Aggregator

True security isn't about meeting deadlines — it's about mitigating risk in a way that aligns with business objectives while protecting against real-world threats.

Sysdig researchers detailed an ongoing campaign from China-backed threat actor UNC5174, which is using open source hacking tools to stay under the radar.

Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. [...]

PlexTrac launched PlexTrac for CTEM, expanding the platform’s capabilities with a proactive and continuous threat exposure management solution designed to help security teams centralize security data, prioritize risk based on business impact, and automate validation and remediation workflows. PlexTrac for CTEM enables organizations to move beyond traditional point-in-time assessments and embrace a continuous, proactive security approach. Key capabilities include: Centralized data management for comprehensive threat analysis Aggregate findings and asset data from various scanning tools, … More →

The post PlexTrac for CTEM helps security teams centralize security data appeared first on Help Net Security.

A critical security vulnerability has been disclosed in the Apache Roller open-source, Java-based blogging server software that could allow malicious actors to retain unauthorized access even after a password change. The flaw, assigned the CVE identifier CVE-2025-24859, carries a CVSS score of 10.0, indicating maximum severity. It affects all versions of Roller up to and including 6.1.4.

Microsoft warned Windows users of increased CPU usage when typing while using recent versions of the classic Outlook email client. [...]

Операторы больше не смогут игнорировать волю абонента

Он не оставляет следов, но похищает даже самые сокровенные секреты.

DataDome announced major advancements to its platform and partner ecosystem that put businesses back in control of how AI agents access and interact with their digital assets. These innovations come at a pivotal moment, as enterprises grapple with the rapid rise of LLMs, AI crawlers, and automated agents that are reshaping the internet economy. With expanded intent-based AI models, LLM detection, and new AI agent response policies, DataDome’s AI engine enables the identification, categorization, adaptation, … More →

The post DataDome platform enhancements put businesses in control of AI agents appeared first on Help Net Security.

Get Q1 ’25 Report for Free Based on real data from 15,000+ global SOC teams. Top malware types, families, and APTs Changes in threat landscape since Q4 ’24 What SOC teams need to focus on Opt in to receive news, updates, and promotions. Get free report Loading… A copy of the report has been sent […]

The post Malware Trends Report, Q1 2025: Get Your Copy appeared first on ANY.RUN's Cybersecurity Blog.

Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge

Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns. Meta will start training its AI models using public data from adults in the EU, after pausing the plan last year over data protection concerns raised by Irish regulators. In June 2024, […]

Microsoft Teams users across the globe are experiencing significant disruptions in file-sharing capabilities due to an unexpected outage, impacting workplace communication and collaboration. A wave of reports began surfacing from organizations and individuals unable to share files within Microsoft Teams—the popular collaboration platform used by businesses, schools, and organizations worldwide. Users attempting to send or […]

The post Microsoft Teams File Sharing Unavailable Due to Unexpected Outage appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange Trading),

A vulnerability was found in PeerTube up to 7.1.0. It has been declared as problematic. This vulnerability affects unknown code of the component REST API. The manipulation leads to improper ownership management. This vulnerability was named CVE-2025-32945. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PeerTube up to 7.1.0. It has been classified as problematic. This affects an unknown part of the component ActivityPub Protocol. The manipulation leads to improper ownership management. This vulnerability is uniquely identified as CVE-2025-32946. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PeerTube up to 7.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component yauzl Library. The manipulation leads to uncaught exception. This vulnerability is handled as CVE-2025-32944. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 137.0.1 and classified as problematic. Affected by this vulnerability is the function nsHttpTransaction. The manipulation leads to race condition. This vulnerability is known as CVE-2025-3608. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

GL-iNet 路由器 CVE-2024-39226经典路由器漏洞复现