Aggregator

Китай бьёт по свету. По связи. По контролю. И вы узнаете об этом слишком поздно.

CISA released seven Industrial Control Systems (ICS) advisories on July 1, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-182-01 FESTO Didactic CP, MPS 200, and MPS 400 Firmware
• ICSA-25-182-02 FESTO Automation Suite, FluidDraw, and Festo Didactic Products
• ICSA-25-182-03 FESTO CODESYS
• ICSA-25-182-04 FESTO Hardware Controller, Hardware Servo Press Kit
• ICSA-25-182-05 Voltronic Power and PowerShield UPS Monitoring Software
• ICSA-25-182-06 Hitachi Energy Relion 670/650 and SAM600-IO Series
• ICSA-25-182-07 Hitachi Energy MSM 

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

• CVE-2025-48927 TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
• CVE-2025-48928 TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

 

The post Europe’s EUVD could shake up the vulnerability database ecosystem appeared first on Security Boulevard.

Akamai remains committed to supporting our customers’ European digital sovereignty with our suite of robust, secure, and high-performing solutions.

Spain's Guardia Civil and Europol touted an operation that took down an international scheme that lured victims into bogus cryptocurrency investments.

Germany asked Google and Apple to remove DeepSeek AI from their app stores, citing GDPR violations over unlawful data collection and transfers to China. The Berlin Commissioner for Data Protection requested Google and Apple to remove the DeepSeek AI app from their app stores due to GDPR violations. On May 6, 2025, Berlin’s Data Protection Commissioner […]

Introduction You’ve probably seen those little one-time codes pop up when you’re logging into your bank, email, or some app […]

The post How OTP Works (Step-by-Step) — What Really Happens Behind Those One-Time Codes appeared first on Security Boulevard.

Multiple security vulnerabilities in IBM Cloud Pak System enable remote attackers to execute HTML injection attacks, potentially compromising user data and system integrity. These flaws, detailed in recent IBM security bulletins, affect various versions of the platform and expose organizations to cross-site scripting (XSS) and prototype pollution attacks. CVE ID Description CVSS Score CVE-2025-2895 HTML […]

The post IBM Cloud Pak Vulnerabilities Allow HTML Injection by Remote Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for organizations in 2025

The ICC credited its “alert and response mechanisms” for “swiftly” discovering, confirming and containing a cyberattack.

Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company's operations worldwide in September 2023. [...]

Как защита приватности стала оружием против Apple.

“ 情报，这个词汇背后蕴含着广泛而深远的意义。它不仅仅是对外国、敌对或潜在敌对势力或分子的行动进行监控和解读，更是一种对实际或潜在行动地区的深入剖析和解读。

在中东这片风云变幻的土地上，有一个神秘的名字让敌人闻风丧胆，让盟友刮目相看——阿曼。这个希伯来语缩写背后，隐

Microsoft Teams is set to revolutionize workplace collaboration once again, rolling out a highly anticipated feature that enables users to add bots and agents directly within Chats and Channels, without disrupting their ongoing conversations. The update, announced under Message ID MC1093236, marks a significant step towards a more fluid and productive Teams experience. Starting in […]

The post Microsoft Teams Enables In‑Chat Bot & Agent Integration appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent in-depth investigation by Intrinsec has exposed a sprawling network of over 300 cracking websites, orchestrated by Pakistani freelancers, designed to distribute info-stealing malware. These sites, often masquerading as legitimate sources for cracked software, have been identified as a primary vector for stealer compromises, impacting numerous corporate clients worldwide. Unveiling a Vast Network of […]

The post Pakistani Threat Actors Created 300+ Cracking Sites to Distribute Info-Stealing Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Scammers are exploiting Microsoft 365 Direct Send to spoof internal emails targeting US firms bypassing security filters with…

CertiK found $2.47bn in crypto was stolen in H1 2025, largely due to two major security incidents – ByBit and Cetus

Valve 为 Steam 客户端引入了新的游戏性能监视器，除了会像之前的 FPS 计数器那样显示帧率，还可以分别列出由 DLSS 或 FSR 生成的帧和游戏实际的帧率。 它可以显示最小/最大帧率以及帧率随时间变化的图表。 此外，它还会显示 CPU 性能信息、GPU 性能信息和系统内存占用信息。这些数据能帮助玩家了解导致游戏性能低下的原因，判明是 CPU 或 GPU 太慢，还是过高的图形设置导致显卡内存或系统内存不堪重负。玩家可通过设置”->“游戏中”，找到新的“叠加界面性能监视器”。