Aggregator

The Django development team has issued critical security updates to address a high-severity vulnerability that could allow attackers to execute malicious SQL code on web servers using the popular framework. The flaw, identified as CVE-2025-57833, affects multiple versions of Django, prompting an urgent call for all users to upgrade their installations as soon as possible. […]

The post Django Critical Vulnerability Let attackers Execute Malicious SQL Code on Web Servers appeared first on Cyber Security News.

ИИ-помощник сам сливает пользователей хакерам.

ESET Research has identified a new threat group called GhostRedirector. In June 2025, this group broke into at least 65 Windows servers, mostly in Brazil, Thailand, Vietnam, and the United States. Countries where GhostRedirector victims were detected (Source: ESET) GhostRedirector used two custom tools that had not been documented before: a passive C++ backdoor called Rungan and a malicious IIS module called Gamshen. The group is very likely linked to China. Rungan can run commands … More →

The post New threat group uses custom tools to hijack search results appeared first on Help Net Security.

Elevate OT Cyber Skills Through Training, Collaboration and Practice
Operational technology incidents can have physical as well as digital consequences, from halting plant production to endangering lives. Training tailored to OT security is essential for protecting critical systems while maintaining operational continuity.

Most B2B companies build cybersecurity programs backwards - starting with compliance instead of real security. Learn why this approach fails and how fractional CISO services can help you build effective security that actually prevents breaches while achieving compliance.

The post Why Compliance-First Cybersecurity Programs Fail (And What Actually Works) appeared first on Security Boulevard.

ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results

The United States government has announced a reward of up to $10 million for information leading to the identification or location of three Russian intelligence officers. The bounty, offered through the Department of State’s Rewards for Justice program, targets members of the Russian Federal Security Service (FSB) accused of conducting widespread malicious cyber campaigns against […]

The post US Offers $10M Bounty For FSB Hackers Who Exploited Cisco Vulnerability To Attack Critical Infrastructure appeared first on Cyber Security News.

A new Cobalt study finds healthcare organizations among the slowest at resolving serious vulnerabilities

A critical zero-day vulnerability in several Sitecore products could allow attackers to execute code remotely. The vulnerability, identified as CVE-2025-53690, stems from a ViewState deserialization flaw and is being actively exploited in the wild. The investigation by Mandiant revealed that attackers are leveraging exposed ASP.NET machine keys that were included in Sitecore deployment guides from […]

The post Google Warns of Zero-Day Vulnerability in Sitecore Products Allowing Remote Code Execution appeared first on Cyber Security News.

Камеры следят за вами, даже когда вы не в Zoom.

Экологи предложили способ решить две проблемы одним “выстрелом”.

The U.S. government has unveiled a $10 million reward for information leading to the arrest of three Russian FSB officers.  The officers are accused of carrying out cyberattacks on U.S. critical infrastructure and exploiting Cisco network equipment. This public notice aims to raise awareness and encourage anyone with useful information to come forward. According to […]

The post US Announces $10M Bounty on FSB Hackers Behind Cisco Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Django development team has issued security updates after discovering a high-severity SQL injection flaw in the FilteredRelation feature. This flaw could allow attackers to run harmful database commands by crafting unexpected query parameters. Users running Django 5.2, 5.1, or 4.2 should upgrade immediately to protect their applications. Web Vulnerability Details Django’s FilteredRelation feature helps developers write […]

The post Django Web Vulnerability Allows Attackers to Execute SQL Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability marked as problematic has been reported in Akinsoft e-Mutabakat up to 2.02.05. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13071. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Akinsoft e-Mutabakat up to 2.02.05. Affected is an unknown function. Executing manipulation can lead to improper restriction of excessive authentication attempts. This vulnerability is handled as CVE-2025-2417. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Vaadin Framework and vaadin-upload-flow. This impacts an unknown function. Performing manipulation results in improper input validation. This vulnerability is known as CVE-2025-9467. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

Chinese state-sponsored Advanced Persistent Threat (APT) groups have escalated their cyber espionage campaigns, systematically targeting global telecommunications, government, and military networks through sophisticated router exploitation techniques since 2021. Since at least 2021, Chinese state-sponsored cyber actors have been conducting extensive, stealthy operations to infiltrate and control key network devices across critical sectors worldwide. These malicious […]

The post Chinese APT Groups Exploit Router Flaws to Breach Enterprises appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

根据国家信息安全漏洞库（CNNVD）统计，2025年8月采集安全漏洞3628个。

Censys Inc., the developer of the eponymous internet-mapping tool, has warned of attempts by government entities to exploit

The post Censys Reveals Governments Are Exploiting Its Research Program appeared first on Penetration Testing Tools.