Aggregator

CISA: Spyware and RATs used to target WhatsApp and Signal Users

Security Affairs
6 months 3 weeks ago
CISA warns that threat actors are actively using commercial spyware and RATs to target users of mobile messaging apps WhatsApp and Signal. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of threat actors using commercial spyware and remote access trojans (RATs) to target users of popular instant messaging applications, including WhatsApp and Signal. […]
Pierluigi Paganini

Microsoft cracks down on malicious meeting invites

Help Net Security
6 months 3 weeks ago

Phishing is shifting into places people rarely check. Meeting invites that plant themselves on calendars can survive long after the malicious email is gone. That leaves a quiet opening for attackers. Microsoft has updated Defender for Office 365 so that security teams can now remove those leftover calendar entries when they perform a Hard Delete. Microsoft also added stronger domain blocking for phishing links. Attackers have been sending harmful meeting invites because Outlook often auto … More →

The post Microsoft cracks down on malicious meeting invites appeared first on Help Net Security.

Sinisa Markovic

How to See Critical Incidents in Alert Overload: A Guide for SOCs and MSSPs 

Anyrun
6 months 3 weeks ago

Alert overload is one of the hardest ongoing challenges for a Tier 1 SOC analyst. Every day brings hundreds, sometimes thousands of alerts waiting to be triaged, categorized, and escalated. Many of them are false positives, duplicates, or low-value notifications that muddy the signal.   When the queue never stops growing, even experienced analysts start losing clarity, missing […]

The post How to See Critical Incidents in Alert Overload: A Guide for SOCs and MSSPs  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

CVE-2025-59538 | argoproj argo-cd up to 2.14.19/3.0.18/3.1.7/3.2.0-rc1 Configuration uncaught exception (GHSA-gpx4-37g2-c8pv / WID-SEC-2025-2251)

Vuldb Updates
6 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in argoproj argo-cd up to 2.14.19/3.0.18/3.1.7/3.2.0-rc1. Affected is an unknown function of the component Configuration Handler. This manipulation of the argument webhook.azuredevops.username/webhook.azuredevops.password causes uncaught exception. This vulnerability is tracked as CVE-2025-59538. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-59537 | argoproj argo-cd up to 1.8.7/2.14.19/3.0.18/3.1.7/3.2.0-rc1 API Request /api/webhook commits[].repo denial of service (GHSA-wp4p-9pxh-cgx2 / WID-SEC-2025-2251)

Vuldb Updates
6 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in argoproj argo-cd up to 1.8.7/2.14.19/3.0.18/3.1.7/3.2.0-rc1. Affected by this vulnerability is an unknown functionality of the file /api/webhook of the component API Request Handler. Such manipulation of the argument commits[].repo leads to denial of service. This vulnerability is listed as CVE-2025-59537. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2025-59531 | argoproj argo-cd up to 1.8.7/2.14.19/3.0.18/3.1.7/3.2.0-rc1 /api/webhook repository.links.clone improper check or handling of exceptional conditions (GHSA-f9gq-prrc-hrhc / WID-SEC-2025-2251)

Vuldb Updates
6 months 3 weeks ago
A vulnerability classified as problematic was found in argoproj argo-cd up to 1.8.7/2.14.19/3.0.18/3.1.7/3.2.0-rc1. Affected by this issue is some unknown functionality of the file /api/webhook. Such manipulation of the argument repository.links.clone leads to improper check or handling of exceptional conditions. This vulnerability is referenced as CVE-2025-59531. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-58057 | Netty netty-codec-compression data amplification (EUVD-2025-26649 / Nessus ID 261547)

Vuldb Updates
6 months 3 weeks ago
A vulnerability was found in Netty. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component netty-codec-compression. Such manipulation leads to highly compressed data. This vulnerability is traded as CVE-2025-58057. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-11756 | Google Chrome up to 141.0.7390.65 Safe Browsing use after free (EUVD-2025-38198 / Nessus ID 270649)

Vuldb Updates
6 months 3 weeks ago
A vulnerability was found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component Safe Browsing. The manipulation results in use after free. This vulnerability is cataloged as CVE-2025-11756. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

流行减肥药未能延缓阿尔茨海默病

Solidot
6 months 3 weeks ago
制药公司诺和诺德(Novo Nordisk)表示,减肥注射剂 Wegovy 的活性成分司美格鲁肽(semaglutide)并不能延缓阿尔茨海默病的发展。在涉及逾 3800 人的大型试验中,已被用于治疗 2 型糖尿病和肥胖症的 GLP-1 药物的效果与安慰剂相差无几。参与试验的患者年龄在 55-85 岁之间,司美格鲁肽治疗改善了阿尔茨海默病相关的生物标志物,但未能延缓疾病的发展。

Managed ad