Aggregator

Blue Shield of California disclosed it suffered a data breach after exposing protected health information of 4.7 million members to Google's analytics and advertisement platforms. [...]

In a disturbing trend, cybercriminals, predominantly from Chinese underground networks, are exploiting Near Field Communication (NFC) technology to perpetrate large-scale fraud at ATMs and Point-of-Sale (POS) terminals. According to cyber threat intelligence analysts at Resecurity, numerous banks, FinTech companies, and credit unions have reported a surge in NFC-related fraud in Q1 2025, with damages exceeding […]

The post Hackers Exploit NFC Technology to Steal Money from ATMs and POS Terminals appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, has been found in Mang Board WP Plugin up to 1.8.6 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument board_header/board_footer leads to cross site scripting. This vulnerability is handled as CVE-2025-3435. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in ImageMagick up to 7.1.1-43. Affected by this vulnerability is an unknown functionality of the component MIFF Image Handler. The manipulation of the argument packet_size leads to incorrect calculation of buffer size. This vulnerability is known as CVE-2025-46393. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in ImageMagick up to 7.1.1-43. Affected is the function SetQuantumFormat of the component MIFF Image Handler. The manipulation leads to incorrect calculation of buffer size. This vulnerability is traded as CVE-2025-43965. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenda AC9 15.03.05.14_multi. It has been rated as critical. This issue affects some unknown processing of the file /goform/WifiWpsStart. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-45429. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Tenda AC9 15.03.05.14_multi. It has been declared as critical. This vulnerability affects unknown code of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. This vulnerability was named CVE-2025-45428. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Tenda AC9 1.0/15.03.05.14. It has been classified as critical. This affects an unknown part of the file /goform/WifiBasicSet. The manipulation of the argument Security leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-45427. It is possible to initiate the attack remotely. There is no exploit available.

Bacon Redux: Pig butchering and other serious scams still thriving, despite crackdowns in Dubai and Myanmar

The post Asian Scam Farms: ‘Industrial Scale,’ Warns UN Report appeared first on Security Boulevard.

Currently trending CVE - Hype Score: 1 - PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using ...

Currently trending CVE - Hype Score: 2 - An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for ...

Currently trending CVE - Hype Score: 1 - In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the ...

The FBI says cybercriminals have stolen a record $16,6 billion in 2024, marking an increase in losses of over 33% compared to the previous year. [...]

In a concerning trend for cybersecurity, multiple threat actors, including ransomware groups and state-sponsored entities, are utilizing a malicious traffic distribution system (TDS) known as TAG-124 to optimize the delivery of malware payloads to high-value targets. According to research by Insikt Group from Recorded Future, TAG-124 operates similarly to legitimate TDSs used in online advertising, […]

The post Threat Actors Leverage TAG-124 Infrastructure to Deliver Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Unit 42’s 2025 Global Incident Response Report, ransomware actors are intensifying their cyberattacks, with 86% of incidents causing significant business disruptions such as operational downtime and reputational damage. Cybercriminals are adopting increasingly sophisticated and deceptive strategies to maximize the impact of their attacks and coerce organizations into paying hefty ransoms. A notable trend includes threat […]

The post Ransomware Actors Ramp Up Attacks Organizations with Emerging Extortion Trends appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

After a 180% rise in last year’s report, the exploitation of vulnerabilities continues to grow, now accounting for 20% of all breaches

Group-IB’s High-Tech Crime Trends Report 2025 reveals a sharp 22% surge in phishing websites, with over 80,000 detected in 2024. Among the most concerning discoveries is a sophisticated SMS phishing campaign targeting users of a toll road service provider, active since late 2023. This operation, uncovered by Group-IB researchers, employs advanced technical strategies to deceive […]

The post New SMS Phishing Attack Weaponizes Google AMP Links to Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Script-based malware is malicious software written in scripting languages like JavaScript, Python, PowerShell, or VBScript. Unlike traditional malware that relies on compiled executables, script-based malware leverages scripts that execute as human-readable code interpreted at runtime  Scripts have become increasingly popular in recent years: they effectively evade traditional endpoint detection and are easy to modify and […]

The post How Script-based Malware Attacks Work: Modern Examples  appeared first on Cyber Security News.

Cybersecurity firm Volexity has tracked a series of highly targeted attacks by suspected Russian threat actors, identified as UTA0352 and UTA0355. It exploits Microsoft 365 (M365) OAuth 2.0 authentication workflows to compromise accounts of individuals at non-governmental organizations (NGOs), think tanks, and human rights groups, particularly those focused on Ukraine. Sophisticated Social Engineering Tactics Unveiled […]

The post Russian Hackers Exploit Microsoft OAuth 2.0 to Target Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.