Aggregator

Why sharing lessons learned from cyber security incidents and ‘near misses’ will help everyone to improve

Proton решила стать «европейским Google». Только без слежки.

An incident involving the npm package eslint-config-prettier has been uncovered spreading Scavenger RAT

Cybersecurity researchers have unveiled the inner workings of an exploit script targeting a critical zero-day vulnerability in SAP NetWeaver’s Visual Composer Metadata Uploader, now designated as CVE-2025–31324. This flaw stems from a missing authorization check on the HTTP endpoint /developmentserver/metadatauploader, enabling unauthenticated file uploads that can lead to remote code execution (RCE) under the SAP […]

The post Technical Details of SAP 0-Day Exploitation Script for RCE Revealed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A cyberattack on Manpower’s Michigan office compromised data for 144,000 people. Meanwhile, Workday reveals a data breach in…

Name: CRHC CTF 2025 (an CRHCCTF event.)
Date: Aug. 16, 2025, 9 a.m. — 18 Aug. 2025, 09:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctfd.crhc.club/
Rating weight: 0
Event organizers: CRHC-CTF

Learn how LKE-E solves critical problems while providing streamlined adoption, operational simplicity, and cost efficiency at scale.

A comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application. Beneath its disguise, PipeMagic is a sophisticated malware framework designed for flexibility and persistence. Once deployed, it can dynamically execute payloads while maintaining robust command and control (C2) communication via a dedicated networking module.

The post Dissecting PipeMagic: Inside the architecture of a modular backdoor framework appeared first on Microsoft Security Blog.

Russia-based cybersecurity firm F6 said the attacks began in April and infected devices with Kinsing and XMRig malware, tools commonly used to mine the cryptocurrency Monero.

A multi-stage attack delivered via USB devices has been observed installing cryptomining malware using DLL hijacking and PowerShell

Face morphing software can blend two people’s photos into one image, making it possible for someone to fool identity checks at buildings, airports, borders, and other secure places. These morphed images can trick face recognition systems into linking the photo to both people, allowing one person to pass as the other. Face morphing software can blend photos of different people’s faces into a single synthesized image (Source: NIST) This kind of software is easy to … More →

The post New NIST guide explains how to detect morphed images appeared first on Help Net Security.

Исходный код вредоноса ушёл всего за 500 долларов. Кто продал Яниса Антропенко?

A vulnerability categorized as problematic has been discovered in IBM Concert Software up to 1.1.0. This affects an unknown part. The manipulation results in improper clearing of heap memory before release. This vulnerability is cataloged as CVE-2025-1759. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in IBM Concert Software up to 1.1.0. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to hard-coded credentials. This vulnerability is listed as CVE-2025-33100. The attack must be carried out locally. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in IBM Concert Software up to 1.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to inefficient regular expression complexity. This vulnerability is tracked as CVE-2025-33090. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Concert Software up to 1.1.0. It has been classified as problematic. Affected is an unknown function of the component Trusted Domain Handler. Performing manipulation results in permissive cross-domain policy with untrusted domains. This vulnerability is identified as CVE-2025-27909. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

Bragg Gaming Group has confirmed a significant cybersecurity incident that compromised the company’s internal IT infrastructure early Saturday morning, August 16, 2025.  The online gaming technology provider discovered unauthorized network intrusion attempts that successfully breached their security perimeter, prompting immediate activation of incident response protocols. Key Takeaways1. Bragg Gaming Group experienced a cybersecurity breach with […]

The post Bragg Confirms Cyber Attack – Hackers Accessed Internal IT Systems appeared first on Cyber Security News.