Aggregator

A vulnerability was found in xfig fig2dev 3.2.9a. It has been rated as critical. This issue affects the function create_line_with_spline. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-31164. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in xfig fig2dev 3.2.9a. It has been declared as problematic. This vulnerability affects the function via put_patternarc. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-31163. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in xfig fig2dev 3.2.9a. It has been classified as problematic. This affects the function via get_slope. The manipulation leads to divide by zero. This vulnerability is uniquely identified as CVE-2025-31162. The attack needs to be approached locally. There is no exploit available.

Russian authorities arrested three suspects for developing Mamont, a newly identified Android banking trojan. Russian authorities arrested three suspects in Saratov for developing Mamont (Russian for mammoth), a recently discovered Android banking trojan. “Three Saratov residents are suspected of fraud and unauthorized access to computer information. Officers from the fraud prevention department of PJSC Sberbank […]

Evidence suggests an attacker gained access to the company's cloud infrastructure environment, but Oracle insists that didn't happen.

This week’s cybersecurity landscape underscores the increasing complexity of today’s threats and the critical importance of maintaining a proactive, layered […]

The post Weekly Threat Landscape Digest – Week 13 appeared first on HawkEye.

Name: StealthCup (an Stealth-Cup event.)
Date: March 28, 2025, 7 a.m. — 28 March 2025, 15:00 UTC  [add to calendar]
Format: Hack quest
On-site
Location: Vienna, Austria / Hybrid (Online)
Offical URL: https://stealth.ait.ac.at/
Rating weight: 0
Event organizers: 0x01DA

How much do scraper bots affect your industry?

Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for "exceptional and differentiated" critical security vulnerabilities from $20,000 to $100,000. [...]

Всё началось с шпионской кампании в России и привело к багу в другом браузере.

“The best-laid plans of mice and men often go awry.” - Robert Burns, Scottish poet

The post Why Cause Chaos? The Benefits of Having a “Chaos Day” appeared first on Security Boulevard.

The attack hit the Kuala Lumpur airport over the weekend, and it remains unclear who the threat actors are and what kind of information they may have stolen.

Cybersecurity researchers have discovered a sophisticated phishing-as-a-service (PhaaS) platform, dubbed “Morphing Meerkat,” that leverages DNS mail exchange (MX) records to dynamically serve tailored phishing pages mimicking over 100 brands. The platform, which has been operational since at least January 2020, employs a range of advanced techniques to evade detection and maximize the effectiveness of its […]

The post Hackers Exploit DNS MX Records to Create Fake Logins Imitating 100+ Brands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

One thing not often thought of is the lowly crash test dummy. Traditionally, crash test dummies were modeled after male bodies leading to vehicle safety standards and designs being disproportionately geared towards protecting male passengers. As a result, studies found that women and children suffered more significant injuries more frequently in car crashes. Similarly, [...]

The post Modern Security Testing  – Leveling up the Crash Test Dummy appeared first on Hurricane Labs.

The post Modern Security Testing  – Leveling up the Crash Test Dummy appeared first on Security Boulevard.