Aggregator

Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge

Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns. Meta will start training its AI models using public data from adults in the EU, after pausing the plan last year over data protection concerns raised by Irish regulators. In June 2024, […]

Microsoft Teams users across the globe are experiencing significant disruptions in file-sharing capabilities due to an unexpected outage, impacting workplace communication and collaboration. A wave of reports began surfacing from organizations and individuals unable to share files within Microsoft Teams—the popular collaboration platform used by businesses, schools, and organizations worldwide. Users attempting to send or […]

The post Microsoft Teams File Sharing Unavailable Due to Unexpected Outage appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens. The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange Trading),

A vulnerability was found in PeerTube up to 7.1.0. It has been declared as problematic. This vulnerability affects unknown code of the component REST API. The manipulation leads to improper ownership management. This vulnerability was named CVE-2025-32945. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PeerTube up to 7.1.0. It has been classified as problematic. This affects an unknown part of the component ActivityPub Protocol. The manipulation leads to improper ownership management. This vulnerability is uniquely identified as CVE-2025-32946. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PeerTube up to 7.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component yauzl Library. The manipulation leads to uncaught exception. This vulnerability is handled as CVE-2025-32944. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 137.0.1 and classified as problematic. Affected by this vulnerability is the function nsHttpTransaction. The manipulation leads to race condition. This vulnerability is known as CVE-2025-3608. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

GL-iNet 路由器 CVE-2024-39226经典路由器漏洞复现

Скоро он узнает о ней всё, а вы так и не спросите «Как дела?»

Highlights Introduction Starting in January 2025, Check Point Research (CPR) has been tracking a wave of targeted phishing attacks aimed at European governments and diplomats. The Techniques, Tactics and Procedures (TTPs) observed in this campaign align with the WINELOADER campaigns, which were attributed to APT29, a Russia linked threat group. APT29, also commonly referred to as Midnight Blizzard […]

The post Renewed APT29 Phishing Campaign Against European Diplomats appeared first on Check Point Research.

In this ExecBrief, we unpack what economists are getting right (and wrong) about AI and workplace productivity in current times.

The post PinnacleOne ExecBrief | Economists on AI & Workplace Productivity appeared first on SentinelOne.

Why Comprehensive API Discovery Requires Both Domain-Based and Runtime Techniques The API attack surface is growing—and adversaries know it. Moving to the cloud, DevOps, and application modernization all lead to the proliferation of APIs. Resulting shadow APIs, deprecated endpoints, undocumented integrations, and increasing use of AI provide ideal entry points for attackers. Securing APIs starts […]

The post Why Comprehensive API Discovery Requires Both Domain-Based and Runtime Techniques appeared first on Cequence Security.

The post Why Comprehensive API Discovery Requires Both Domain-Based and Runtime Techniques appeared first on Security Boulevard.

ConnectSecure announced its new Google Workspace Assessments. This new capability enhances ConnectSecure’s vulnerability platform by empowering MSPs to assess, detect, and mitigate risks within their clients’ Google Workspace environments. With this addition, ConnectSecure expands its cloud assessment capabilities beyond Microsoft 365, offering broader protection across key collaboration platforms. As cloud adoption accelerates, the need for visibility and control over third-party platforms has never been greater. With the new Google Workspace Assessments, MSPs can now identify … More →

The post ConnectSecure empowers MSPs to mitigate risks within their clients’ Google Workspace environments appeared first on Help Net Security.

If you’ve followed Part 1 and Part 2 of this series, you already know one of the biggest takeaways from our inbox-level research: Credential phishing is consistently one of the most-missed types of attacks.

The post SEGs and Credential Phishing (Part 3) appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, was found in gorilla csrf. Affected is an unknown function of the component Referer Validator. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-24358. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

AASF Open Letter for Professor XiaoFeng Wang

AASF Open Letter for Professor XiaoFeng Wang

A vulnerability, which was classified as problematic, has been found in WPJobBoard Plugin up to 5.11.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-30965. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.