Alleged Data Breach of VYTL-SFT Verahealth Medical Platform
Alleged Data Breach of VYTL-SFT Verahealth Medical Platform
Aggregator
Fog ransomware attack on Asia financial org draws attention over use of employee monitoring software
6 months 2 weeks ago
An attack in Asia used a legitimate employee monitoring software that researchers hadn't seen employed by ransomware actors, as well as several other unusual tools.
OneLogin AD Connector Vulnerabilities Expose Authentication Credentials
6 months 2 weeks ago
A critical security vulnerability in OneLogin’s Active Directory (AD) Connector service has exposed enterprise authentication systems to significant risk The flaw, now reportedly fixed, uncovered by SpecterOps allowed malicious actors to obtain authentication credentials, impersonate users, and access sensitive applications through OneLogin’s platform. OneLogin, a prominent identity and access management (IAM) solution, integrates with popular […]
The post OneLogin AD Connector Vulnerabilities Expose Authentication Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Kaaviya
Randall Munroe’s XKCD ‘Neighbor-Source Heat Pump’
6 months 2 weeks ago
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Neighbor-Source Heat Pump’ appeared first on Security Boulevard.
Marc Handelman
Predator spotted in Mozambique for first time, another sign of spyware’s availability
6 months 2 weeks ago
Researchers found new evidence of Predator spyware use in Africa, this time in Mozambique.
Мы столетиями строили модели полюсов Солнца — и наконец узнали, как сильно ошибались
6 months 2 weeks ago
Впервые человечество увидело, где рождаются разрушительные бури, влияющие на Землю.
Researchers warn of ongoing Entra ID account takeover campaign
6 months 2 weeks ago
Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have discovered. “Proofpoint’s research indicates that while simulated intrusions using TeamFiltration date back nearly to the tool’s initial release in 2021, there has recently been a surge in login attempts associated with its use,” they shared. “This increase in activity, attributed to UNK_SneakyStrike’s ongoing campaign, began in December 2024 and peaked in January 2025. … More →
The post Researchers warn of ongoing Entra ID account takeover campaign appeared first on Help Net Security.
Zeljka Zorz
Threat Actors Using Bat Files to Deploy Quasar RAT
6 months 2 weeks ago
Remote Access Trojans (RATs) like Quasar have been a persistent threat for years, enabling attackers to control infected systems remotely. Recent SANS research has uncovered a new and particularly stealthy Quasar campaign, characterized by strong obfuscation and an innovative anti-sandbox technique. The infection begins with a batch (.bat) script attached to a seemingly harmless document. When […]
The post Threat Actors Using Bat Files to Deploy Quasar RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Kaaviya
CVE-2024-7562 | Revenera InstallShield 2021 R2/2022 R2/2023 R2 Standalone MSI Setup temp file (EUVD-2024-54679)
6 months 2 weeks ago
A vulnerability classified as critical has been found in Revenera InstallShield 2021 R2/2022 R2/2023 R2. This affects an unknown part of the component Standalone MSI Setup. The manipulation leads to creation of temporary file in directory with insecure permissions.
This vulnerability is uniquely identified as CVE-2024-7562. The attack needs to be approached locally. There is no exploit available.
vuldb.com
Threat Actors Exploiting Expired Discord Invite Links to Deliver Multi-Stage Malware
6 months 2 weeks ago
Cybercriminals have discovered a sophisticated new attack vector that exploits a critical flaw in Discord’s invitation system, allowing them to hijack expired invite links and redirect unsuspecting users to malicious servers hosting advanced malware campaigns. This emerging threat leverages the trusted nature of Discord, a platform used by millions of gamers and communities worldwide, to […]
The post Threat Actors Exploiting Expired Discord Invite Links to Deliver Multi-Stage Malware appeared first on Cyber Security News.
Tushar Subhra Dutta
CVE-2025-29744 | pg-promise up to 11.5.4 Negative Number sql injection (EUVD-2025-18190)
6 months 2 weeks ago
A vulnerability was found in pg-promise up to 11.5.4. It has been rated as critical. Affected by this issue is some unknown functionality of the component Negative Number Handler. The manipulation leads to sql injection.
This vulnerability is handled as CVE-2025-29744. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-44906 | uptrace pgdriver 1.2.1 /pgdriver/format.go appendArg sql injection (EUVD-2024-54680)
6 months 2 weeks ago
A vulnerability was found in uptrace pgdriver 1.2.1. It has been declared as critical. Affected by this vulnerability is the function appendArg of the file /pgdriver/format.go. The manipulation leads to sql injection.
This vulnerability is known as CVE-2024-44906. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2024-44905 | go-pg 10.13.0 /types/append_value.go sql injection
6 months 2 weeks ago
A vulnerability was found in go-pg pg 10.13.0. It has been classified as critical. Affected is an unknown function of the file /types/append_value.go. The manipulation leads to sql injection.
This vulnerability is traded as CVE-2024-44905. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-36573 | Dell Smart Dock prior 01.00.08.01 log file (dsa-2025-218 / EUVD-2025-18198)
6 months 2 weeks ago
A vulnerability was found in Dell Smart Dock and classified as problematic. This issue affects some unknown processing. The manipulation leads to sensitive information in log files.
The identification of this vulnerability is CVE-2025-36573. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-46035 | Tenda AC6 15.03.05.16 /goform/openSchedWifi schedStartTime/schedEndTime buffer overflow (EUVD-2025-18197)
6 months 2 weeks ago
A vulnerability has been found in Tenda AC6 15.03.05.16 and classified as very critical. This vulnerability affects unknown code of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow.
This vulnerability was named CVE-2025-46035. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-49467 | GWE Systems JEvents Component up to 3.6.87 on Joomla sql injection (EUVD-2025-18196)
6 months 2 weeks ago
A vulnerability, which was classified as critical, was found in GWE Systems JEvents Component up to 3.6.87 on Joomla. This affects an unknown part. The manipulation leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-49467. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Akira
6 months 2 weeks ago
You must login to view this content
cohenido
Lynx
6 months 2 weeks ago
You must login to view this content
cohenido
Waveny LifeCare Network Falls Victim to Qilin Ransomware Group
6 months 2 weeks ago
Waveny LifeCare Network Falls Victim to Qilin Ransomware Group
Dark Web Informer - Cyber Threat Intelligence
Qilin
6 months 2 weeks ago
You must login to view this content
cohenido