Aggregator

A vulnerability classified as problematic has been found in Liferay Portal and DXP. Affected by this vulnerability is an unknown functionality of the component Commerce Product Comparison Table Widget. This manipulation causes cross site scripting. This vulnerability appears as CVE-2025-43821. The attack may be initiated remotely. There is no available exploit.

A vulnerability described as critical has been identified in Melis Platform up to 5.3.0. Affected is an unknown function of the file /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm of the component CMS Slider Module. The manipulation of the argument mcsdetail_img results in path equivalence: 'filename....' (multiple trailing dot). This vulnerability is reported as CVE-2025-10353. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability described as critical has been identified in Welcart e-Commerce Plugin up to 2.11.21 on WordPress. This issue affects some unknown processing of the component Cookie Handler. Such manipulation leads to sql injection. This vulnerability is traded as CVE-2025-10649. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in projectworlds Advanced Library Management System 1.0. It has been declared as critical. Affected by this issue is some unknown functionality of the file /view_member.php. Executing manipulation of the argument user_id can lead to sql injection. This vulnerability is tracked as CVE-2025-11475. The attack can be launched remotely. Moreover, an exploit is present.

Cybercriminals are increasingly automating one of the most insidious social engineering exploits—forcing victims to manually execute malware under the guise of browser verification. The newly discovered IUAM ClickFix Generator commoditizes the ClickFix technique into an easy-to-use phishing kit, lowering the barrier for threat actors of all skill levels and enabling widespread deployment of information stealers […]

The post New Phishing Kit Automates ClickFix Attacks to Evade Security Defenses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google has introduced CodeMender, an AI-powered agent designed to automatically detect and patch security flaws in software. Announced on 6 October 2025 by Raluca Ada Popa and Four Flynn, CodeMender represents a major step toward leveraging artificial intelligence for proactive code security. CodeMender builds on Google’s earlier AI research in vulnerability discovery, such as Big Sleep […]

The post Google Unveils CodeMender – An AI Agent That Automatically Fixes Vulnerable Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Пациент Neuralink поделился маленькой, но очень важной победой.

Why you should act now to ensure you meet the new hardware standards, and prioritise security.

In recent weeks, security teams have observed a surge in malvertising campaigns distributing what appears to be a fully functional PDF editor. Dubbed TamperedChef, this malware masquerades as a legitimate application—AppSuite PDF Editor—leveraging convincing advertisements to lure European organizations and individuals into downloading the installer. Once executed, the installer exhibits expected functionalities for nearly two […]

The post TamperedChef Malware as PDF Editor Harvest Browser Credentials and Allows Backdoor Access appeared first on Cyber Security News.

A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT

Palo Alto Networks researchers have discovered and analyzed “IUAM ClickFix Generator”, a phishing kit that allows less skilled attackers to infect unsuspecting users with malware by using the increasingly popular ClickFix social engineering technique. “This tool allows threat actors to create highly customizable phishing pages that mimic the challenge-response behavior of a browser verification page commonly deployed by Content Delivery Networks (CDNs) and cloud security providers to defend against automated threats. The spoofed interface is … More →

The post Researchers uncover ClickFix-themed phishing kit appeared first on Help Net Security.

Walk through CVE-2024-9474, a PAN-OS privilege escalation flaw enabling command injection from admin to root. Includes PwnOS demo, exploitation steps, and defense tips.

Google has introduced CodeMender, a new artificial intelligence-powered agent that automatically enhances software security by identifying and fixing vulnerabilities. This initiative addresses the growing gap between the rapid, AI-assisted discovery of security flaws and the time-consuming manual effort required to patch them. Leveraging advanced AI, CodeMender not only reacts to new threats but also proactively […]

The post Google’s New AI Agent, CodeMender, Automatically Rewrites Vulnerable Code appeared first on Cyber Security News.

ClamAV 1.5.0 is now available with new features that strengthen malware detection in Microsoft Office and PDF documents. This update marks a significant step forward for users who need reliable and thorough scanning of encrypted files and embedded links. Alongside improved file checks, the release also adds support for external signature verification, flexible hashing options, […]

The post ClamAV 1.5.0 Released with Enhanced MS Office and PDF File Verification appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In cybersecurity, time is scarce, talent is scarce, and certainty is scarce. That’s why efficiency has quietly become the most valuable currency inside the security operations center (SOC). Enterprise Strategy Group (ESG) research found that 53 percent of organizations say network detection and response (NDR) has...

We’re excited to share that Realm Security has raised a $15M Series A, just 12 months after our $5M seed round. We wouldn’t be here without our customers, our team, and our partners. Thank you for believing in what we’re building and for pushing us to make security data smarter, faster, and more useful every day.

The post We Raised $15M to Build the Future of Security Data appeared first on Realm.Security.

The post We Raised $15M to Build the Future of Security Data appeared first on Security Boulevard.

The rapid adoption of generative AI (GenAI), especially large language model (LLM) chatbots, has revolutionized customer engagement by delivering unparalleled efficiency and personalization. Yet, with this transformative power comes an equally formidable risk: adversaries are increasingly weaponizing AI applications to gain unauthorized access to critical systems. A compromised chatbot can morph from a helpful assistant […]

The post AI Chatbot Exploited as a Backdoor to Access Sensitive Data and Infrastructure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

OpenAI has taken decisive action to stop misuse of its ChatGPT models by banning accounts tied to a group of Chinese hackers. This move reflects OpenAI’s core aim to ensuring artificial general intelligence benefits everyone. By setting clear rules and acting swiftly on policy violations, OpenAI hopes to keep AI tools safe and accessible for […]

The post OpenAI Blocks ChatGPT Accounts Linked to Chinese Hackers Developing Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.