Aggregator

A vulnerability was found in Fave Themes Homey Plugin up to 2.4.3 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation of the argument verification_id leads to authentication bypass using alternate channel. This vulnerability is traded as CVE-2025-0749. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Google ChromeOS 123.0.6312.112 and classified as critical. This issue affects some unknown processing of the component Installer. The manipulation leads to Local Privilege Escalation. The identification of this vulnerability is CVE-2025-1121. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts. The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant to

A vulnerability has been found in Microsoft HoloLens up to 10.0.22621.1244 and classified as critical. This vulnerability affects unknown code of the component Pairing Request. The manipulation leads to allocation of resources. This vulnerability was named CVE-2024-57972. The attack needs to be initiated within the local network. There is no exploit available.

In this Help Net Security video, John Grancarich, Fortra’s Chief Strategy Officer, discusses the 2025 Fortra State of Cybersecurity Survey and highlights escalating concerns among security professionals about AI-driven threats and a shortage of cybersecurity skills. The survey reveals that 83% of organizations identify phishing and smishing as top security risks, with 50% expressing increased unease over evolving technologies like generative AI. To combat these challenges, 77% of respondents plan to focus on identifying and … More →

The post AI threats and workforce shortages put pressure on security leaders appeared first on Help Net Security.

Как схема заработка Pay-Per-Click превращается в Click-To-Hack.

No, But It Will Shift Their Focus to More Strategic and Creative Roles
Artificial intelligence is reshaping cybersecurity workflows, automating tasks and enhancing efficiency. But does that mean security professionals are at risk of being replaced? Not quite. AI is redefining roles, rather than eliminating them, to focus more on strategic thinking and problem-solving.

Legacy apps and medical devices continue to pose persistent and considerable risk to healthcare IT environments, and many organizations are still unaware of their prevalence in their settings, said Keith Fricke, partner and principal consultant at tw-Security, who discusses mitigation steps to take.

State privacy laws, such as Washington State's My Health My Data Act, could throw a curve ball in the use of certain consumer information for artificial intelligence and machine learning endeavors, said regulatory attorney Adam Greene of the law firm Davis Wright Tremaine.

Also: BianLian Ransomware Hackers Aren't Really Mailing You
This week, the U.S. sanctioned the Nemesis admin, Poco RAT spotted in Latin America, Apple challenged a British order to weaken encryption and the FBI warned against scam letters purportedly from BianLian. Also, a Nigerian tax scammer extradited to the U.S., a new botnet and a Webex vulnerability.

Trump's Former Cybersecurity Coordinator Says DOGE Firings Threaten Cybersecurity
Mass firings of federal probationary civil servants instigated by the Department of Government Efficiency will "destroy a pipeline of top talent," said Rob Joyce, a long-time National Security Agency official.

Armis' Purchase of Otorio Enhances On-Prem Security, Active Querying and Compliance
Armis' acquisition of Otorio for $120 million strengthens its on-premises operational technology security capabilities. The deal expands Armis' ability to serve air-gapped and compliance-driven industries while integrating secure remote access and active querying into its security platform.

Probe Into Microsoft's $13 Billion OpenAI Investment Launched in 2023
The U.K. antitrust regulator won't open an investigation into a partnership between computing giant Microsoft and artificial intelligence company OpenAI. U.K. Competition Market Authority concludes that there is no "relevant merger situation."

Hitachi Energyが提供する複数の製品には、複数の脆弱性が存在します。

A vulnerability, which was classified as critical, was found in libxlsv 1.6.2. Affected is the function transcode_latin1_to_utf8 of the file xlstool.c of the component XLS File Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2023-38854. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in NICMx Fort up to 1.6.4. This affects an unknown part of the component Manifest Handler. The manipulation of the argument manifestNumber/thisUpdate leads to incorrect comparison. This vulnerability is uniquely identified as CVE-2024-56170. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in stb_image and classified as problematic. This vulnerability affects the function stbi__gif_load_next of the component Image Handler. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2023-45661. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in rbenv. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2017-1000047. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in GnuPG up to 2.2.17. This affects an unknown part of the component SHA1 Handler. The manipulation as part of Certificate leads to risky cryptographic algorithm. This vulnerability is uniquely identified as CVE-2019-14855. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MongoDB C Driver, PHP Driver, Swift Driver, Node.js Driver and C++ Driver. It has been classified as problematic. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2021-32050. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.