Aggregator

A vulnerability was found in MediaTek MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6985, MT6989, MT6990, MT7902, MT7920, MT7921, MT7922, MT7925, MT7927, MT8195, MT8370, MT8390, MT8395, MT8518S, MT8532 and MT8678 and classified as critical. Affected by this issue is some unknown functionality of the component Bluetooth FW. The manipulation leads to reachable assertion. This vulnerability is handled as CVE-2024-20147. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in MediaTek MT2737, MT6813, MT6835, MT6835T, MT6878, MT6878M, MT6879, MT6886, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8676, MT8678, MT8795T, MT8798 and MT8863 NR16/NR17/NR17R and classified as critical. Affected by this vulnerability is an unknown functionality of the component Modem. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-20634. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A significant evolution in the cybersecurity landscape has emerged with the uncovering of new vulnerabilities in Windows 11 (24H2). Process Hollowing, a widely used technique often referred to as RunPE, has encountered new challenges in this operating system version due to changes in the Windows loader, impacting both security researchers and attackers alike. Process Hollowing […]

The post New Process Hollowing Attack Vectors Uncovered in Windows 11 (24H2) appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

BeyondTrust, a leading provider of identity and access management solutions, disclosed a zero-day breach impacting 17 Remote Support SaaS customers. The incident, detected on December 5, 2024, has been linked to the compromise of an infrastructure API key used to access specific Remote Support SaaS instances. The breach allowed attackers to reset local application passwords […]

The post BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In this Help Net Security interview, Rob Lee, Chief of Research and Head of Faculty at SANS Institute, discusses what a toxic environment looks like and how professionals can recognize red flags such as high turnover, burnout, and a pervasive fear of mistakes. Addressing these issues early is key to maintaining a healthy and effective team. Can you describe what a “toxic cybersecurity environment” looks like? What are some of the red flags professionals should … More →

The post The hidden dangers of a toxic cybersecurity workplace appeared first on Help Net Security.

A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer. "Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a

A vulnerability, which was classified as critical, was found in MediaTek MT7603, MT7615, MT7622 and MT7915 up to 7.4.0.1. Affected is an unknown function of the component WLAN AP Driver. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2025-20633. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

In this episode, we explore the rollout of digital driver’s licenses in states like Illinois and the potential privacy issues that come with them. Can digital IDs truly enhance convenience without compromising your privacy? We also discuss the new Chinese AI model, DeepSeek, which is affecting U.S. tech companies’ stock prices. Join us as we […]

The post Privacy Concerns with Digital Driver’s Licenses, The Rise of DeepSeek AI appeared first on Shared Security Podcast.

The post Privacy Concerns with Digital Driver’s Licenses, The Rise of DeepSeek AI appeared first on Security Boulevard.

BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. BadDNS modules cname – Check for dangling CNAME records and interrogate them for subdomain takeover opportunities ns – Check for dangling NS records and interrogate them for takeover opportunities mx – Check for dangling MX records and assess their base domains for availability nsec – Enumerate subdomains by NSEC-walking references – Check HTML content for links or … More →

The post BadDNS: Open-source tool checks for subdomain takeovers appeared first on Help Net Security.

Cybersecurity experts have uncovered a sophisticated phishing campaign targeting Microsoft advertising accounts. The attack, orchestrated through malicious Google Ads, aims to steal login credentials of users accessing Microsoft’s advertising platform. This incident highlights the growing risk of malvertising, where cybercriminals exploit legitimate ad networks to deceive users. How the Attack Works The phishing campaign leverages […]

The post Microsoft Advertisers Account Hacked Using Malicious Google Ads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

APT狩猎工具

恶意样本静态分析-上

A vulnerability, which was classified as critical, has been found in Adobe Flash Player. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2016-1011. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A sophisticated race condition vulnerability affecting Windows 11 (x64) kernel operations, highlighting ongoing concerns about kernel-level security in modern operating systems. These race conditions, which stem from the operating system’s inability to synchronize shared resources during concurrent operations properly, could potentially allow attackers to escalate privileges, execute arbitrary code, or crash critical systems. The vulnerabilities […]

The post New Windows 11 (x64) Modern Kernel Race Conditions Uncovered – PoC Released appeared first on Cyber Security News.

Mid-market organizations are grappling with managing the large volume of SaaS applications, both sanctioned and unsanctioned, with actual numbers often exceeding expectations, according to Cloud Security Alliance. Security teams are struggling with a growing attack surface Disconcertingly, 44% of organizations prioritize protecting all their sanctioned applications, and a mere 17% include unsanctioned ones in this priority. Given that limited visibility into these applications results in significant security gaps, specialized tools and automation are essential to … More →

The post Only 3% of organizations have a dedicated budget for SaaS security appeared first on Help Net Security.

A vulnerability classified as critical has been found in Apple iTunes up to 12.9.5 on Windows. Affected is an unknown function of the component WebKit. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2019-8672. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Evolvable Shambala Server 4.5. Affected is an unknown function of the component Connection Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2000-0953. It is possible to launch the attack remotely. Furthermore, there is an exploit available.