Aggregator

Currently trending CVE - Hype Score: 1 - NTLM Hash Disclosure Spoofing Vulnerability

Major breaches don’t start with hackers—they start with overlooked security gaps. Learn how to find and fix SaaS blind spots before they become attacks.

The post Breaches Often Start Where You Least Expect | Grip Security appeared first on Security Boulevard.

Canadian Auto Retail Giant AutoCanada Targeted by MEDUSA Ransomware, 455GB of Data Allegedly Stolen

Investment to Scale Engineering, Expansion from Data Deletion to Threat Reduction
Executive digital protection firm 360 Privacy raised $36 million to expand its engineering team and boost its ability to remove sensitive data from brokers. The company is shifting from a data deletion focus to broader threat mitigation, tackling risks from digital tracking and location data leaks.

Texas Incident is Largest Breach Reported by a Health Plan So Far in 2025
A Texas-based insurance firm is notifying more than 335,500 people of a December hack involving their sensitive personal and health information. The breach affects many - but not all - of the company's policyholders, agents and insurance carrier partners in multiple states.

Restraining Order Allows Dismissed Cyber Defense Agency Employees to Return to Work
A temporary restraining order against the Trump administration's efforts to shrink the size of the federal workforce will allow thousands of probationary employees to return to work as experts warn the purge threatens national cybersecurity.

DeepSeek Comes Very Close to Producing a Keylogger and Ransomware
Security researchers used the Chinese DeepSeek-R1 artificial intelligence reasoning model to come close to developing ransomware variants and keyloggers with evasion capabilities. The model needs prompt engineering and its output requires code editing.

Investment to Scale Engineering, Expansion From Data Deletion to Threat Reduction
Executive digital protection firm 360 Privacy raised $36 million to expand its engineering team and boost its ability to remove sensitive data from brokers. The company is shifting from a data deletion focus to broader threat mitigation, tackling risks from digital tracking and location data leaks.

Texas Incident Is the Largest Breach Reported by a Health Plan So Far in 2025
A Texas-based insurance firm is notifying more than 335,500 people of a December 2024 hack involving their sensitive personal and health information. The breach affects many - but not all - of the company's policyholders, agents and insurance carrier partners in multiple states.

Restraining Order Allows Dismissed Cyber Defense Agency Employees to Return to Work
A temporary restraining order against the Trump administration's efforts to shrink the size of the federal workforce will allow thousands of probationary employees to return to work as experts warn the purge threatens national cybersecurity.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A vulnerability, which was classified as critical, was found in Adobe Substance3D Stager up to 3.0.2. This affects an unknown part. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-39388. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe InDesign Desktop up to 18.5.2/19.4 and classified as critical. This vulnerability affects unknown code. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-39389. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 18.5.2/19.4 and classified as critical. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-39390. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 18.5.2/19.4. It has been classified as critical. Affected is an unknown function. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2024-39391. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe InDesign Desktop up to 18.5.2/19.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2024-39394. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Acrobat Reader up to 20.005.30636/24.002.20965/24.002.20964/24.001.30123. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-39422. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Adobe Acrobat Reader up to 20.005.30636/24.002.20965/24.002.20964/24.001.30123. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2024-39423. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.