Aggregator

Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition. [...]

The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning $1,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions. [...]

If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain.

В NIF впервые получено 8,6 мегаджоуля энергии.

Civil society groups and academics are calling for the EU's GDPR to remain unchanged following the EU Commission's plans to revisit it

ThreatMark launched ScamFlag, a Generative AI-powered solution designed to protect digital banks and their customers from the scams and social engineering attacks. Seamlessly integrating into existing digital banking applications, ScamFlag enables financial institutions to provide their customers with scam detection capabilities without requiring separate app downloads or complex setup. The announcement comes as global fraud losses reached a staggering $486 billion in 2023, with more than 70% attributed to scams that trick legitimate users into … More →

The post ThreatMark offers protection against social engineering attacks and scams appeared first on Help Net Security.

Tor 项目宣布了命令行工具 oniux，使用 Linux 命名空间为第三方应用提供 Tor 网络隔离，路由通过 Tor 网络去实现匿名网络连接。Oniux 能为每个应用程序创建一个完全隔离的网络环境，能防止数据泄漏，即使应用程序是恶意的或者错误配置。Linux 命名空间是一项内核功能，允许进程在隔离的环境中运行，oniux 的命名空间不提供系统级网络接口如 eth0 的访问，而是提供自定义网络接口 onion0。oniux 处于实验阶段，它依赖的软件如 Arti 和 onionmasq 仍在开发中。

A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/auto-taxi-entry-detail.php. The manipulation of the argument price leads to sql injection. This vulnerability was named CVE-2025-4915. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Fuji Electric V-SFT up to 6.2.5.0 and classified as critical. Affected by this issue is the function VS6EditData!VS4_SaveEnvFile. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-47755. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in PHPGurukul Auto Taxi Stand Management System 1.0. Affected is an unknown function of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument drivername leads to sql injection. This vulnerability is traded as CVE-2025-4917. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability, which was classified as problematic, has been found in huggingface transformers up to 4.49.x. This issue affects the function preprocess_string of the component testing_utils. The manipulation leads to inefficient regular expression complexity. The identification of this vulnerability is CVE-2025-2099. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Gijza.net Error Manager 2.1 on PHP-Nuke and classified as problematic. Affected by this issue is some unknown functionality of the file error.php of the component Error Message Handler. The manipulation of the argument language/newlang/lang leads to information disclosure (Path). This vulnerability is handled as CVE-2004-1830. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /my-cart.php. The manipulation of the argument billingaddress leads to sql injection. This vulnerability is traded as CVE-2025-4930. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Japan passed a law allowing preemptive offensive cyber actions, shifting from its pacifist stance to bolster defenses like major Western powers. Japan has enacted the Active Cyberdefense Law, allowing preemptive offensive cyber operations to counter threats before damage occurs. This marks a shift from Japan’s pacifist stance under Article 9, aiming to elevate its cyber […]

France's foreign ministry said it "categorically rejects" a statement by Telegram's Pavel Durov that French intelligence had asked him to ban conservative voices in Romania ahead of its elections.

Кто оформил аккаунт на Турцию — тот сегодня без игр. Но с опытом.

At the RSA Conference in San Francisco this year, Tim Brown talked about the protection CISOs need, Russia’s continued attempts to launch attacks and how companies can navigate the treacherous waters of cyber incidents.

A new report from Zimperium is alerting users about growing threats facing iOS devices, particularly those tied to…

A phishing operation that targets corporate banking accounts across the globe has been analyzed in a new report by CTM360. The campaign uses fake Google ads, advanced filtering techniques, to steal sensitive login credentials and bypass MFA. Researchers uncovered more than 12,000 malicious redirector URLs spread across 35 unique potential phishing redirector templates. The infrastructure supports two distinct phishing techniques, both of which are difficult to detect and designed to evade automated scanning tools. What … More →

The post CTM360 maps out real-time phishing infrastructure targeting corporate banking worldwide appeared first on Help Net Security.