Alleged Sale of Premium Cross-Platform RCS Exploit Chain Targeting Windows, Android, and macOS
Alleged Sale of Premium Cross-Platform RCS Exploit Chain Targeting Windows, Android, and macOS
Aggregator
CVE-2025-51630 | TOTOLINK N350RT 9.3.5u.6139_B20201216 setIpPortFilterRules ePort buffer overflow (EUVD-2025-21773)
1 week 3 days ago
A vulnerability classified as critical was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This vulnerability affects the function setIpPortFilterRules. The manipulation of the argument ePort leads to buffer overflow.
This vulnerability was named CVE-2025-51630. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-40924 | HAARG Catalyst::Plugin::Session up to 0.43 on Perl rand generation of predictable numbers or identifiers (EUVD-2025-21775)
1 week 3 days ago
A vulnerability classified as problematic has been found in HAARG Catalyst::Plugin::Session up to 0.43 on Perl. This affects the function rand. The manipulation leads to generation of predictable numbers or identifiers.
This vulnerability is uniquely identified as CVE-2025-40924. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53909 | mailcow-dockerized 2024-07 special elements used in a template engine (EUVD-2025-21774)
1 week 3 days ago
A vulnerability was found in mailcow-dockerized 2024-07. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper neutralization of special elements used in a template engine.
This vulnerability is handled as CVE-2025-53909. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Armenian Hacker Extradited to U.S. After Ransomware Attacks on Tech Firms
1 week 3 days ago
An Armenian national has been extradited from Ukraine to the United States to face federal charges for his alleged involvement in a series of Ryuk ransomware attacks and an extortion conspiracy that targeted U.S. companies, including a technology firm in Oregon. Karen Serobovich Vardanyan, 33, was extradited to the U.S. on June 18, 2025, and […]
The post Armenian Hacker Extradited to U.S. After Ransomware Attacks on Tech Firms appeared first on Cyber Security News.
Guru Baran
Akira
1 week 3 days ago
You must login to view this content
cohenido
CVE-2025-53927 | MaxKB up to 1.x shutil.copy2 code injection (EUVD-2025-21772)
1 week 3 days ago
A vulnerability was found in MaxKB up to 1.x. It has been declared as critical. Affected by this vulnerability is the function shutil.copy2. The manipulation leads to code injection.
This vulnerability is known as CVE-2025-53927. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Akira
1 week 3 days ago
You must login to view this content
cohenido
Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner
1 week 3 days ago
Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys.
The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution.
"The attacker leverages
The Hacker News
SquareX Collaborates With Top Fortune 500 CISOs To Launch The Browser Security Field Manual At Black Hat
1 week 3 days ago
Palo Alto, California, July 17th, 2025, CyberNewsWire SquareX announced the official launch of The Browser Security Field Manual at Black Hat USA 2025. In addition to a comprehensive practical guide to the latest TTPs attackers are using to target employees in the browser, this comprehensive manual features industry perspectives from leading CISOs from multiple Fortune […]
The post SquareX Collaborates With Top Fortune 500 CISOs To Launch The Browser Security Field Manual At Black Hat appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
CyberNewswire
90 суток без сна и топлива. Этот дрон будет фиксировать с высоты каждый ваш шаг
1 week 3 days ago
Если Skydweller поднялся — он не вернётся, пока не увидит всё, что хотел.
Chinese State-Sponsored Hackers Target Semiconductor Industry with Weaponized Cobalt Strike
1 week 3 days ago
Proofpoint Threat Research has identified a sophisticated multi-pronged cyberespionage campaign targeting Taiwan’s semiconductor industry between March and June 2025. Three distinct Chinese state-sponsored threat actors, designated as UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp, conducted coordinated phishing operations against organizations spanning semiconductor manufacturing, design, testing, supply chain entities, and financial investment analysts specializing in the Taiwanese semiconductor market. […]
The post Chinese State-Sponsored Hackers Target Semiconductor Industry with Weaponized Cobalt Strike appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
Why Cybersecurity Still Matters for America's Schools
1 week 3 days ago
Cyberattacks on educational institutions are growing. But with budget constraints and funding shortfalls, leadership teams are questioning whether — and how — they can keep their institutions safe.
Chester Moyer
UK Retailer Co-op Confirms 6.5 Million Members’ Data Stolen in Massive Cyberattacks
1 week 3 days ago
Co-op has confirmed that all 6.5 million members of the UK retail cooperative had their personal data compromised during a sophisticated cyberattack in April. The breach, which affected names, addresses, and contact information, represents one of the largest data exfiltrations in recent UK retail history. Key Takeaways1. 6.5 million Co-op members' personal data stolen in […]
The post UK Retailer Co-op Confirms 6.5 Million Members’ Data Stolen in Massive Cyberattacks appeared first on Cyber Security News.
Kaaviya
UK NCA officer jailed for stealing bitcoin from darknet criminal he previously helped investigate
1 week 3 days ago
A former National Crime Agency investigator who worked on the Silk Road case was sentenced to more than five years in prison for stealing 50 bitcoins seized in that operation.
Elite Russian university launches degree program on sanctions evasion
1 week 3 days ago
The Higher School of Economics (HSE), a leading Russian institution, said the two-year course will focus on international corporate compliance and business ethics, and will be taught in both Russian and English.
CVE-2025-5346 | Bluebird kr.co.bluebird.android.bbsettings up to 1.3.2 kr.co.bluebird.android.bbsettings.BootReceiver improper export of android application components
1 week 3 days ago
A vulnerability was found in Bluebird kr.co.bluebird.android.bbsettings up to 1.3.2. It has been classified as problematic. Affected is an unknown function of the component kr.co.bluebird.android.bbsettings.BootReceiver. The manipulation leads to improper export of android application components.
This vulnerability is traded as CVE-2025-5346. Local access is required to approach this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-5345 | Bluebird com.bluebird.filemanagers up to 1.3.5/1.4.4 improper export of android application components
1 week 3 days ago
A vulnerability was found in Bluebird com.bluebird.filemanagers up to 1.3.5/1.4.4 and classified as problematic. This issue affects some unknown processing of the component com.bluebird.system.koreanpost.IsdcardRemoteService. The manipulation leads to improper export of android application components.
The identification of this vulnerability is CVE-2025-5345. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-5344 | Bluebird com.bluebird.kiosk.launcher up to 1.1.1 improper export of android application components
1 week 3 days ago
A vulnerability has been found in Bluebird com.bluebird.kiosk.launcher up to 1.1.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper export of android application components.
This vulnerability was named CVE-2025-5344. The attack needs to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Microsoft Edge security advisory (AV25-430)
1 week 3 days ago
Canadian Centre for Cyber Security