Aggregator

Новый троян BrowserVenom наводит хаос в браузерах по всему миру.

Cybersecurity researchers at GreyNoise Intelligence have identified a significant coordinated attack campaign targeting Apache Tomcat Manager interfaces across the globe. On June 5, 2025, the company’s threat detection systems registered activity levels far exceeding normal baselines, with nearly 400 unique IP addresses participating in what appears to be a large-scale reconnaissance and access attempt operation. […]

The post Hackers Launch Coordinated Attack on Apache Tomcat Manager from 400 Unique IPs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca. [...]

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

攻击者只需网络访问权限，即可让工业设备宕机、CPU100%满载，甚至完全失控！

Europol warns of “vicious circle” of data breaches and cybercrime

Привет с Мальдив — там теперь не только отдых, но и обыски.

Машина просматривает секретные досье быстрее, чем аналитик успевает налить кофе...

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Akamai researchers warned that […]

Proofpoint Threat Intelligence has uncovered a large-scale Account Takeover (ATO) campaign, internally tracked as UNK_SneakyStrike, that leverages the open-source penetration testing framework TeamFiltration to target Microsoft Entra ID user accounts across global organizations.  The campaign, which began in late 2024, has targeted over 80,000 user accounts across hundreds of cloud tenants to date, with several […]

The post New Campaign Targets Entra ID User Accounts Using Pentesting Tool for Account Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Пока админы заняты рутиной, невидимые гости уже знакомятся с интерфейсами поближе.

Наука теперь может наблюдать, как формируются нейроны. В реальном времени.

SpaceX 至今发射了逾 7000 颗 Starlink 卫星去构建庞大的宽带卫星星座，而其中已有数百颗卫星从低地球轨道上提前坠落。根据一项研究，这一现象与太阳活动加剧有关。研究人员称，从 2020 年到 2024 年，有 1190 颗卫星从极低地球轨道（VLEO）坠落，其中 583 颗是 Starlink 卫星。研究显示，2020 年至 2024 年间，每年坠落 Starlink 卫星数量呈上升趋势，这一趋势与太阳活动处于增强阶段高度相关。2020 年仅有 2 颗坠落，2021 年有 78 颗坠落，而 2024 年坠落数量多达 316 颗。太阳活动以约 11 年为一个周期，呈现由弱到强、再由强转弱的周期性变化。202 0年至 2024 年，太阳活动处于第 25 个周期的上升和高峰阶段。太阳活动增强会引发地磁强烈扰动，使地球热层升温并膨胀，导致高层大气的密度和阻力增加。而高层大气阻力增加会使得低轨卫星轨道衰减加剧，最终更早坠入大气层烧毁；还可能增加组成部署星座的卫星之间的碰撞风险。Starlink 等低轨卫星的设计寿命一般约 5 年。研究显示，地磁活动对卫星的坠落影响显著，随着地磁活动增加，Starlink 卫星的坠落往往比地磁平静期更早。在强烈地磁暴期间，卫星从约 28 0公里的高度重返大气层的下落阶段比地磁平静期缩短 10 至 12 天。

A vulnerability was found in OnlyOffice Docs up to 8.3.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component WOPI Protocol Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-5301. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens Mendix Studio Pro 10, Mendix Studio Pro 10.12, Mendix Studio Pro 10.18, Mendix Studio Pro 10.6, Mendix Studio Pro 11, Mendix Studio Pro 8 and Mendix Studio Pro 9. It has been classified as critical. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-40592. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Sensor Intel Series: June 2025 CVE Trends

Erie Insurance reveals suspected network breach and ongoing outage

Amazon хотел «по умолчанию», Linux ответил «у нас так не работает».