Aggregator

UK retailers including Harrods, M&S, and the Co-op are under a surge of cyber-attacks that may be linked by a common supplier or shared technological vulnerability

The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. "MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts," Recorded Future's Insikt Group said in a report shared with The Hacker News. "The malware employs sandbox and virtual machine evasion techniques, a domain

A major supply chain security incident has rocked the Python open-source community as researchers at Socket’s Threat Research Team uncovered seven interconnected malicious packages published on the Python Package Index (PyPI). These packages Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, Coffin-Grave, and cfc-bsb-were ingeniously designed to exploit Gmail’s SMTP service, establishing covert command-and-control tunnels and enabling attackers to execute […]

The post Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Gosoft Proticaret E-Commerce up to 5.x and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-11142. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Currently trending CVE - Hype Score: 25 - A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary ...

Currently trending CVE - Hype Score: 14 - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires ...

Один клик — и ребёнок попадает в цифровую изоляцию.

Meta построила соцсеть, где у тебя вместо друзей — ИИ, и ты с ним в группе.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: […]

《网络空间安全导论（微课版）》ISBN：9787302550112 清华大学出版社

《网络空间安全导论（微课版）》ISBN：9787302550112 清华大学出版社

A vulnerability has been found in Intrexx Portal Server up to 12.0.3 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-47201. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in SureForms Plugin up to 1.4.3 on WordPress. This affects an unknown part of the component Form Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-3514. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in SureForms Plugin up to 1.4.3 on WordPress. Affected by this issue is some unknown functionality of the component Form Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-3513. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Ты стал одновременно Ghibli-персонажем, объектом анализа и чьей-то будущей рекламой.

Opsera announced new Advanced Security Dashboard capabilities that, available as an extension of Opsera’s Unified Insights for GitHub Copilot, help enterprises maximize the benefits of GitHub Advanced Security (GHAS). Opsera now connects and provides a comprehensive view of security alongside software development performance, enabling the monitoring of vulnerabilities, tracking of remediation, and fostering a stronger security culture across development teams, all without slowing down software delivery. “Our Advanced Security Dashboard complements our existing GitHub solutions … More →

The post Opsera improves GitHub security management appeared first on Help Net Security.

Microsoft has announced that all new Microsoft accounts will be "passwordless by default" to secure them against password attacks such as phishing, brute force, and credential stuffing. [...]

Подробное руководство по конфигурациям, трафику и тестбедам по стандарту RFC 9411.

Искусственный интеллект переписывает правила творчества, и авторам это не нравится.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical vulnerabilities found in widely used Industrial Control Systems (ICS). Released on May 1, 2025, the advisories spotlight severe security risks affecting KUNBUS GmbH’s Revolution Pi devices and the MicroDicom DICOM Viewer, with some vulnerabilities scoring the highest possible rating for risk […]

The post CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.