Aggregator

Проверка на устойчивость закончилась падением на ровном месте.

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim's contacts list. "Recent

A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-5521. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A high-severity denial-of-service (DoS) vulnerability (CVE-2025-48866) has been identified in ModSecurity’s Apache module (mod_security2), threatening web application firewall stability. Rated 7.5/10 on the CVSS scale, this flaw enables attackers to crash servers by exploiting argument sanitization logic, with patches now available in version 2.9.10. Sanitisation Logic Flaw The vulnerability stems from ModSecurity’s sanitiseArg action, designed […]

The post New ModSecurity WAF Vulnerability Enables Attackers to Crash Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

第十届“创客中国”网络安全中小企业创新创业大赛启动仪式5月30日在四季青镇成功举办。

安全团队46%时间用于维护安全工具，但66%企业去年仍遭数据泄露。

根据发表在《New England Journal of Medicine》期刊上的一项研究，锻炼能显著降低结肠癌的复发和死亡风险。相比不要求运动的对照组，锻炼组的结肠癌复发、新发癌症或八年内死亡的风险降低了 28%。研究人员发现，锻炼的好处在一年之后就体现出来了，并且会随着时间的推移而加强。在锻炼组中，无癌症复发的五年生存率达到 80.3%，对照组为 73.9%。锻炼组八年总生存率 90.3%，对照组 83.2%。研究期间锻炼组死亡 41 人，对照组死亡 66 人。锻炼组参与者可以进行任何喜欢的休闲有氧运动。他们的运动量并不高，每周三到四次 45-60 分钟的快走或三到四次 25-30 分钟的慢跑，这些就足以提高他们的生存率。

Submit #584636 / VDB-310957

2025年05月26日-2025年06月01日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为高。国家

A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. This vulnerability is traded as CVE-2025-5520. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893.

A vulnerability was found in PowerPortal 1.1b/1.3/1.3b. It has been classified as problematic. This affects an unknown part of the file modules/private_messages/index.php. The manipulation leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2004-2514. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A sophisticated new ransomware strain dubbed “Lyrix” has emerged in the cyberthreat landscape, targeting Windows systems with an arsenal of advanced evasion techniques that have caught the attention of security researchers worldwide. The malware represents a significant evolution in ransomware development, incorporating machine learning-based detection avoidance and novel persistence mechanisms that challenge traditional security approaches. […]

The post New Lyrix Ransomware Attacking Windows Users With New Evasion Tactics appeared first on Cyber Security News.

美国网络司令部的网络防御部门正式升级为次级统一司令部

地方医疗机构泄露210万患者数据，赔偿超8200万元

Submit #582269 / VDB-310956

Currently trending CVE - Hype Score: 20 - CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.

Currently trending CVE - Hype Score: 20 - A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql injection. It is possible ...

A vulnerability, which was classified as critical, has been found in Agares Media Arcadem 2.04. Affected by this issue is some unknown functionality of the file frontpage_right.php. The manipulation of the argument loadadminpage leads to code injection. This vulnerability is handled as CVE-2007-6542. The attack may be launched remotely. Furthermore, there is an exploit available.

За дверями ведомства появился невидимый игрок, чьи решения удивляют даже ветеранов индустрии.

DarkCloud Stealer是一款由vc6编写信息窃取程序，本文对其一个样本进行分析后发现，攻击者通过多重内存反射加载试图绕过杀软。