Aggregator

A vulnerability classified as problematic has been found in Mozilla Firefox up to 142. The impacted element is an unknown function. This manipulation causes authentication bypass by spoofing. This vulnerability appears as CVE-2025-10530. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mozilla Firefox up to 142. Affected is an unknown function. Executing manipulation can lead to authentication bypass using alternate channel. This vulnerability is handled as CVE-2025-10531. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 142. This impacts an unknown function. Performing manipulation results in improper check for unusual conditions. This vulnerability is known as CVE-2025-10532. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability described as problematic has been identified in Mozilla Firefox up to 142. The affected element is an unknown function. The manipulation results in permissive cross-domain policy with untrusted domains. This vulnerability is reported as CVE-2025-10529. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in Mozilla Firefox up to 142. This issue affects some unknown processing. Executing manipulation can lead to use after free. This vulnerability is registered as CVE-2025-10527. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

Luxury jeweler Tiffany and Company has confirmed a data breach that exposed the personal information of 2,590 customers. The company discovered unauthorized access to an external system on September 9, 2025, but determined the incident first occurred on May 12, 2025. Tiffany notified affected customers in writing on September 16, 2025, and filed a breach notification […]

The post Luxury Jeweler Tiffany Reports Data Breach Exposing User Personal Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Две незаметные проблемы в Microsoft едва не создали «уязвимость судного дня».

The Atlantic Council has published its second annual report: “Mythical Beasts: Diving into the depths of the global spyware market.”

Too much good detail to summarize, but here are two items:

First, the authors found that the number of US-based investors in spyware has notably increased in the past year, when compared with the sample size of the spyware market captured in the first Mythical Beasts project. In the first edition, the United States was the second-largest investor in the spyware market, following Israel. In that edition, twelve investors were observed to be domiciled within the United States—­whereas in this second edition, twenty new US-based investors were observed investing in the spyware industry in 2024. This indicates a significant increase of US-based investments in spyware in 2024, catapulting the United States to being the largest investor in this sample of the spyware market. This is significant in scale, as US-based investment from 2023 to 2024 largely outpaced that of other major investing countries observed in the first dataset, including Italy, Israel, and the United Kingdom. It is also significant in the disparity it points to ­the visible enforcement gap between the flow of US dollars and US policy initiatives. Despite numerous US policy actions, such as the addition of spyware vendors on the ...

The post Surveying the Global Spyware Market appeared first on Security Boulevard.

关键词网络攻击网络安全研究人员发现，两个与俄罗斯联邦安全局（FSB）关联的黑客组织 Gamaredon 与 T

关键词网络攻击英国国家犯罪调查局（NCA）宣布，两名少年因涉嫌参与 2024 年 9 月对伦敦交通局（TfL）

关键词网络攻击俄罗斯地区航空公司 克拉斯诺亚尔斯克航空（KrasAvia） 确认，其官方网站及多项核心系统于当

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. The workflow we are highlighting streamlines security alert handling by automatically identifying and executing the appropriate Standard

U.K. police arrested two teens from the Scattered Spider group for their role in the August 2024 cyberattack on Transport for London. U.K. law enforcement authorities arrested two teenagers who are members of the notorious Scattered Spider hacking group in connection with their role in the cyber attack that hit Transport for London (TfL). Transport for London (TfL) […]

UK law enforcement agencies have arrested two individuals linked to the notorious Scattered Spider cybercriminal group. The arrests, announced on Tuesday, pertain to a sophisticated attack on London’s transport systems. Authorities say the suspects infiltrated critical infrastructure networks, demanding ransom payments and causing widespread disruption. Details of the Arrests and Charges On Sept. 16, officers […]

The post UK Police Arrest Two Scattered Spider Hackers Over London Transport Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

LYSRC正式启动大模型专项测试活动，诚邀白帽师傅们聚焦同程旅行体系AIGC服务安全，共同筑牢智能时代安全防线

On September 18, 2025, Orange Cert publicly disclosed a critical authentication bypass vulnerability affecting Nokia’s CBIS (CloudBand Infrastructure Software) and NCS (Nokia Container Service) Manager API (CVE-2023-49564). With a CVSS 3.1 score of 9.6 (AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), the vulnerability poses a severe risk to organizations relying on these management platforms to orchestrate and secure their containerized network […]

The post Nokia CBIS/NCS Manager API Vulnerability Allows Attackers to Bypass Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Пока операторы отчитываются о победах, мошенники строят свою собственную сеть у вас под окнами.

A newly disclosed flaw in HubSpot’s open-source Jinjava template engine could allow attackers to bypass sandbox restrictions and achieve remote code execution (RCE) on thousands of websites relying on versions prior to 2.8.1.  Tracked as CVE-2025-59340 and rated Critical with a CVSS v3.1 score of 10.0, the issue stems from JavaType‐based deserialization, enabling threat actors […]

The post HubSpot’s Jinjava Engine Vulnerability Exposes Thousands of Websites to RCE Attacks appeared first on Cyber Security News.

Luxury jewelry brand Tiffany and Company has confirmed a data breach that resulted in the theft of customers’ personal information. The company is in the process of sending out notification letters to affected individuals, detailing the scope of the incident and the data that was compromised. According to the notification, Tiffany experienced a “cybersecurity issue” […]

The post Luxury Jewelry Creator Tiffany Confirms Data breach – Hackers Stolen Users Personal Information appeared first on Cyber Security News.