Aggregator

A vulnerability was found in Yandex Yandex.Server 2010 9.0. It has been rated as problematic. This issue affects some unknown processing of the file Search. The manipulation of the argument text leads to cross site scripting. The identification of this vulnerability is CVE-2012-2941. The attack may be initiated remotely. Furthermore, there is an exploit available.

Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal is to push all users to upgrade to Windows 11, but the company understands that not everybody can do it immediately or even in the next couple of years. ESU for home users “Windows 10 launched in … More →

The post Windows 10: How to get security updates for free until 2026 appeared first on Help Net Security.

Версия 8.8.1 позволяет запускать вредоносные файлы с правами SYSTEM.

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), has released a comprehensive guide titled “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development.” Published in June 2025, this report underscores the critical need to adopt Memory Safe Languages (MSLs) to combat pervasive memory safety vulnerabilities that have long […]

The post CISA Publishes Guide to Address Memory Safety Vulnerabilities in Modern Software Development appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Microsoft Internet Explorer 6/7/8/9/10 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection. This vulnerability is known as CVE-2013-3148. The attack can only be done within the local network. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Psylo обещает нам полную защиту. Насколько оправданна реклама?

A vulnerability, which was classified as problematic, was found in Lenze PLC Designer V4 up to 4.0.0. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information. This vulnerability is uniquely identified as CVE-2025-41647. An attack has to be approached locally. There is no exploit available.

Threat actors are leveraging the soaring popularity of AI tools like ChatGPT and Luma AI to distribute malware through deceptive websites. Zscaler ThreatLabz researchers have uncovered a network of malicious AI-themed sites, often hosted on platforms like WordPress, that exploit Black Hat SEO techniques to poison search engine rankings. These sites appear prominently in search […]

The post Threat Actors Manipulate Search Results, Exploit ChatGPT and Luma AI Popularity to Deliver Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Vincent Hor Calendarix 0.7.2007-03-07 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file calendar.php. The manipulation of the argument ycyear leads to basic cross site scripting. This vulnerability is known as CVE-2007-3182. The attack can be launched remotely. Furthermore, there is an exploit available.

关键词网络攻击2025 年开年以来，微步在线发现并协助处置多起针对央企、医疗机构等的大规模钓鱼诈骗事件。

Продукт SonicWall клонировали настолько точно, что даже его цифровая подпись выглядит легитимно.

NCC Group found that ransomware attacks fell for the third consecutive month in May 2025, despite a surge in incidents impacting retailers

Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of SQL database dumps, characterizing it as an information operation "carried out by Iran and its proxies." "The actors

A vulnerability was found in Microsoft Word and Excel 98 and classified as problematic. This issue affects some unknown processing of the component Field Code Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2002-1143. The attack may be initiated remotely. Furthermore, there is an exploit available.

A critical security vulnerability (CVE-2025-4563) in Kubernetes allows nodes to bypass authorization checks for dynamic resource allocation, potentially enabling privilege escalation in affected clusters. The flaw resides in the NodeRestriction admission controller, which fails to validate resource claim statuses during pod creation when the DynamicResourceAllocation feature is enabled. This oversight permits compromised nodes to create […]

The post Kubernetes NodeRestriction Flaw Lets Nodes Bypass Resource Authorization appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mainline Health Systems disclosed a data breach that impacted over 100,000 individuals. Mainline Health Systems is a nonprofit Federally Qualified Health Center founded in 1978 in Portland, Arkansas, serving Southeast Arkansas . With over 30 locations across multiple counties—including in-school clinics and community centers—it provides comprehensive primary medical, dental, and behavioral health services. The healthcare […]

A vulnerability classified as critical was found in CafeLog B2 0.6.1. This vulnerability affects unknown code of the file b2archives.php. The manipulation of the argument b2inc leads to file inclusion. This vulnerability was named CVE-2007-2290. The attack can be initiated remotely. Furthermore, there is an exploit available.