Aggregator

Cloudflare stopped a record 22.2 Tbps DDoS attack, showing how massive these threats have become and why strong DDoS attack protection is essential.

This is a weird story:

The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City.

The agency said on Tuesday that last month it found more than 300 SIM servers and 100,000 SIM cards that could have been used for telecom attacks within the area encompassing parts of New York, New Jersey and Connecticut.

“This network had the power to disable cell phone towers and essentially shut down the cellular network in New York City,” said special agent in charge Matt McCool...

The post US Disrupts Massive Cell Phone Array in New York appeared first on Security Boulevard.

Глава нацбанка Румынии поделился своим мнением об отказе от наличных денег.

A vulnerability was found in MCCMS 2.7.0. It has been classified as problematic. This affects an unknown part of the file Backups.php. The manipulation leads to files or directories accessible. This vulnerability is uniquely identified as CVE-2025-51818. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Apache IoTDB up to 2.0.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. Such manipulation leads to deserialization. This vulnerability is listed as CVE-2025-48459. The attack must be carried out from within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Apache IoTDB up to 2.0.4. It has been rated as problematic. Affected by this issue is some unknown functionality. Performing manipulation results in denial of service. This vulnerability is cataloged as CVE-2025-48392. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in IBM Integrated Analytics System up to 1.0.30.0. The impacted element is an unknown function. This manipulation causes unrestricted upload. The identification of this vulnerability is CVE-2025-36174. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月，某国际时尚品牌被曝数据泄露，其中国公司

Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages and steal credit card data by bypassing the very security policies designed to stop them. Download the complete iframe security guide here.  TL;DR: iframe Security Exposed Payment iframes are being actively exploited by attackers using

Boyd Gaming Corporation has disclosed that an unauthorized actor removed data from its systems, including information about employees and other individuals

软件供应链中的信任问题导致安全漏洞。攻击包括打字错误欺骗、凭证被盗、构建管道中毒和恶意维护者。防御工具如TypoGard、Zizmor、PyPI可信发布和数字证明等正在被开发以加强安全性。

A severe security vulnerability in OnePlus OxygenOS has been discovered that allows any installed application to read SMS and MMS messages without requesting permission or notifying users.  The flaw, designated CVE-2025-10184, affects multiple OnePlus devices running OxygenOS versions 12 through 15, potentially compromising SMS-based multi-factor authentication (MFA) systems and exposing sensitive personal communications to unauthorized […]

The post OnePlus OxygenOS Vulnerability Allows Any App to Read SMS Data Without Permission appeared first on Cyber Security News.

A serious security flaw in the Salesforce CLI installer (sf-x64.exe) has been assigned CVE-2025-9844. This weakness allows attackers to execute arbitrary code with SYSTEM-level privileges on Windows machines. Users who installed Salesforce CLI from untrusted sources may be at risk. The vulnerability stems from improper handling of file paths during installation, which can be abused […]

The post Salesforce CLI Installer Flaw Lets Attackers Run Code and Gain SYSTEM-Level Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Since August 2024, a financially motivated threat group has been targeting Android users in Indonesia and Vietnam with banking trojans disguised as official government identity and payment applications. By employing elaborate download mechanisms, reusing infrastructure, and leveraging template-based spoofed sites, the operators have used a coordinated campaign to evade detection and steal user credentials. The […]

The post Banking Trojans Targeting Android Users Disguise as Government and Trusted Payment Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

文章探讨了AI生成代码的安全性评测体系的局限性，并介绍了SecCodeBench 2.0的推出。该基准测试套件针对现有评测体系在测试用例质量、评估方法单一性和智能编码工具覆盖不足等问题进行了改进。通过重构评测对象、升级评估标准和优化测试用例设计，SecCodeBench 2.0旨在更贴合实际需求，提升AI编程的安全性和可靠性。

A vulnerability has been found in PowerDNS DNSdist up to 1.9.10/2.0.0 and classified as problematic. The affected element is an unknown function of the component nghttp2. The manipulation leads to infinite loop. This vulnerability is listed as CVE-2025-30187. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.