Aggregator

Microsoft has confirmed a new known issue causing delivery delays for June 2025 Windows security updates due to an incorrect metadata timestamp. [...]

A sophisticated cyberattack campaign has emerged, exploiting a critical vulnerability in Langflow, a widely-used Python-based framework for building AI applications, to deploy the destructive Flodrix botnet. Identified as CVE-2025-3248 and carrying a near-perfect CVSS score of 9.8, this unauthenticated remote code execution (RCE) flaw impacts Langflow versions prior to 1.3.0. Unveiling a Severe RCE Vulnerability […]

The post Hackers Leverage Critical Langflow Flaw to Deploy Flodrix Botnet and Seize System Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Every security practitioner knows that employees are the weakest link in an organization, butthis is no longer the case. SquareX’s research reveals that Browser AI Agents are more likely tofall prey to cyberattacks than employees, making them the new weakest link that enterprisesecurity teams need to look out for. Browser AI Agents are software applications […]

The post SquareX Reveals That Employees Are No Longer The Weakest Link, Browser AI Agents Are appeared first on Cyber Security News.

The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a report published last week, said it was able to make this connection by pivoting from Proton66-linked digital assets, leading to the discovery of an active threat cluster that leverages Visual Basic Script (VBS) files as its

Sarcoma, a recently emerged cybercrime group, was responsible for a data breach of Swiss health nonprofit Radix, according to a statement by the Zurich-based organization.

美国法庭文件显示，臭名昭著的黑客 IntelBroker 是 26 岁的英国人 Kai West，他于 2025 年 2 月在法国被捕，美国正寻求引渡其归案。IntelBroker 通过入侵企业计算机系统，窃取并销毁数据后，通过 BreachForums 等地下犯罪论坛以加密货币出售被盗数据。他被认为造成了至少 2500 万美元的损失，其知名受害者包括了诺基亚、HPE、欧洲刑警组织、家得宝、AMD、苹果和美国陆军。West 被认为也是 BreachForums 论坛的一名管理员，法国警方上周逮捕了该论坛的四名管理员 Hollow、Noct、Depressed 和 ShinyHunters。根据法庭文件，卧底特工首先从 IntelBroker 手中购买被盗的 API key，跟踪了他的比特币钱包地址。West 被发现使用个人邮箱注册了 Ramp 和 Coinbase 账户，他还使用该账号观看 YouTube 视频发布到 BreachForums 分享。他使用该账号观看了多则讨论 IntelBroker 及其受害者的视频。

Two deadly Ransomware Attacks on European hospitals show cybercrime now risks lives not just data with patients dying after treatment delays.

Cybercriminals have launched a sophisticated campaign exploiting Facebook’s advertising platform to distribute malware and steal cryptocurrency wallet credentials, targeting users worldwide through deceptive Pi Network-themed advertisements. The malicious operation, which began on June 24, 2025, coincides with the Pi2Day celebration and has already deployed over 140 ad variations to maximize its reach across multiple continents. […]

The post Threat Actors Weaponizing Facebook Ads to Deliver Malware and Stealing Wallet Passwords appeared first on Cyber Security News.

A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath leads to path traversal. This vulnerability is known as CVE-2025-6925. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Резервные линии превратились в золотой актив для IT-компаний.

Hackers successfully took control of critical operational systems at a dam facility near Risevatnet in Bremanger, Norway, during April. The attackers managed to seize command over the minimum water flow controls and gained access to the dam’s valve closure mechanism, leading to a full valve opening event that lasted several hours before being detected and […]

The post Hackers Breach Norwegian Dam, Triggering Full Valve Opening appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Spanish authorities have arrested five individuals in Madrid and the Canary Islands, suspected of laundering $540 million (€460 million) from illegal cryptocurrency investment schemes and defrauding more than 5,000 victims. [...]

Submit #600948 / VDB-314437

Berlin’s data protection commissioner, Meike Kamp, has raised serious alarms over the Chinese AI application DeepSeek, accusing the company of unlawfully transferring personal data of German users to China in violation of the European Union’s stringent General Data Protection Regulation (GDPR). In a statement released on Friday, Kamp highlighted that DeepSeek has failed to demonstrate […]

The post Germany Urges Apple and Google to Ban Chinese AI App DeepSeek Over Privacy Concerns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #600636 / VDB-313608

Palo Alto, California, 30th June 2025, CyberNewsWire

A vulnerability, which was classified as critical, was found in ai-inference-server. Affected is an unknown function of the file /invocations of the component API Inference Endpoint. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-6920. The attack needs to be done within the local network. There is no exploit available.

Вот чем заканчивается, когда говорят «опыт работы не обязателен».

A vulnerability, which was classified as problematic, has been found in ABB Lite Panel Pro up to 1.0.1. This issue affects some unknown processing. The manipulation leads to session expiration. The identification of this vulnerability is CVE-2025-4407. The attack can only be initiated within the local network. There is no exploit available.