Aggregator

A sophisticated malvertising campaign is using fake Microsoft Teams installers to compromise corporate systems, leveraging poisoned search engine results and abused code-signing certificates to deliver the Oyster backdoor malware. The attack was neutralized by Microsoft Defender’s Attack Surface Reduction (ASR) rules, which blocked the malware from establishing contact with its command-and-control server. The multi-stage attack […]

The post Hackers use Weaponized Microsoft Teams Installer to Compromise Systems With Oyster Malware appeared first on Cyber Security News.

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

Hackers are sending fake invoice emails with malicious Office files that install the XWorm RAT on Windows systems, allowing full remote access and data theft. Learn how the shellcode and process injection are used to steal data, and how to stay safe from this persistent threat.

A critical security flaw has emerged in Apache Airflow 3.0.3, exposing sensitive connection information to users with only read permissions. The vulnerability, tracked as CVE-2025-54831 and classified as “important” severity, fundamentally undermines the platform’s intended security model for handling sensitive data within workflow connections. Apache Airflow version 3.0 introduced significant changes to how sensitive information […]

The post Apache Airflow Vulnerability Exposes Sensitive Details to Read-Only Users appeared first on Cyber Security News.

A sophisticated cybercriminal alliance between malware operators and covert North Korean IT workers has emerged as a significant threat to corporate organizations worldwide. This hybrid operation, known as DeceptiveDevelopment, represents a dangerous convergence of traditional cybercrime and state-sponsored activities, targeting software developers and cryptocurrency professionals through elaborate social engineering campaigns. The DeceptiveDevelopment group, active since […]

The post Malware Operators Collaborate With Covert North Korean IT Workers to Attack Corporate Organizations appeared first on Cyber Security News.

Type One Energy укротила температуру звезд на Земле.

声明：文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由用户承担全部

A sophisticated botnet operation has emerged, employing a Loader-as-a-Service model to systematically weaponize internet-connected devices across the globe. The campaign exploits SOHO routers, IoT devices, and enterprise applications through command injection vulnerabilities in web interfaces, demonstrating an alarming evolution in cybercriminal tactics. The malicious infrastructure operates by targeting unsanitized POST parameters in network management fields […]

The post New Botnet Loader-as-a-Service Exploiting Routers and IoT Devices to Deploy Mirai Payloads appeared first on Cyber Security News.

格尔软件近日宣布其官方网站已全面完成ML-KEM算法的升级与支持

看雪论坛作者ID：zer00ne

A vulnerability identified as problematic has been detected in WSO2 Identity Server as Key Manager, API Manager and Identity Server. This affects an unknown part of the component Error Message Handler. Performing manipulation results in injection. This vulnerability is known as CVE-2024-6429. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in Liferay Portal and DXP and classified as critical. This affects an unknown part of the component SLO API. This manipulation causes session expiration. This vulnerability is tracked as CVE-2025-43819. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in Ninja Forms Plugin up to 3.12.0 on WordPress. The affected element is the function maybe_opt_in of the component Setting Handler. Performing manipulation results in cross-site request forgery. This vulnerability is known as CVE-2025-10499. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability identified as critical has been detected in WSO2 Enterprise Integrator, Identity Server, Open Banking IAM and Identity Server as Key Manager. This vulnerability affects unknown code of the component BPEL Uploader SOAP Service. This manipulation causes unrestricted upload. The identification of this vulnerability is CVE-2025-1862. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability marked as problematic has been reported in vWebServer 1.2.0. This affects an unknown part of the component MS DOS Device Name. This manipulation causes denial of service. The identification of this vulnerability is CVE-2001-1249. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to implement restrictive firewalling.

A vulnerability classified as critical has been found in PGP Keyserver 7.0/7.0.1. This affects an unknown function of the file /cgi-bin of the component Authentication. This manipulation of the argument page_size causes improper authentication. This vulnerability appears as CVE-2001-1252. The attack may be initiated remotely. In addition, an exploit is available. It is advisable to implement restrictive firewalling.

A vulnerability was found in MySQL 3.23.31. It has been classified as critical. Affected by this vulnerability is an unknown functionality. This manipulation causes memory corruption. This vulnerability is tracked as CVE-2001-1274. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in Horde IMP up to 2.2.5. This issue affects some unknown processing of the component JavaScript Handler. The manipulation results in basic cross site scripting. This vulnerability is identified as CVE-2001-1257. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.