Aggregator

A vulnerability classified as critical was found in Ncrypted NCT Jobs Portal Script. Affected by this vulnerability is an unknown functionality of the file admin_login.php. Such manipulation of the argument passwd leads to sql injection. This vulnerability is documented as CVE-2010-1604. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as problematic has been found in Newanz NewsOffice 2.0.18. This vulnerability affects unknown code of the file news_show.php. Performing manipulation of the argument n-cat results in cross site scripting. This vulnerability was named CVE-2010-2844. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in Digitalworkroom CMS Digital Workroom 5.5.0 and classified as problematic. Affected by this issue is some unknown functionality of the file netautor/napro4/home/login2.php. Executing manipulation of the argument goback can lead to cross site scripting. The identification of this vulnerability is CVE-2010-3489. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Ncrypted NCT Jobs Portal Script. This affects an unknown part of the file admin_login.php. Executing manipulation of the argument passwd can lead to cross site scripting. This vulnerability appears as CVE-2010-1606. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Galaxyscriptz MyPhpAuction 2010. Affected by this vulnerability is an unknown functionality of the file product_desc.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2010-4860. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in Squiz MySource Matrix 3.28.3. It has been classified as problematic. Affected by this issue is some unknown functionality of the file char_map.php. Performing manipulation of the argument width results in cross site scripting. This vulnerability is reported as CVE-2010-4901. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A sophisticated phishing campaign has emerged targeting job seekers through fake Google career recruitment opportunities, leveraging social engineering tactics to harvest Gmail credentials and personal information. The malicious operation exploits the trust associated with Google’s brand reputation, crafting convincing recruitment emails that direct victims to fraudulent login portals designed to capture authentication details. The attack […]

The post Hackers Posing as Google Careers Recruiter to Steal Gmail Login Details appeared first on Cyber Security News.

A vulnerability labeled as critical has been found in Red Hat Enterprise Linux 6/7/8/9/10. The affected element is an unknown function of the component FreeIPA. Such manipulation leads to insufficient granularity of access control. This vulnerability is referenced as CVE-2025-7493. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, was found in str4d ed25519-java up to 0.3.0. This impacts an unknown function of the component EdDSA. The manipulation results in improper verification of cryptographic signature. This vulnerability is identified as CVE-2020-36843. The attack is only possible with local access. There is not any exploit available.

一种新型Android银行木马Klopatra已感染超3000台设备，主要集中在西班牙和意大利。该木马利用隐藏VNC远程控制设备，并通过动态覆盖窃取凭证进行欺诈交易。其结合原生库和商业级代码保护工具Virbox，极大提升了隐蔽性和抗分析能力。攻击者通过伪装成IPTV应用的分发器请求未知来源安装权限后释放主载荷。该恶意软件还滥用Android访问服务执行恶意操作，并通过VNC隐藏恶意活动。

A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in late August 2025, said it leverages Hidden Virtual Network Computing (VNC) for remote control of infected devices and

Microsoft is actively investigating and addressing widespread errors preventing users from accessing their mailboxes on Outlook.com. The company has been providing regular updates throughout the day, indicating that targeted infrastructure restarts are gradually restoring service. The issue, which began early on October 1, 2025, affects users attempting to log in or access their emails via […]

The post Microsoft Investigating Widespread Outlook.com Outage Preventing Users from Accessing Mailbox appeared first on Cyber Security News.

Security researchers have uncovered a new macOS malware campaign in which threat actors are abusing Extended Validation (EV) code-signing certificates to distribute completely undetectable (FUD) disk image (DMG) payloads. While EV certificate abuse has long plagued the Windows ecosystem, its expansion into macOS malware marks a significant escalation in code-signing exploitation. A fresh DMG sample […]

The post Hackers Abuse EV Certificates to Sign Completely Undetectable DMG Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The NCA warns that house buyers could face losses of over £80,000 from a type of BEC called payment diversion fraud

Анализ F6: что на самом деле угрожает российскому бизнесу в киберпространстве.

文章介绍了curl项目如何通过脚本自动化维护详细的发布说明文档，包括收集贡献者信息、统计代码变更等步骤，以确保文档清晰、完整并及时更新。

文章探讨了如何通过优化训练参数和路由策略来提升AI模型的效率与性能，特别是在预训练语言模型和few-shot学习场景中实现高效微调。

Threat Actor Shifts From Targeting Exchange to Databases
A Chinese cyberespionage threat actor with a history of hacking Microsoft Exchange to spy on geopolitical events including summits in Africa, the Middle East and Asia, has shifted its attention to targeting databases, say researchers.

Medication Tech Firm Says Hacking Incident Contained to One Employee Email Account
A Florida firm that offers medication therapy management services to health plans is notifying nearly 150,000 individuals that their information was potentially compromised in a phishing attack affecting one employee's email account for only about an hour. Why do users still fall for phishing scams?