Aggregator

A vulnerability was found in Vision Helpdesk up to 5.7.0 and classified as critical. Affected by this issue is some unknown functionality of the file index.php?/home/forgot-password of the component Forgot Password Handler. The manipulation of the argument vis_username leads to sql injection. This vulnerability is handled as CVE-2025-32993. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in MIT Kerberos 5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GSSAPI-protected Message Handler. The manipulation leads to use of weak hash. This vulnerability is known as CVE-2025-3576. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in AiDex up to 1.6. Affected is an unknown function of the file /api//message. The manipulation leads to code injection. This vulnerability is traded as CVE-2025-3579. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

The global regulatory landscape for cybersecurity is undergoing a seismic shift, with the European Union’s NIS2 Directive emerging as a critical framework for organizations operating within its jurisdiction. While ISO 27001 has long been the gold standard for information security management, the mandatory nature of NIS2 introduces new complexities for leaders navigating compliance across borders. […]

The post From ISO to NIS2 – Mapping Compliance Requirements Globally appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A sophisticated new malware suite targeting macOS, dubbed “PasivRobber,” has been discovered by security researchers. Identified on March 13, 2025, after a suspicious file named “wsus” was uploaded to VirusTotal, PasivRobber is a multi-component threat designed to steal a wide range of data from infected systems and popular applications. The malware exhibits a deep understanding […]

The post PasivRobber Malware Emerges, Targeting macOS to Steal Data From Systems and Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers are analyzing a sophisticated malware delivery mechanism that uses a JScript loader to deploy different payloads based on the victim’s geographic location. This loader initiates a complex chain involving obfuscated PowerShell scripts, ultimately executing potent malware like the XWorm Remote Access Trojan (RAT) or the Rhadamanthys information stealer. The attack often begins via […]

The post Unmasking Xworm Payload Execution Path through Jailbreaking a Malicious JScript Loader appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Что аналитики нашли в коде популярного ИИ-помощника?

OpenAI’s ChatGPT image generator has been exploited to create convincing fake passports in mere minutes, highlighting a significant vulnerability in current identity verification systems. This revelation comes from the 2025 Cato CTRL Threat Report, which underscores the democratization of cybercrime through the advent of generative AI (GenAI) tools like ChatGPT. Historically, the creation of fake […]

The post ChatGPT Image Generator Abused for Fake Passport Production appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybercriminals have launched a sophisticated campaign targeting websites hosted on Amazon Web Services (AWS) EC2 instances. This campaign, observed in March 2025, exploits a vulnerability in EC2 Instance Metadata through Server-Side Request Forgery (SSRF), allowing attackers to access sensitive information and potentially escalate their attacks. The Exploitation Technique The attackers are leveraging a combination of […]

The post Cybercriminals Exploit EC2 Instance Metadata Vulnerability to Launch Attacks on Hosted Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new and highly sophisticated ransomware campaign, dubbed “DOGE BIG BALLS Ransomware,” has recently come to light, demonstrating a blend of technical innovation and psychological manipulation. This operation stands out for its multi-stage infection chain, which begins with a seemingly innocuous ZIP file and culminates in the deployment of a customized ransomware payload, all while […]

The post DOGE ‘Big Balls’ Ransomware Utilizes ZIP-Based LNK Shortcuts and BYOVD Techniques for Stealthy Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

春日好时光，正是读书时。

春日好时光，正是读书时。

Secrets sprawl is a growing cybersecurity challenge, especially with NHIs. GitGuardian's new NHI Governance product offers centralized inventory and lifecycle management to help enterprises regain control over their secrets and prevent costly breaches.

The post GitGuardian Launches NHI Governance to Secure Non-Human Identities and Their Secrets for Enterprises appeared first on Security Boulevard.

CISA released nine Industrial Control Systems (ICS) advisories on April 15, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-105-01 Siemens Mendix Runtime
• ICSA-25-105-02 Siemens Industrial Edge Device Kit
• ICSA-25-105-03 Siemens SIMOCODE, SIMATIC, SIPLUS, SIDOOR, SIWAREX
• ICSA-25-105-04 Growatt Cloud Applications
• ICSA-25-105-05 Lantronix Xport
• ICSA-25-105-06 National Instruments LabVIEW
• ICSA-25-105-07 Delta Electronics COMMGR
• ICSA-25-105-08 ABB M2M Gateway
• ICSA-25-105-09 Mitsubishi Electric Europe B.V. smartRTU
   

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

How to Be Proactive in a Reactive World In healthcare, preventative medicine is always more effective, less costly, and has better outcomes than waiting until after a serious heart incident occurs. It’s an apt analogy for cybersecurity as well. Prophylactic (preventative) care in cybersecurity yields far better outcomes than constantly scrambling to respond to critical...

The post Prophylactic Cybersecurity for Healthcare appeared first on IONIX.

The post Prophylactic Cybersecurity for Healthcare appeared first on Security Boulevard.

此次中断导致管理员无法执行关键操作，包括邮件服务管理、用户账户维护及许可证配置等。

4chan定制化源代码（广为人知的Yotsuba系统）可能已遭泄露。

Regulatory compliance and data protection were the biggest cybersecurity challenges cited by UK financial organizations, according to a Bridewell survey