Aggregator

A vulnerability classified as problematic has been found in Linux Kernel up to 6.15-rc1. This affects the function inftl_read_oob of the component mtd. The manipulation of the argument return leads to unchecked return value. This vulnerability is uniquely identified as CVE-2025-37892. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Adidas Korea has announced a security breach affecting customer data, marking the second major incident in the fashion industry targeting Korean consumers this month. The sportswear giant revealed that unauthorized access was gained through a third-party customer service provider, compromising customers’ personal information who had contacted their service centers. On May 16, Adidas disclosed on […]

The post Adidas Data Breach – Customers’ Personal Information Exposed appeared first on Cyber Security News.

CISA released thirteen Industrial Control Systems (ICS) advisories on May 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-140-01 ABUP IoT Cloud Platform
• ICSA-25-140-02 National Instruments Circuit Design Suite
• ICSA-25-140-03 Danfoss AK-SM 8xxA Series
• ICSA-25-140-04 Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products
• ICSA-25-140-05 Siemens Siveillance Video
• ICSA-25-140-06 Schneider Electric PrismaSeT Active - Wireless Panel Server
• ICSA-25-140-07 Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL
• ICSA-25-140-08 Schneider Electric Modicon Controllers
• ICSA-25-140-09 AutomationDirect MB-Gateway
• ICSA-25-140-10 Vertiv Liebert RDU101 and UNITY
• ICSA-25-140-11 Assured Telematics Inc (ATI) Fleet Management System with Geotab Integration
   
• ICSA-25-037-01 Schneider Electric EcoStruxure Power Monitoring Expert (PME) (Update B)
• ICSA-25-023-05 Schneider Electric EcoStruxure Power Build Rapsody (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Reliable measurements of the light from our planet can help industries from agriculture to meteorology to mining.

Thales found that 73% of organizations are investing in AI-specific security tools, amid surging takeup of GenAI tools in enterprises

RVTools installer on its official site was found delivering malware. Research shows it spread Bumblebee loader. Users urged to verify downloads.

Foxconn и NVIDIA строят новую медицину прямо сейчас.

The phishing attack landscape continues to evolve in 2025, with cybercriminals using more sophisticated techniques to bypass security measures, emphasizing the need for phishing attack prevention. Phishing remains one of the most prevalent and damaging cyber threats facing organizations worldwide. In the fourth quarter of 2024 alone, nearly a million phishing attacks were observed, showing […]

The post Phishing Attack Prevention – Best Practices for 2025 appeared first on Cyber Security News.

Outpost24 announced the addition of AI-enhanced summaries to the Digital Risk Protection (DRP) modules within its External Attack Surface Management (EASM) platform. With Outpost24’s DRP modules, organizations are able to identify, monitor, and protect against threats before they can be exploited. DRP’s threat intelligence provides continuous scans for exposed credentials, brand impersonations, data leaks and more. While this is all valuable information to have, these DRP findings can be challenging and time-consuming for security teams … More →

The post Outpost24 simplifies threat analysis with AI-enhanced summaries appeared first on Help Net Security.

A suspected initial access broker has been leveraging trojanized versions of the open-source KeePass password manager to set the stage for ransomware attacks, WithSecure researchers have discovered. KeeLoader: Passoword manager that acts as data stealer and malware loader In February 2025, WithSecure’s inicident responders were hired by an European IT service provider to help with response and remediation after a ransomware gang encrypted their VMware ESXi servers’ datastores. While the attack itself was relatively typical, … More →

The post Trojanized KeePass opens doors for ransomware attackers appeared first on Help Net Security.

Готовьтесь к утечке CPU, криптовалюте и новым соседям в crontab.

关键词安全漏洞周四,CISA警告美国联邦机构保护其系统免受利用Chrome网络浏览器中高严重性漏洞的持续攻击。

关键词勒索软件勒索软件团伙成员越来越多地使用一种名为Skitnet(“Bossnet”)的新恶意软件,在被破坏

关键词网络安全在刚刚落幕的Pwn2Own柏林2025黑客大赛中，安全研究人员通过成功利用28个零日漏洞，累计斩

关键词网络攻击网络安全研究人员近日发现一个针对Redis数据库的新型Linux系统攻击活动，代号"RedisR

In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises (200 from within the USA) to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have to handle. The findings reveal a complex picture of progress, challenges, and a shifting mindset

Seven sources tell CyberScoop that a lack of coordination and miscommunication between federal agencies and the telecommunications industry left critical networks exposed to the Chinese hacking group.

The post ‘Whatever we did was not enough’: How Salt Typhoon slipped through the government’s blind spots appeared first on CyberScoop.

High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder. "The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content," Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas

汽车行业重回「规模为王」。

A vulnerability was found in Koibox. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /es/dashboard/clientes/ficha/ of the component Profile Picture Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-40633. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.