Aggregator

Forensic investigation has confirmed the use of Paragon's Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe. [...]

AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-352A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Play Ransomware group, identified through FBI investigations as recently as May 2025.

The post Updated Response to CISA Advisory (AA23-352A): #StopRansomware: Play Ransomware appeared first on AttackIQ.

The post Updated Response to CISA Advisory (AA23-352A): #StopRansomware: Play Ransomware appeared first on Security Boulevard.

A dramatic escalation in phishing attacks leveraging Adversary-in-the-Middle (AiTM) techniques has swept across organizations worldwide in early 2025, fueled by the rapid evolution and proliferation of Phishing-as-a-Service (PhaaS) platforms. Sekoia researchers and threat intelligence teams are sounding the alarm as these attacks become more complex, harder to detect, and increasingly effective at bypassing even advanced […]

The post AitM Phishing Attacks on Microsoft 365 and Google Aimed at Stealing Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in GIMP and classified as critical. Affected by this issue is some unknown functionality of the component Despeckle Plugin. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2025-6035. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Absolute Security Secure Access up to 13.53 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-49080. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in GitLab Enterprise Edition up to 17.10.7/17.11.3/18.0.1. Affected is an unknown function of the component IP Access Restriction. The manipulation leads to insufficient granularity of access control. This vulnerability is traded as CVE-2025-5982. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Insyde InsydeH2O. This issue affects some unknown processing of the component UsbCoreDxe. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2024-55567. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in EuroInformation MoneticoPaiement module up to 1.1.0 on PrestaShop. This vulnerability affects unknown code of the file transaction.php. The manipulation of the argument TPE/societe/MAC/reference/aliascb leads to sql injection. This vulnerability was named CVE-2023-45256. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Recently, Google announced that starting August 1, 2025, the Google Chrome browser will no longer trust TLS certificates issued by Chunghwa Telecom and Netlock Certificate Authorities (CAs). According to Google, the decision follows a pattern of compliance failures and a lack of measurable progress in addressing publicly reported issues. Chunghwa Telecom is Taiwan’s largest integrated […]

The post Google Chrome to Distrust Chunghwa Telecom and Netlock Certificate Authorities (CAs)—What’s Next? appeared first on Security Boulevard.

Математики завершили фрагмент программы Гильберта, открытой в 1900 году.

Alleged Data Breach of VYTL-SFT Verahealth Medical Platform

An attack in Asia used a legitimate employee monitoring software that researchers hadn't seen employed by ransomware actors, as well as several other unusual tools.

A critical security vulnerability in OneLogin’s Active Directory (AD) Connector service has exposed enterprise authentication systems to significant risk The flaw, now reportedly fixed, uncovered by SpecterOps allowed malicious actors to obtain authentication credentials, impersonate users, and access sensitive applications through OneLogin’s platform. OneLogin, a prominent identity and access management (IAM) solution, integrates with popular […]

The post OneLogin AD Connector Vulnerabilities Expose Authentication Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Neighbor-Source Heat Pump’ appeared first on Security Boulevard.

Researchers found new evidence of Predator spyware use in Africa, this time in Mozambique.

Впервые человечество увидело, где рождаются разрушительные бури, влияющие на Землю.

Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have discovered. “Proofpoint’s research indicates that while simulated intrusions using TeamFiltration date back nearly to the tool’s initial release in 2021, there has recently been a surge in login attempts associated with its use,” they shared. “This increase in activity, attributed to UNK_SneakyStrike’s ongoing campaign, began in December 2024 and peaked in January 2025. … More →

The post Researchers warn of ongoing Entra ID account takeover campaign appeared first on Help Net Security.

Remote Access Trojans (RATs) like Quasar have been a persistent threat for years, enabling attackers to control infected systems remotely. Recent SANS research has uncovered a new and particularly stealthy Quasar campaign, characterized by strong obfuscation and an innovative anti-sandbox technique. The infection begins with a batch (.bat) script attached to a seemingly harmless document. When […]

The post Threat Actors Using Bat Files to Deploy Quasar RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical has been found in Revenera InstallShield 2021 R2/2022 R2/2023 R2. This affects an unknown part of the component Standalone MSI Setup. The manipulation leads to creation of temporary file in directory with insecure permissions. This vulnerability is uniquely identified as CVE-2024-7562. The attack needs to be approached locally. There is no exploit available.

Cybercriminals have discovered a sophisticated new attack vector that exploits a critical flaw in Discord’s invitation system, allowing them to hijack expired invite links and redirect unsuspecting users to malicious servers hosting advanced malware campaigns. This emerging threat leverages the trusted nature of Discord, a platform used by millions of gamers and communities worldwide, to […]

The post Threat Actors Exploiting Expired Discord Invite Links to Deliver Multi-Stage Malware appeared first on Cyber Security News.