Aggregator

A vulnerability classified as problematic has been found in Mattermost up to 9.11.12/10.5.3/10.6.2/10.7.0. Affected is an unknown function of the component Google OAuth Signup. The manipulation leads to incorrect implementation of authentication algorithm. This vulnerability is traded as CVE-2025-2571. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

After Hours-Long Disruption, XDR Vendor Promises Full Root Cause Analysis of Outage
Cybersecurity vendor SentinelOne suffered a major, global outage for about six hours on Thursday that disrupted its monitoring of managed response service customers' endpoints and networks, interrupted software updates and kept administrators from accessing consoles for troubleshooting purposes.

As Visa and Mastercard Deploy AI Agents, Experts Ask: Who Holds the Receipt?
When AI assistants order groceries or book flights, who's responsible when something goes wrong? That question is no longer hypothetical. As Visa and Mastercard enable AI agents to perform transactions on behalf of cardholders, experts weigh the legal, security and privacy stakes.

Also: Deepfake Dangers with Veo 3; Claude Opus 4's Manipulative Edge
In this week's update, Information Security Media Group editors questioned whether we’re less secure today despite agentic AI and platformization, examined Veo 3’s alarming leap in deepfake realism, and dug into Anthropic’s powerful yet problematic Claude Opus 4.

SWIDE：一种用于成功检测 Web 注入攻击语义感知的检测引擎 by ourren

更多最新文章，请访问SecWiki

The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev. [...]

A vulnerability was found in HP Easy Printer Care Software up to 2.5. It has been rated as critical. This issue affects some unknown processing in the library HPTicketMgr.dll of the component ActiveX Control. The manipulation leads to code injection. The identification of this vulnerability is CVE-2011-2404. The attack may be initiated remotely. Furthermore, there is an exploit available.

靠的是对顶级用户需求的精准捕获、以及全新技术带来的更安全的体验。

A vulnerability classified as critical was found in Essen Essentia Web Server 2.1. This vulnerability affects unknown code of the component URL Handler. The manipulation leads to memory corruption. This vulnerability was named CVE-2002-0313. The attack can be initiated remotely. Furthermore, there is an exploit available.

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google Apps Script a legitimate development platform within Google’s ecosystem to host deceptive phishing pages. This attack, masquerading as an invoice email, exploits the inherent trust users place in Google’s trusted environment to trick recipients into divulging sensitive information. A Sophisticated […]

The post Threat Actors Exploit Google Apps Script to Host Phishing Sites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A 28-year-old civilian IT worker at the Defense Intelligence Agency has been arrested in Northern Virginia on suspicion that he leaked secrets to a foreign government.

A vulnerability was found in Alcatel-Lucent OmniVista 4760 R4.2 and classified as problematic. This issue affects some unknown processing of the file php-bin/Webclient.php. The manipulation of the argument Langue leads to cross site scripting. The identification of this vulnerability is CVE-2007-5190. The attack may be initiated remotely. Furthermore, there is an exploit available.

从零到一的企业安全建设方法论。

A vulnerability was found in AimStats 3.2. It has been classified as critical. Affected is an unknown function of the file process.php. The manipulation of the argument databasehost leads to improper privilege management. This vulnerability is traded as CVE-2007-2168. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

生物防御的独特性，其中准备冲突和促进公共卫生之间的界限是模糊的，支出可以在这两个领域产生红利。

Alleged data sale of TotalEnergies Power & Gas – 22.25 Million Records

Currently trending CVE - Hype Score: 9 - A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device ...

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by the notorious hacker group Storm-1575, also known as “Dadsec.” Since September 2023, this group has been leveraging a Phishing-as-a-Service (PhaaS) platform called Tycoon2FA to target Microsoft 365 users, aiming to harvest credentials through meticulously crafted phishing pages. This campaign, active […]

The post Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical was found in Ahhp-Portal. Affected by this vulnerability is an unknown functionality of the file page.php. The manipulation of the argument sc leads to code injection. This vulnerability is known as CVE-2007-2428. The attack can be launched remotely. Furthermore, there is an exploit available.