Aggregator
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant for leveraging 0-day and n-day vulnerabilities in MOVEit Transfer, Cleo, Citrix ShareFile, and other enterprise-grade file transfer and sharing solutions. Attackers have been known to exploit previous CrushFTP vulnerabilities, but there is currently no evidence … More →
The post CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) appeared first on Help Net Security.
How We Enrich TI Lookup and Feeds with Fresh Threat Data from 15,000 Organizations
Cyber threat intelligence is all about data: its collection, exploration and research, extracting actionable insight. If you employ any intelligence solution, it is vital to understand what data sources it relies on and what kind of information they deliver. In ANY.RUN’s Threat Intelligence Lookup and TI Feeds, we leverage fresh data from millions of sandbox […]
The post How We Enrich TI Lookup and Feeds with Fresh Threat Data from 15,000 Organizations appeared first on ANY.RUN's Cybersecurity Blog.
Lucid PhAAS Platform Uses RCS and iMessage to Evade Detection
The cybersecurity landscape has been disrupted by the emergence of Lucid, a sophisticated Phishing-as-a-Service (PhAAS) platform developed by Chinese-speaking threat actors. This advanced toolkit enables cybercriminals to conduct large-scale phishing campaigns, targeting 169 entities across 88 countries globally. Lucid’s innovation lies in its exploitation of Rich Communication Services (RCS) and Apple’s iMessage protocol to circumvent […]
The post Lucid PhAAS Platform Uses RCS and iMessage to Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Vivaldi 内置 Proton VPN
CVE-2004-1543 | Korweblog 1.6.2cvs viewimg.php path path traversal (EDB-24771 / Nessus ID 15829)
警报!EncryptHub 利用 Windows Zero-Day 漏洞部署 Rhadamanthys 与 StealC 恶意软件
RedCurl Unleashes New Ransomware Targeting Hyper-V Servers Exclusively
Cybersecurity researchers at Bitdefender have uncovered a significant evolution in the tactics of the RedCurl threat group, marking their first foray into ransomware deployment. This new strain, dubbed QWCrypt, specifically targets Hyper-V servers, showcasing a sophisticated and highly targeted approach to cyberattacks. Novel Ransomware Strain Emerges The QWCrypt ransomware, previously undocumented, represents a departure from […]
The post RedCurl Unleashes New Ransomware Targeting Hyper-V Servers Exclusively appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
CISA Adds Sitecore CMS Code Execution Vulnerability to Exploited List
The Cybersecurity and Infrastructure Security Agency (CISA) has included a critical deserialization vulnerability affecting Sitecore CMS and Experience Platform (XP). This vulnerability, tracked as CVE-2019-9874, allows unauthenticated attackers to execute arbitrary code by manipulating HTTP POST parameters, specifically the __CSRFTOKEN field. The vulnerability exploits a weakness in the Sitecore.Security.AntiCSRF module, enabling malicious actors to send […]
The post CISA Adds Sitecore CMS Code Execution Vulnerability to Exploited List appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
【安全圈】新型 npm 恶意软件对热门以太坊库发动后门感染攻击
【安全圈】恶意 npm 包修改本地 ethers 库以发起反向 Shell 攻击
【安全圈】YouTube 创作者因品牌合作者请求使用 Clickflix 技术而遭受攻击
【安全圈】Telegram惊现公开群组聊天索引机器人 抓取8.6亿名用户的560亿条发言记录
High-Severity Cloud Security Alerts Tripled in 2024
CVE-2024-45356 | Xiaomi Phone Framework missing authentication
Clickflix 攻击:YouTube 创作者面临的品牌合作钓鱼危机
Видеозвонок от курьера? За ним может скрываться цифровая афера
Business Email Compromise, ACH Transactions, and Liability
Business Email Compromise (BEC) fraud represents one of the most insidious threats facing businesses and individuals today.
The post Business Email Compromise, ACH Transactions, and Liability appeared first on Security Boulevard.