Aggregator

После взлома «Болоньи» спортивные гиганты переосмысливают стратегию цифровой защиты.

CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant for leveraging 0-day and n-day vulnerabilities in MOVEit Transfer, Cleo, Citrix ShareFile, and other enterprise-grade file transfer and sharing solutions. Attackers have been known to exploit previous CrushFTP vulnerabilities, but there is currently no evidence … More →

The post CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) appeared first on Help Net Security.

Cyber threat intelligence is all about data: its collection, exploration and research, extracting actionable insight. If you employ any intelligence solution, it is vital to understand what data sources it relies on and what kind of information they deliver.   In ANY.RUN’s Threat Intelligence Lookup and TI Feeds, we leverage fresh data from millions of sandbox […]

The post How We Enrich TI Lookup and Feeds with Fresh Threat Data from 15,000 Organizations appeared first on ANY.RUN's Cybersecurity Blog.

The cybersecurity landscape has been disrupted by the emergence of Lucid, a sophisticated Phishing-as-a-Service (PhAAS) platform developed by Chinese-speaking threat actors. This advanced toolkit enables cybercriminals to conduct large-scale phishing campaigns, targeting 169 entities across 88 countries globally. Lucid’s innovation lies in its exploitation of Rich Communication Services (RCS) and Apple’s iMessage protocol to circumvent […]

The post Lucid PhAAS Platform Uses RCS and iMessage to Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Vivaldi 创始人谭咏文（Jon von Tetzchner）宣布，这款基于 Chromium 的浏览器整合了 Proton VPN。 谭咏文宣称，Web 正在变化。在一个日益被科技巨头和垄断企业所定义的世界里，用户正在觉醒。他们选择隐私而不是被人剖析研究、选择主权而不是被监视、选择独立而不是惰性。这种变化的核心是尊重用户而不是剥削用户的工具。这是为什么 Vivaldi 要整合 Proton VPN。

A vulnerability classified as problematic was found in Korweblog 1.6.2cvs. Affected by this vulnerability is an unknown functionality of the file viewimg.php. The manipulation of the argument path leads to path traversal. This vulnerability is known as CVE-2004-1543. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Cybersecurity researchers at Bitdefender have uncovered a significant evolution in the tactics of the RedCurl threat group, marking their first foray into ransomware deployment. This new strain, dubbed QWCrypt, specifically targets Hyper-V servers, showcasing a sophisticated and highly targeted approach to cyberattacks. Novel Ransomware Strain Emerges The QWCrypt ransomware, previously undocumented, represents a departure from […]

The post RedCurl Unleashes New Ransomware Targeting Hyper-V Servers Exclusively appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

 The Cybersecurity and Infrastructure Security Agency (CISA) has included a critical deserialization vulnerability affecting Sitecore CMS and Experience Platform (XP). This vulnerability, tracked as CVE-2019-9874, allows unauthenticated attackers to execute arbitrary code by manipulating HTTP POST parameters, specifically the __CSRFTOKEN field. The vulnerability exploits a weakness in the Sitecore.Security.AntiCSRF module, enabling malicious actors to send […]

The post CISA Adds Sitecore CMS Code Execution Vulnerability to Exploited List appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

关键词恶意软件ReversingLabs 的安全研究人员在 npm 软件包存储库中发现了一场新的恶意软件攻击活

关键词恶意软件网络安全研究人员在 npm 注册表中发现了两个恶意软件包，旨在感染另一个本地安装的软件包，这凸显

关键词网络钓鱼一种被称为“Clickflix 技术”的复杂网络钓鱼活动已经出现，它通过看似合法的品牌合作请求瞄

关键词数据泄露即时通讯应用Telegram近期出现了一款名为Funstatgrtbot的监控机器人，该服务引发

Attackers aren't just spending more time targeting the cloud — they're ruthlessly stealing more sensitive data and accessing more critical systems than ever before.

A vulnerability was found in Xiaomi Phone Framework. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2024-45356. It is possible to launch the attack on the local host. There is no exploit available.

Мошенники масштабируют атаки с ИИ.

Business Email Compromise (BEC) fraud represents one of the most insidious threats facing businesses and individuals today.

The post Business Email Compromise, ACH Transactions, and Liability appeared first on Security Boulevard.

当前，多家医院引入人工智能，并将其应用于临床、科研等多个场景。甚至，有营销宣传声称——“AI帮你一分钟搞定问诊、开药”。近期，湖南省医保局印发通知明确规定：“严禁使用 AI人工智能等自动生成处方”，引发网络热议。

3月20日，瑞典政府正式向议会提交了《国家网络安全战略2025-2029年》，对未来五年的国家网络安全建设进行了整体谋划，以应对日益复杂的网络安全威胁，提升国家整体网络安全水平。