Aggregator

ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor

Oscilar launched AI Agent platform, reshaping how organizations manage online risk. Built around a network of specialized AI agents, Oscilar’s platform addresses key challenges in fraud prevention, compliance, credit underwriting, and customer verification. Unlike traditional static AI models that require continuous human oversight and intervention, Oscilar’s AI Agents operate autonomously, proactively identifying risks, executing complex risk analyses, and dynamically adapting to evolving threat landscapes. “Traditional approaches to risk management are simply unable to keep pace … More →

The post Oscilar AI Agent improves risk analysis and fraud prevention appeared first on Help Net Security.

Resecurity found an LFI flaw in the leak site of BlackLock ransomware, exposing clearnet IPs and server details. Resecurity has identified a Local File Include (LFI) vulnerability in Data Leak Site (DLS) of BlackLock Ransomware.  Cybersecurity experts were able to exploit misconfiguration in vulnerable web-app used by ransomware operators to publish victims’ data – leading […]

产品研发团队负责建设，安全研究团队负责赋能。

产品研发团队负责建设，安全研究团队负责赋能。

产品研发团队负责建设，安全研究团队负责赋能。

产品研发团队负责建设，安全研究团队负责赋能。

产品研发团队负责建设，安全研究团队负责赋能。

产品研发团队负责建设，安全研究团队负责赋能。

产品研发团队负责建设，安全研究团队负责赋能。

Red wolf ceyber Targeted the Website of THE ACADEMY OF THE HEBREW LANGUAGE

In a startling revelation, a new report indicates that three out of four enterprise users are uploading data to generative AI (genAI) applications, including sensitive information such as passwords and keys. This alarming trend highlights the growing risks associated with the widespread adoption of AI technologies in the workplace. The 2025 Generative AI Cloud and […]

The post 3 in 4 Enterprise Users Upload Data to GenAI Including Passwords and Keys appeared first on Cyber Security News.

Microsoft has fixed a known issue causing some USB printers to start printing random text after installing Windows updates released since late January 2025. [...]

A vulnerability, which was classified as problematic, has been found in Discourse up to 3.3.3/3.4.0.beta5. This issue affects some unknown processing of the component Direct Message Handler. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2025-24972. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Discourse up to 3.3.3/3.4.0.beta4. This vulnerability affects the function add_users_to_channel. The manipulation leads to race condition. This vulnerability was named CVE-2025-24808. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

AI is now part of the botnet. See how it’s powering ATOs and fake accounts, and why real-time, multi-layered detection is the only way to fight back.

The post How AI is Fueling ATOs & Fake Account Creation—And Why Bot Detection Needs to Evolve appeared first on Security Boulevard.

Two critical vulnerabilities have been identified in widely used software: CrushFTP and Next.js. CrushFTP, a file transfer solution, contains a vulnerability allowing unauthorized access through standard web ports, bypassing security measures.  Additionally, Next.js, a popular React framework, suffers from CVE-2025-29927, which enables attackers to circumvent authorization checks in middleware.  Both vulnerabilities pose significant risks, potentially […]

The post CrushFTP HTTPS Port Vulnerability Leads to Unauthorized Access appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in MediaView Plugin up to 1.1.2 on WordPress. This affects an unknown part. The manipulation of the argument ID leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-2481. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in IBM Cognos Controller and Controller up to 11.0.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to http request smuggling. This vulnerability is handled as CVE-2022-39163. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.