Aggregator

A vulnerability was found in Red Hat Enterprise Linux 6/7/8/9 and classified as critical. Affected by this issue is the function XkbSizeKeySyms of the component X.org X11 Server/TigerVNC. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-26596. An attack has to be approached locally. There is no exploit available.

A vulnerability has been found in Red Hat Enterprise Linux 6/7/8/9 and classified as critical. Affected by this vulnerability is the function XkbVModMaskText of the component X.org X11 Server/TigerVNC. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-26595. The attack needs to be approached locally. There is no exploit available.

A vulnerability, which was classified as critical, was found in Red Hat Enterprise Linux 6/7/8/9. Affected is the function SyncInitTrigger of the component X.org X11 Server/TigerVNC. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-26601. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Red Hat Enterprise Linux 6/7/8/9. This issue affects some unknown processing of the component X.org X11 Server/TigerVNC. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-26594. Attacking locally is a requirement. There is no exploit available.

Критический взгляд на технотриллер Netflix с Робертом Де Ниро.

A vulnerability classified as critical was found in GLPI up to 10.0.17. This vulnerability affects unknown code of the file install/update.php. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-23024. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Avalon Hotel: Beverly Hills, Palm Springs Has Fallen Victim to RansomHub Ransomware

A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /Blood/A-.php. The manipulation of the argument Bloodname leads to cross site scripting. This vulnerability was named CVE-2025-1586. The attack can be initiated remotely. Furthermore, there is an exploit available.

Злоумышленники использовали усовершенствованные инструменты, созданные китайскими разработчиками.

Articles related to cyber risk quantification, cyber risk management, and cyber resilience.

The post What Is Cybersecurity Performance Management? | Kovrr appeared first on Security Boulevard.

A Threat Actor Claims to be Selling a Crypto Payment Gateway

It looks like a very sophisticated attack against the Dubai-based exchange Bybit:

Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it was transferred to one of the exchange’s hot wallets. From there, the cryptocurrency was transferred out of Bybit altogether and into wallets controlled by the unknown attackers.

[…]

…a subsequent investigation by Safe found no signs of unauthorized access to its infrastructure, no compromises of other Safe wallets, and no obvious vulnerabilities in the Safe codebase. As investigators continued to dig in, they finally settled on the true cause. Bybit ultimately said that the fraudulent transaction was “manipulated by a sophisticated attack that altered the smart contract logic and masked the signing interface, enabling the attacker to gain control of the ETH Cold Wallet.”...

The post North Korean Hackers Steal $1.5B in Cryptocurrency appeared first on Security Boulevard.

It's been a while since I've shared an update on the work Sonatype is doing in the open source ecosystem, so I'm excited to share an update on a few things we're doing in the space — and how it led to the creation of a new security standard in the Open Source Security Foundation (OpenSSF).

The post Behind the Baseline: Reflecting on the launch of the Open Source Project Security Baseline appeared first on Security Boulevard.

A sophisticated threat cluster tracked as UAC-0212 has escalated efforts to compromise critical infrastructure systems in Ukraine, according to a recent advisory from CERT-UA (Government Computer Emergency Response Team of Ukraine). These attacks, active since July 2024, focus on energy, water supply, grain logistics, and transportation sectors through coordinated supply-chain compromises. The group employs destructive […]

The post UAC-0212 Hackers Launching Destructive Attack Targeting Critical Infrastructure appeared first on Cyber Security News.

Неужели космические полеты длиной в тысячелетия - не такая уж фантастика?

Cary, NC, Feb. 25, 2025, CyberNewswire — INE, the leading provider of networking and cybersecurity training and certifications, today announced its recognition as an enterprise and small business leader in online course providers and cybersecurity professional development, along with … (more…)

The post News alert: INE secures spot in G2’s 2025 Top 50 education software rankings first appeared on The Last Watchdog.

The post News alert: INE secures spot in G2’s 2025 Top 50 education software rankings appeared first on Security Boulevard.

DISA Global Solutions, a leading US background screening and drug and alcohol testing firm, has suffered a data breach impacting 3.3 million people. [...]

Злоумышленники используют облачные сервисы для скрытой доставки вредоносного кода.

GhostGPT is revolutionizing cybercrime by providing hackers with an AI tool that bypasses ethical guardrails found in mainstream models. Available as little as $150, it enables even novice attackers to generate malicious code, craft phishing emails, and automate social engineering at scale.

The post GhostGPT: An Uncensored AI Chatbot Empowering Cybercriminals appeared first on Security Boulevard.