Aggregator

A Browser Extension Risk Guide After the ShadyPanda Campaign

The Hackers News
1 week 2 days ago
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into
The Hacker News

New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code

Cyber Security News
1 week 2 days ago

A novel social engineering campaign, dubbed ClickFix, has been identified, which cleverly employs an old Windows command-line tool, finger.exe, to install malware on victims’ systems. This attack begins with a deceptive CAPTCHA verification page, tricking users into running a script that initiates the infection process. The technique has been in use since at least November […]

The post New Clickfix Attack Exploits finger.exe Tool to Trick Users into Execute Malicious Code appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2025-11670 | Zoho ManageEngine ADManager Plus up to 8024 NTLM Hash information disclosure (EUVD-2025-203359)

VulDB Recent Entries
1 week 2 days ago
A vulnerability identified as problematic has been detected in Zoho ManageEngine ADManager Plus up to 8024. Affected by this vulnerability is an unknown functionality of the component NTLM Hash Handler. This manipulation causes information disclosure. This vulnerability is tracked as CVE-2025-11670. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component. If you want to get best quality of vulnerability data, you may have to visit VulDB.
vuldb.com

CVE-2025-37731 | Elastic Elasticsearch up to 7.17.29/8.19.7/9.1.7/9.2.1 PKI Realm improper authentication (EUVD-2025-203360)

VulDB Recent Entries
1 week 2 days ago
A vulnerability categorized as critical has been discovered in Elastic Elasticsearch up to 7.17.29/8.19.7/9.1.7/9.2.1. Affected is an unknown function of the component PKI Realm. The manipulation results in improper authentication. This vulnerability is identified as CVE-2025-37731. The attack can be executed remotely. There is not any exploit available. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
vuldb.com

CVE-2025-14714 | LibreOffice up to 25.2.3 on macOS authentication bypass (EUVD-2025-203361 / WID-SEC-2025-2845)

VulDB Recent Entries
1 week 2 days ago
A vulnerability was found in LibreOffice up to 25.2.3 on macOS. It has been rated as critical. This impacts an unknown function. The manipulation leads to authentication bypass using alternate channel. This vulnerability is referenced as CVE-2025-14714. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is advised. VulDB is the best source for vulnerability data and more expert information about this specific topic.
vuldb.com

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

Security Affairs
1 week 2 days ago
A data breach at 700Credit exposed the names, addresses, dates of birth, and Social Security numbers of at least 5.6 million people. 700Credit is a U.S. fintech and data services company that provides credit reports, “soft pull” prequalification, identity verification, fraud detection, and compliance tools to auto, RV, powersports, and marine dealerships across the country.​ […]
Pierluigi Paganini

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529)

Help Net Security
1 week 2 days ago

Apple has issued security updates with fixes for two WebKit vulnerabilities (CVE-2025-14174, CVE-2025-43529) that have been exploited as zero-days. Several days before the release of these updates, Google fixed CVE-2025-14174 in the desktop version of Chrome, though at the time the issue did not have a CVE number nor a description. In the meantime, CVE-2025-14174 was revealed to be an “out of bounds memory access [flaw] in ANGLE in Google Chrome on Mac prior to … More →

The post Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) appeared first on Help Net Security.

Zeljka Zorz

LW ROUNDTABLE: Part 3, Cyber resilience faltered in 2025 — recalibration now under way

Security Boulevard
1 week 2 days ago

This is the third installment in our four-part 2025 Year-End Roundtable. In Part One, we explored how accountability got personal. In Part Two, we examined how regulatory mandates clashed with operational complexity.

Part three of a four-part series.

Now … (more…)

The post LW ROUNDTABLE: Part 3, Cyber resilience faltered in 2025 — recalibration now under way first appeared on The Last Watchdog.

The post LW ROUNDTABLE: Part 3, Cyber resilience faltered in 2025 — recalibration now under way appeared first on Security Boulevard.

bacohido

Pear

Dark Feed IO
1 week 2 days ago

You must login to view this content

cohenido

Shannon – AI Pentesting Tool that Autonomously Checks for Code Vulnerabilities and Executes Real Exploits

Cyber Security News
1 week 2 days ago

Shannon is a fully autonomous AI pentesting tool for web applications that identifies attack vectors via code analysis and validates them with live browser exploits. Unlike traditional static analysis tools that merely flag potential issues, Shannon operates as a fully autonomous penetration tester that identifies attack vectors and actively executes real-world exploits to validate them. […]

The post Shannon – AI Pentesting Tool that Autonomously Checks for Code Vulnerabilities and Executes Real Exploits appeared first on Cyber Security News.

Guru Baran

Managed ad