Aggregator

A vulnerability, which was classified as problematic, was found in Google Go up to 1.22.10/1.23.4. This affects an unknown part of the component net-http. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is uniquely identified as CVE-2024-45336. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Red Hat OpenShift Service Mesh 2.5.6/2.6.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Envoy Header Hander. The manipulation leads to injection. This vulnerability is known as CVE-2025-0754. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Red Hat OpenShift Service Mesh and classified as critical. Affected by this issue is some unknown functionality of the component proxyv2-rhel9. The manipulation leads to http request smuggling. This vulnerability is handled as CVE-2025-0752. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Node.js on Windows. Affected is an unknown function of the component Drive Name Handler. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-23084. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A new method of exploiting the “Bring Your Own Vulnerable Driver” (BYOVD)

Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up

Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert management, addressing key SOC challenges while enabling faster investigations and responses. Security

Ransomware attacks hav

Новая схема обмана заставила Google пересмотреть свою защиту.

Ransomware attacks have become a relentless threat to the healthcare sector, exposing sensitive patient data, disrupting life-saving treatments, and placing lives at risk. With healthcare systems underfunded and critical infrastructure vulnerable, cybercriminals find this sector an easy and lucrative target.  In recent years, ransomware attacks have not only caused financial losses but have also shaken […]

The post Interlock Ransomware: Analysis of Attacks on US Healthcare Providers appeared first on ANY.RUN's Cybersecurity Blog.

Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the processing of media data. The vulnerability can be triggered by a malicious application and may allow attackers to elevate privileges on targeted devices. “Apple is aware of a report that this issue may have been actively exploited … More →

The post Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) appeared first on Help Net Security.

Ransomware / Threat IntelligenceCybersecurity researchers have found that ransomware attacks targe

Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar. "ESXi appliances, which are unmonitored, are increasingly exploited as a persistence mechanism and gateway to access corporate networks widely," Sygnia

Cybercriminals are coming for your loyalty points and messing with dynamic pricing—don’t let them win. Learn how to stay ahead and keep your customers protected.

The post Protecting Airlines: How to Stop Scraping and Loyalty Fraud appeared first on Security Boulevard.