Aggregator

Onslought Also Paved Way for Rise of English-Speaking Hackers
An international law enforcement crackdown on the LockBit ransomware group caused fragmentation and distrust among Russian-speaking cybercrime groups, paving the way for English-speaking hacking groups to gain prominence, experts said Tuesday during a London conference.

BidenCash Was Notorious for Posting Free Tranches of Stolen Card Data
An online carder marketplace with a flair for publicity is now offline following a U.S. and Dutch law enforcement seizure. The site, BidenCash, began operations in March 2022, growing to 117,000 customers who facilitated the trafficking of more than 15 million payment card numbers.

Top Trump Official Touts Enforcement Wins as Firms Warn China Is Gaining Ground
Despite pushback from tech leaders like Nvidia, Commerce Secretary Howard Lutnick told Congress that expanded export controls, seizures and arrests are safeguarding U.S. innovation, as the Trump administration scraps Biden-era AI policies and targets Chinese access to chips.

Banking Sector Faces Challenges in Meeting March 2026 Compliance Deadline
The Central Bank of UAE has issued a directive asking financial institutions to eliminate weak authentication methods including SMS and email OTPs. Banks are also expected to implement real-time fraud monitoring and suspend sessions when malicious activity is detected.

The FTC's Andrew Ferguson called on Congress to update federal law to get rid of exceptions for tech firms that handle children's data.

A vulnerability was found in Git Server Plugin on Jenkins. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument command leads to path traversal. The identification of this vulnerability is CVE-2024-23899. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Philips Interventional Workspot, Coronary Tools, Dynamic Coronary Roadmap, Stentboost Live and ViewForum and classified as critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2020-27298. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in auth0 nextjs-auth0 up to 4.6.0 and classified as critical. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument Cache-Control leads to use of web browser cache containing sensitive information. This vulnerability is handled as CVE-2025-48947. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in MantisBT up to 2.3.1 and classified as problematic. This vulnerability affects unknown code of the file my_view_page.php of the component My View. The manipulation of the argument $_SERVER[PHP_SELF'] leads to cross site scripting. This vulnerability was named CVE-2017-7897. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in WSO2 Open Banking IAM, Open Banking AM, API Manager, Enterprise Mobility Manager, Identity Server, Identity Server as Key Manager and Open Banking KM. This affects an unknown part of the component SOAP Admin Services. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2024-7096. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

银狐最新免杀对抗型攻击样本分析

sh4d0wup Have you ever wondered if the update you downloaded is the same one everybody else gets or did you get a different one that was made just for you? Shadow updates are updates that...

The post sh4d0wup: Signing-key abuse and update exploitation framework appeared first on Penetration Testing Tools.

当虚拟的世界陷入危机时，现实的灯火也将熄灭。

独立行政法人情報処理推進機構（IPA）は「2024年度中小企業における情報セキュリティ対策に関する実態調査報告書」を公表しました。本報告書は、中小企業などにおけるサイバーセキュリティ対策の実態および課題などを明らかにし、中小企業などにおける規模・業種などに応じた効果の高いサイバーセキュリティ対策の分析・整理されています。

马斯克：SpaceX 今年收入将达 155 亿美元；Windsurf 称 Anthropic 限制其直接访问 Claude 模型；斥资五亿，迅雷完成收购虎扑

An AI-powered, self-hosted GitHub bot designed to detect and mitigate supply chain attacks in pull requests. SadGuard combines intelligent code analysis with executable behavior monitoring to secure your software pipeline. SadGuard was inspired by...

The post SadGuard: Dynamic Code Analysis + Supply Chain Detection Attack appeared first on Penetration Testing Tools.

曝光“资通电军”核心人物！360揪出台APT组织背后操盘手