Aggregator

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

The breach of Tehran-based security contractor Amnban has ripped the cover off a multi-year espionage program that quietly burrowed into airline reservation systems across Africa, Europe, and the Middle East. Internal documents and screen-captured videos obtained by investigatory journalist Nariman Gharib reveal methodical reconnaissance of Royal Jordanian, Turkish Airlines, Wizz Air, Qatar Airways and more, […]

The post Iran’s Cyber Actors Attacking Global Airlines to Exfiltrate Sensitive Data appeared first on Cyber Security News.

You must login to view this content

You must login to view this content

Apache Jena has disclosed two significant security vulnerabilities affecting versions through 5.4.0, prompting an immediate upgrade recommendation to version 5.5.0.  Both CVE-2025-49656 and CVE-2025-50151, announced on July 21, 2025, represent important severity flaws that exploit administrative access to compromise server file system integrity.  Key Takeaways1. Apache Jena through v5.4.0 has two vulnerabilities (CVE-2025-49656, CVE-2025-50151).2. Exploit […]

The post Apache Jena Vulnerability Leads to Arbitrary File Access or Manipulation appeared first on Cyber Security News.

The threat actor group LARVA-208, notorious for phishing attacks and social engineering against English-speaking IT staff, has pivoted to targeting Web3 developers. Employing spearphishing links (T1566.002), the group lures victims with fabricated job offers or portfolio review requests, directing them to counterfeit AI workspace platforms. These deceptive sites, such as the domain norlax.ai (T1583.001), mimic […]

The post New Web3 Phishing Scam Uses Fake AI Platforms to Steal Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The UK government has announced comprehensive measures to tackle ransomware attacks, with public sector organizations and critical national infrastructure operators facing an outright ban on paying ransom demands to cyber criminals.  This landmark decision, supported by nearly three-quarters of consultation respondents, represents a strategic shift toward disrupting the lucrative business model that drives Advanced Persistent […]

The post UK Confirms Ban of Ransomware Payments to Public and Critical National Infrastructure Sectors appeared first on Cyber Security News.

Private companies would also have to report to the government if they plan to pay off cybercriminals.

The post UK moves to ban public sector organizations from making ransom payments appeared first on CyberScoop.

Cybersecurity researchers have provided insight into a persistent threat cluster linked to the well-known North Korean state-sponsored hacker outfit Lazarus, according to a comprehensive analysis published in March by Sekoia’s Threat Detection and Response (TDR) team. Dubbed “ClickFake Interview,” this operation represents an evolution of the group’s long-running “Contagious Interview” campaign, which has been targeting […]

The post ClickFake Interview Attack Leverages ClickFix Technique to Deploy GolangGhost Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A significant vulnerability in ETQ Reliance quality management software allows attackers to gain full administrative access by simply adding a single space character to a login attempt.  The flaw, tracked as CVE-2025-34143, represents one of the most unusual authentication bypass vulnerabilities discovered in enterprise software, requiring no sophisticated techniques, just typing “SYSTEM ” (with a […]

The post ETQ Reliance RCE Vulnerability Enables Full SYSTEM Access Just by Typing a Single Space appeared first on Cyber Security News.