Aggregator

Шизофрения? Аутизм? Держитесь.

The dating safety app Tea was hacked, leaking images, posts, and comments of thousands of users who shared anonymous “red flag” reports on men. Tea is a women-only dating safety app launched in 2023 that lets users assess and review potential partners using real-time safety tools, not matchmaking. The app has over 1.6 million members […]

Scattered Spider is a cyber criminal group that targets large organizations and their contracted information technology help desks.

Security researchers may have discovered a reliable hosting company run by Qwins Ltd. that supports a broad range of international malware operations in a recent analysis resulting from standard follow-up on Lumma infostealer infections. Lumma, consistently ranking among the top five malware families according to platforms like abuse.ch and ANY.RUN, provided an abundant source of […]

The post Qwins Ltd: Bulletproof Hosting Provider Powering Global Malware Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Некоторые комбинации в игре не просто сложные: они вне границ вычислимого.

For years, primarily driven by regulatory compliance mandates, such as the Sarbanes-Oxley Act of 2002, identity and access management has been treated as a regulatory compliance exercise, rather than the security exercise it should be — and simply checking off compliance requirements leaves many organizations with a dangerous and false sense of security. This is..

The post Mapping Mayhem: Security’s Blind Spots in Identity Security appeared first on Security Boulevard.

Attacks surged in July 2025 after the threat group updated its process to combine malicious LNK files and a recycled WebDAV technique

In the ever-evolving infostealer landscape, 0bj3ctivityStealer emerges as a formidable threat, blending advanced obfuscation with targeted data exfiltration. Discovered earlier this year by HP Wolf Security researchers, this .NET-based malware has been observed in proactive threat hunting by the Trellix Advanced Research Center, revealing a novel phishing-driven campaign. The infection initiates through spearphishing emails themed […]

The post Unveiling 0bj3ctivityStealer’s Execution Chain: New Capabilities and Exfiltration Techniques Exposed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Some of Orange’s professional and consumer services may be disrupted for a few days because of the cyber incident

99% годовых, 100 тысяч в мечтах — и одна кнопка, чтобы всё потерять.

2FAuth: A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes

Hackers were spotted exploiting a critical SAP NetWeaver vulnerability tracked as CVE-2025-31324 to deploy the Auto-Color Linux malware in a cyberattack on a U.S.-based chemicals company. [...]

The ToxicPanda Android banking trojan has emerged as a significant threat, compromising over 4,500 devices primarily in Portugal and Spain as of early 2025, with a focus on stealing banking credentials, overlaying PIN and pattern codes, and enabling unauthorized transactions. Initially identified by Trend Micro in 2022 targeting Southeast Asia, the malware shifted to Europe […]

The post ToxicPanda Android Banking Malware Compromises Over 4,500 Devices to Harvest Banking Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Healthcare Faces Rising App-Based Ransomware Threats and Urgent Compliance Demands
Ransomware is evolving and healthcare is in the crosshairs. As apps and APIs become critical to patient care, they also open new threat vectors. Compliance alone isn't enough - organizations must act fast to close security gaps and defend against app-based attacks.

SecWiki周刊（第595期) by ourren

SecWiki周刊（第594期) by ourren

更多最新文章，请访问SecWiki

A vulnerability was found in halfgaar FlashMQ 1.14.0. It has been declared as problematic. This vulnerability affects unknown code of the component Retain Message Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2024-42645. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in DECE Geodi up to 9.0.146. It has been classified as problematic. This affects an unknown part of the component HTTP Request Handler. The manipulation leads to crlf injection. This vulnerability is uniquely identified as CVE-2025-6175. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in DECE Geodi up to 9.0.146 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-6060. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Grandstream UCM6510 up to 1.0.20.52 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Login. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-28171. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Vivaldi iCONTROL+ Server up to 4.7.8.0.eden/5.32. Affected is an unknown function. The manipulation of the argument error/edit-menu-item leads to cross site scripting. This vulnerability is traded as CVE-2025-52358. It is possible to launch the attack remotely. There is no exploit available.