Aggregator

A vulnerability classified as critical was found in Huawei HarmonyOS 5.0.0. Affected by this vulnerability is an unknown functionality of the component Media Library Module. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-46587. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as problematic has been found in Huawei HarmonyOS 5.0.0. Affected is an unknown function of the component Media Library Module. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-58252. An attack has to be approached locally. There is no exploit available.

A major security scare has erupted in Washington after reports emerged that a Trump associate was using an unofficial version of the secure messaging platform Signal-an application that was subsequently targeted in a data breach, according to a Sunday report from tech outlet 404 Media. According to the Reuters report, the report centers on former […]

The post Signal App Used by Trump Associate Targeted in Security Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been rated as critical. This issue affects some unknown processing of the component File System Module. The manipulation leads to improper handling of insufficient permissions or privileges. The identification of this vulnerability is CVE-2025-46584. The attack needs to be approached locally. There is no exploit available.

现代汽车在其位于美国佐治亚州的 Metaplant America工厂部署了波士顿动力的 Atlas 人形机器人，此举旨在加速工厂自动化和本地生产，提高效率以应对汽车关税上涨。现代汽车已经在其美国工厂部署了 Spot 四足机器人用于工业检测，它没有披露部署了多少台 Atlas，以及 Atlas 的具体用途。现代汽车是在 2021 年从日本软银收购了波士顿动力，Atlas 为双足人形机器人，其最新型号为全电版而不是早期使用的液压版。波士顿动力在宣布电动版 Atlas 时透露第一个合作对象是其母公司现代汽车。

A vulnerability was found in pixel_prime Reales WP STPT Plugin up to 2.1.2 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to authorization bypass. This vulnerability was named CVE-2025-3610. The attack can be initiated remotely. There is no exploit available.

Хакеры не просто взломали авиакомпанию, а изменили расстановку сил.

RSA announced cybersecurity innovations that defend organizations against the next wave of AI powered identity attacks, including IT Help Desk bypasses, malware, social engineering, and other threats. These advancements are especially critical for organizations implementing passwordless strategies. Among the highlights is the new RSA Help Desk Live Verify (patent pending), a feature that prevents social engineering and technical support scams. With bi-directional identity verification, RSA Help Desk Live Verify ensures that both users and IT … More →

The post RSA helps organizations secure passwordless environments appeared first on Help Net Security.

A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been classified as critical. This affects an unknown part of the component Contacts Module. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-46586. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS 5.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component Kernel Module. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-46585. Local access is required to approach this attack. There is no exploit available.

На старте беседа про KPI, а на финише — установка More_eggs и тихий слив данных.

120 часов — именно столько у вас будет до публичного раскрытия всех секретов.

Resecurity found a new smishing kit called ‘Panda Shop,’ mimicking Smishing Triad tactics with improved features and new templates. Resecurity (USA) was the first company to identify the Smishing Triad, a group of Chinese cybercriminals targeting consumers across the globe. In August 2023, our team was able to identify their activity and locate the smishing […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding an actively exploited vulnerability in Langflow, a popular open-source framework for building language model applications. Tracked as CVE-2025-3248, the flaw allows unauthenticated attackers to execute malicious code remotely, posing significant risks to organizations using the platform. Vulnerability Details The critical flaw resides in Langflow’s api/v1/validate/code endpoint, […]

The post CISA Issues Alert on Langflow Vulnerability Actively Exploited in Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Разработчики любят Helm за простоту, хакеры — за открытые порты.

A vulnerability was found in Apple iOS and iPadOS. It has been declared as critical. This vulnerability affects unknown code of the component Kernel. The manipulation leads to memory corruption. This vulnerability was named CVE-2022-32924. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple macOS. This affects an unknown part of the component ATS. The manipulation leads to sandbox issue. This vulnerability is uniquely identified as CVE-2022-32890. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS and classified as problematic. This vulnerability affects unknown code of the component PackageKit. The manipulation leads to race condition. This vulnerability was named CVE-2022-32895. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple macOS. This issue affects some unknown processing of the component WebKit Sandboxing. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2022-32892. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.