Aggregator

A vulnerability classified as problematic was found in Discourse up to 3.3.3/3.4.0.beta4. This vulnerability affects the function add_users_to_channel. The manipulation leads to race condition. This vulnerability was named CVE-2025-24808. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

AI is now part of the botnet. See how it’s powering ATOs and fake accounts, and why real-time, multi-layered detection is the only way to fight back.

The post How AI is Fueling ATOs & Fake Account Creation—And Why Bot Detection Needs to Evolve appeared first on Security Boulevard.

Two critical vulnerabilities have been identified in widely used software: CrushFTP and Next.js. CrushFTP, a file transfer solution, contains a vulnerability allowing unauthorized access through standard web ports, bypassing security measures.  Additionally, Next.js, a popular React framework, suffers from CVE-2025-29927, which enables attackers to circumvent authorization checks in middleware.  Both vulnerabilities pose significant risks, potentially […]

The post CrushFTP HTTPS Port Vulnerability Leads to Unauthorized Access appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in MediaView Plugin up to 1.1.2 on WordPress. This affects an unknown part. The manipulation of the argument ID leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-2481. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in IBM Cognos Controller and Controller up to 11.0.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to http request smuggling. This vulnerability is handled as CVE-2022-39163. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Icinga icingaweb2-module-director up to 1.10.2/1.11.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file icingaweb2/director/service. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-23203. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Alleged Sale of Database and Shell Access – Government of Nepal

A vulnerability was found in Xiaomi Game Center Application 13.10. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper validation of specified quantity in input. This vulnerability is traded as CVE-2024-45351. Attacking locally is a requirement. There is no exploit available.

In mid-March 2025, cybersecurity researchers uncovered “Operation ForumTroll,” targeting Russian media outlets and educational institutions. Victims are infected by clicking phishing links disguised as invitations to the “Primakov Readings” forum, requiring no further interaction for the sophisticated malware to deploy on vulnerable systems. The campaign exploits a critical zero-day vulnerability (CVE-2025-2783) in Chrome that bypasses […]

The post Operation ForumTroll – APT Hackers Exploit Google Chrome Zero-Day To Bypass Sandbox Protections appeared first on Cyber Security News.

CYFOX has uncovered significant vulnerabilities in smart TVs that could potentially disrupt entire enterprise networks. This discovery was made possible by their groundbreaking OmniSec vCISO platform, the first GenAI-powered autonomous security and compliance agent. During the implementation of OmniSec, CYFOX identified critical security flaws within smart TVs. Joseph Tal, CEO of CYFOX, emphasized the significance […]

The post Your Smart TV May Bring Down the Entire Network appeared first on Cyber Security News.

根据 Convergence Research 的报告，2024 年 46% 约 735 万户加拿大家庭没有订阅有线电视。它预测到 2027 年这一比例将会进一步提高到 54%。这意味着加拿大家庭转向订阅服务的速度在加快。不过这些家庭使用的订阅服务大部分来自美国公司如 Netflix、Disney+、Prime Video 和 Apple TV+，本土服务只剩下 Bell 旗下的 Crave。报告称，2024 年加拿大流媒体订阅收入同比增长 15% 达到 42 亿美元，而有线电视订阅收入同比下降 5% 至约 65 亿美元。此外去年加拿大 10 家主要流媒体提供商的价格平均上涨了 6%，加拿大人平均每户订阅 2.6 个流媒体。

Threat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials

Nozomi Networks Labs has uncovered four severe vulnerabilities in the Inaba Denki Sangyo Co., Ltd. IB-MCT001, a camera widely used in Japanese production plants for recording production stoppages. These security flaws, which remain unpatched, pose significant risks to industrial environments, potentially allowing unauthorized remote access and manipulation of critical production data. The CHOCO TEI WATCHER […]

The post Production Line Camera Flaws Allow Hackers to Disable Recordings appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mr Hamza Targeted the Website of UN News

Security consultant Troy Hunt, the creator of the Have I Been Pwned (HIBP) service, has revealed that he got tricked by a clever phishing email, and that the attacker gained access to his Mailchimp account and stole a list of email addresses of his newsletter subscribers. Commendably, he added the compromised data – email and IP addresses, rough geolocation data – to HIBP, so that users may check whether theirs is included or get notified … More →

The post If you think you’re immune to phishing attempts, you’re wrong! appeared first on Help Net Security.

A new wave of cyberattacks is targeting YouTube creators, leveraging fake brand collaboration offers to distribute malware. Cybersecurity firm CloudSEK has uncovered a sophisticated phishing campaign that employs the “Clickflix” technique to deceive content creators and compromise their systems. The attack vector begins with threat actors scraping email addresses from YouTube channels using specialized parser […]

The post YouTube Creators Targeted by Weaponized Brand Deals Using ‘Clickflix’ Attack Tactic appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.