Aggregator

看雪论坛作者ID：TeddyBe4r

抢先看！

Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025. Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S., as well as likely a state technology

Ivanti announced product enhancements across its solution pillars, empowering our customers to accelerate cloud adoption, strengthen security posture and streamline IT operations. Distributed workforce requires seamless and secure access to the applications, endpoints and data essential to every role. Ivanti’s latest product updates equip IT and security teams with the power to scale operations at their own pace, modernize security and simplify management. With these advancements, organizations can adapt to evolving threats and drive productivity … More →

The post Ivanti enhances its solutions portfolio to drive secure, scalable, and streamlined IT operations appeared first on Help Net Security.

Threat actors are increasingly targeting Azure Blob Storage, Microsoft’s flagship object storage solution, to infiltrate organizational repositories and disrupt critical workloads. With its capacity to handle exabytes of unstructured data for AI, high performance computing, analytics, media streaming, enterprise backup, and IoT ingestion, Blob Storage has become an attractive vector for sophisticated campaigns aiming to […]

The post Threat Actors Exploiting Azure Blob Storage to Breach Organizational Repositories appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Wikistories Extension up to 1.43 on Mediawiki and classified as problematic. The affected element is an unknown function. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2025-62701. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability categorized as critical has been discovered in Thanks Extension and Growth Experiments Extension 1.43 on Mediawiki. Affected is an unknown function. Executing manipulation can lead to incorrect default permissions. This vulnerability appears as CVE-2025-62661. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability described as critical has been identified in Zoho ManageEngine Endpoint Central. This issue affects some unknown processing of the component Agent Setup. The manipulation results in improper privilege management. This vulnerability is cataloged as CVE-2025-5496. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Zimbra Collaboration Suite up to 10.1.11. This affects an unknown part of the component Configuration Handler. The manipulation results in server-side request forgery. This vulnerability is reported as CVE-2025-62763. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in Academy LMS Plugin up to 3.3.7 on WordPress. This affects an unknown part of the component Social Login Addon. Performing manipulation results in improper privilege management. This vulnerability is known as CVE-2025-11086. Remote exploitation of the attack is possible. No exploit is available.

Internet Archive отметит исторический день 22 октября 2025 года.

Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or multifactor authentication (MFA) is enforced. What is OAuth and how do attackers exploit it? OAuth is an authorization protocol that lets apps connect to your account (e.g., M365) safely by using special access tokens … More →

The post Attackers turn trusted OAuth apps into cloud backdoors appeared first on Help Net Security.

A vulnerability was found in Arista EOS. It has been classified as problematic. This affects an unknown part of the component SNMP. The manipulation leads to memory leak. This vulnerability is referenced as CVE-2023-24511. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in Arista EOS and classified as problematic. Affected by this issue is some unknown functionality of the component DHCP Packet Handler. This manipulation causes denial of service. This vulnerability is tracked as CVE-2023-24510. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability identified as critical has been detected in Arista EOS. Affected by this vulnerability is an unknown functionality of the component Redundancy Handler. Performing manipulation results in improper privilege management. This vulnerability is known as CVE-2023-24509. Attacking locally is a requirement. No exploit is available.

Rubrik announced the launch of the Rubrik Agent Cloud to accelerate enterprise AI agent adoption while managing risk of AI deployments. AI transformation is now mandatory for most organizations. However, IT leaders are constrained because agentic AI has significant risks including hallucination as well as compromise by threat actors. Rubrik Agent Cloud is designed to monitor and audit agentic actions, enforce real-time guardrails for agentic changes, fine-tune agents for accuracy and, undo agent mistakes. Built … More →

The post Rubrik Agent Cloud speeds enterprise AI with built-in security and guardrails appeared first on Help Net Security.

看似坚不可摧的内存加密之墙上，小小的隙罅也能成为致命威胁

SharkStealer, a Golang-based information stealer, has been observed leveraging the Binance Smart Chain (BSC) Testnet as a covert dead-drop mechanism for command-and-control (C2) communications. By adopting an “EtherHiding” pattern, the malware retrieves encrypted C2 details from smart contracts through Ethereum RPC calls, decrypts the payload in memory, and initiates contact—all while blending in with legitimate […]

The post SharkStealer Adopts EtherHiding Technique for C2 Communication Evasion appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability described as critical has been identified in Sauter Modulo 6 Devices modu680-AS, Modulo 6 Devices modu660-AS, Modulo 6 Devices modu612-LC, EY-modulo 5 modu 5 modu524, EY-modulo 5 modu 5 modu525, EY-modulo 5 ecos 5 ecos504 and EY-modulo 5 ecos 5 ecos505 up to 3.1.x. The impacted element is an unknown function of the component Webserver API. The manipulation results in reliance on file name or extension of externally-supplied file. This vulnerability is reported as CVE-2025-41720. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.