a new HTTP/2 vulnerability affecting multiple BIG-IP products that could allow remote attackers to launch denial-of-service attacks against corporate networks. The security flaw, designated CVE-2025-54500 and dubbed the “HTTP/2 MadeYouReset Attack,” was published on August 13, 2025, with updates released on August 15. The vulnerability exploits malformed HTTP/2 control frames to […]

The post F5 Fixes HTTP/2 Vulnerability Enabling Massive DoS Attacks appeared first on Cyber Security News.

Researchers at Hunt.io have made a significant discovery in the cybersecurity field by obtaining and analyzing the complete source code of ERMAC V3.0. This advanced Android banking trojan targets over 700 financial applications worldwide. This unique insight into an active malware-as-a-service platform offers a valuable understanding of modern cybercriminal operations and highlights critical vulnerabilities that could assist […]

The post ERMAC v3.0 Banking Malware Source Code Exposed via Weak Password ‘changemeplease’ appeared first on Cyber Security News.

数据显示，今年前七个月电动汽车销量逾 1070 万辆，同比增长 27%。其中中国销量 650 万辆同比增长 29%， 欧洲 230 万辆增长 30%，北美 100 万辆增长 2%，其它地区总销量 90 万辆增长 42%。欧洲地区的德国、英国和意大利销量都有强劲增长，欧洲地区的纯电增长 30% 插电混动增长 32%。美国的电动汽车市场则因为政策阻力而销售疲软。

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.39/6.15.7. Impacted is the function rtnl_lock of the component virtio-net. Performing manipulation results in deadlock. This vulnerability is identified as CVE-2025-38551. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This issue affects the function cifs_oplock_break of the component smb. Such manipulation leads to use after free. This vulnerability is referenced as CVE-2025-38527. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.15.7. This vulnerability affects the function local_bh_enable of the file kernel/softirq.c. This manipulation causes stack-based buffer overflow. The identification of this vulnerability is CVE-2025-38525. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This affects the function bpf_trace_printk in the library lib/vsprintf.c of the component bpf. The manipulation of the argument fmt[] results in format string. This vulnerability was named CVE-2025-38528. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.99/6.12.39/6.15.7. Affected by this issue is the function ice_lag_is_switchdev_running. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-38526. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.6.99/6.12.39/6.15.7. Affected by this vulnerability is the function user_mutex of the file net/rxrpc/recvmsg.c. Executing manipulation can lead to race condition. This vulnerability is handled as CVE-2025-38524. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.15.7. Affected is the function update_locked_rq. Performing manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-38522. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.15.6. This impacts the function vcc_destroy_socket of the component atm. Such manipulation leads to memory leak. This vulnerability is traded as CVE-2025-38546. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.38/6.15.6. It has been rated as problematic. This affects the function netdev_alloc_ip_align. This manipulation causes allocation of resources. This vulnerability appears as CVE-2025-38545. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.38/6.15.6. It has been declared as critical. The impacted element is the function mt7925_thermal_init of the component wifi. The manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-38541. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.35/6.15.7. It has been classified as critical. The affected element is the function copy_to_iter of the component cifs. The manipulation leads to buffer overflow. This vulnerability is documented as CVE-2025-38523. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.6.100/6.12.39/6.15.7 and classified as problematic. Impacted is an unknown function of the component mptcp. Executing manipulation can lead to state issue. This vulnerability is registered as CVE-2025-38552. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.