Aggregator

Теперь злоумышленникам не нужен пароль — достаточно одного скрытого запроса.

Верификация участников звонка теперь основана на визуальной хэш-компарации эмодзи.

Доверие к привычным программам подорвано: что теперь считать безопасным?

In this Help Net Security interview, Steven Furnell, Professor of Cyber Security at the University of Nottingham, illustrates how small and medium-sized businesses (SMEs) must reassess their risk exposure and prioritize resilience to safeguard their long-term growth and stability. Learn how SMEs can better protect themselves, adapt to regulations, and build stronger cyber resilience. Where do you see SMEs most vulnerable? Is it still phishing and ransomware, or are there more nuanced threats emerging? Phishing … More →

The post Why SMEs can no longer afford to ignore cyber risk appeared first on Help Net Security.

SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-44221 (CVSS score: 7.2) - Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to

Злоумышленники используют «пуленепробиваемый» хостинг для долгосрочного присутствия в сетях.

Commvault, a global leader in data protection and information management, has confirmed that a sophisticated cyberattack involving a zero-day vulnerability breached its Azure cloud environment earlier this week. The breach, attributed to a suspected nation-state threat actor, underscores the evolving risks faced by cloud service providers and their clients. On February 20, 2025, Commvault was […]

The post Commvault Confirms Zero-Day Attack Breached Its Azure Cloud Environment appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Machine identities are multiplying fast, and many organizations are struggling to keep up. In this Help Net Security interview, Wendy Wu, CMO at SailPoint, explains why machine identity security matters, where most companies go wrong, how automation can help, and what the rise of AI agents means for the future of identity management. Why has machine identity security become such a critical component of cybersecurity strategies in recent years? The simplest answer is that while … More →

The post Preparing for the next wave of machine identity growth appeared first on Help Net Security.

Lantronixが提供するXportには、重要な機能に対する認証の欠如の脆弱性が存在します。

The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains associated with the notorious LabHost phishing-as-a-service (PhaaS) platform. This operation, which spanned from November 2021 through April 2024, was recently disabled by law enforcement and had enabled cybercriminals to target millions of victims worldwide. LabHost: A Major Player in Cybercrime LabHost, […]

The post FBI Uncovers 42,000 Phishing Domains Tied to LabHost PhaaS Operation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Почему холодный расчёт оказался менее прибыльным, чем тёплый приём?

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. GoSearch: Open-source OSINT tool for uncovering digital footprints GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms. Hawk Eye: Open-source scanner uncovers secrets and PII across platforms Hawk Eye is an open-source tool that helps … More →

The post Hottest cybersecurity open-source tools of the month: April 2025 appeared first on Help Net Security.

Burp测试结果 上一篇中，因Burp不支持配置交互登录，笔者在本地启动一个代理，注入cookie，

Burp测试结果 上一篇中，因Burp不支持配置交互登录，笔者在本地启动一个代理，注入cookie，

Его бизнес не имел адреса, но приносил миллионы долларов каждую неделю.

A vulnerability, which was classified as problematic, has been found in CheckBot Plugin up to 1.05 on WordPress. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-43840. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in GStreamer. This vulnerability affects unknown code. The manipulation leads to permission issues. This vulnerability was named CVE-2025-2759. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability classified as problematic has been found in Best Posts Summary Plugin up to 1.0 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-39374. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in GStreamer. It has been rated as critical. Affected by this issue is some unknown functionality of the component H265 Codec Parser. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-3887. The attack may be launched remotely. There is no exploit available.