Aggregator

Как секретный сговор Microsoft и израильской разведки обернулся глобальным скандалом со слежкой.

GitLab has disclosed multiple high-severity Denial-of-Service (DoS) vulnerabilities that could allow unauthenticated attackers to crash self-managed GitLab instances.  These flaws impact Community Edition (CE) and Enterprise Edition (EE) versions prior to 18.4.1, 18.3.3, and 18.2.7, and exploit both HTTP endpoints and GraphQL APIs.  Administrators must upgrade immediately to prevent service interruptions and potential data loss. […]

The post GitLab High-Severity Vulnerabilities Let Attackers Crash Instances appeared first on Cyber Security News.

本文提出了一种名为 IoT-PRIDS 的轻量级非机器学习框架，用于物联网网络的入侵检测。

A vulnerability was found in zhuimengshaonian wisdom-education up to 1.0.4 and classified as problematic. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. This vulnerability is referenced as CVE-2025-11080. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The Singapore police said Facebook is the top platform for online scams in the country

A critical, perfect 10.0 CVSS score vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution was actively exploited as a zero-day at least a week before the company released a patch. The vulnerability, tracked as CVE-2025-10035, is a command injection flaw that allows for unauthenticated remote code execution. Security firm watchTowr reported credible evidence of […]

The post Fortra GoAnywhere Vulnerability Exploited as 0-Day Before Patch appeared first on Cyber Security News.

The macOS threat landscape has witnessed a significant escalation with the discovery of a new variant of the XCSSET malware targeting app developers. First observed in late September 2025, this variant builds upon earlier versions by introducing enhanced stealth techniques, expanded exfiltration capabilities, and robust persistence mechanisms. Attackers continue to leverage infected Xcode projects—the cornerstone […]

The post New Variant of The XCSSET Malware Attacking macOS App Developers appeared first on Cyber Security News.

A vulnerability has been found in Vimesoft Corporate Messaging Platform and classified as problematic. This affects an unknown part. This manipulation causes insertion of sensitive information into sent data. The identification of this vulnerability is CVE-2025-11025. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

Submit #661308 / VDB-326121

Enterprises everywhere are embracing MCP servers—tools that grant AI assistants “god-mode” permissions to send emails, run database queries, and automate tedious tasks. But no one ever stopped to ask: Who built these tools? Today, the first real-world malicious MCP server—postmark-mcp—has emerged, quietly exfiltrating every email it processes. Since its initial release, postmark-mcp has been downloaded […]

The post Malicious MCP Server Discovered Stealing Sensitive Emails Using AI Agents appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, was found in Campcodes Farm Management System 1.0. Affected by this issue is some unknown functionality. The manipulation results in file and directory information exposure. This vulnerability was named CVE-2025-11079. The attack may be performed from remote. In addition, an exploit is available.

Submit #661199 / VDB-326119

Our updated Incident Response and Readiness guide provides a blueprint for responsibly incorporating AI into your IR program.

Researcher Finds Database of Sensitive Patient Info With No Password Protection
An unencrypted database containing nearly 150,000 patient records of a California provider of home health and palliative care services was left exposed on the internet, said a cybersecurity researcher who discovered the unsecured data cache. Why does this keep happening in the healthcare sector?

Newly Implemented Rule to Boost Cloud Competition and AI Development
The EU Data Act is now in its second phase of implementation, shifting the balance of power by granting users rights over the data generated by their connected devices and services. Beyond banning unfair contract terms and eliminating vendor lock-in, the act mandates data portability and access.

CISA Issues Emergency Directive After Cisco Exploits Persist After Reboot
CISA issued an emergency directive Thursday after discovering an advanced hacking campaign exploiting two persistent zero-days in Cisco firewall gear - malware that survives system reboots and upgrades - forcing agencies to disconnect vulnerable devices by Friday.

'RedNovember' Has Hacked Organizations in the US, Asia and Europe
A hacking group associated with widespread compromise of edge devices is a Chinese-state-aligned group, says cybersecurity firm Recorded Future. The firm says the threat actor, which it now tracks as RedNovember, is "highly likely a Chinese state-sponsored threat activity group."

Submit #661178 / VDB-326082

Cops make quick arrest after attack on airports, DPRK adversaries team up to weaponize developer identities, and PRC targets edge devices in US companies.

英国警方迅速逮捕一名涉嫌网络攻击人士；朝鲜威胁组织合作利用虚假身份进行网络攻击；中国相关威胁行为者针对美国企业投放恶意软件。