Aggregator

2025年7月下旬，安哥拉政府减少燃料补贴的决定引发了大规模罢工和骚乱，最终演变成针对中国商店和工厂的暴力事件。这场表面上的经济抗议活动，迅速转变为针对中国目标的暴力事件，反映了非洲大陆上复杂的地缘政治博弈和信息争夺战。

A sophisticated malvertising campaign has emerged, exploiting GitHub repositories through dangling commits to distribute malware via fake GitHub Desktop clients. This novel attack vector represents a significant evolution in cybercriminal tactics, leveraging the trust and legitimacy associated with GitHub’s platform to deceive unsuspecting users into downloading malicious software. The campaign operates by promoting compromised GitHub […]

The post New Malvertising Campaign Leverages GitHub Repository to Deliver Malware appeared first on Cyber Security News.

A vulnerability classified as critical has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. This vulnerability is traded as CVE-2025-10385. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Discover how to leverage open-source tools for vulnerability management while meeting compliance requirements. Learn best practices for secure and compliant software development.

The post Exploring Open Source and Compliance in Vulnerability Management appeared first on Security Boulevard.

Submit #643902 / VDB-323820

Cloudflare’s Dashboard and a set of related APIs were unavailable or partially available for an hour starting on Sep 12, 17:57 UTC. The outage did not affect the serving of cached files via the

A sophisticated backdoor malware known as Backdoor.WIN32.Buterat has emerged as a significant threat to enterprise networks, demonstrating advanced persistence techniques and stealth capabilities that enable attackers to maintain long-term unauthorized access to compromised systems. The malware has been identified targeting government and corporate environments through carefully orchestrated phishing campaigns, malicious email attachments, and trojanized software […]

The post Buterat Backdoor Attacking Enterprises to Establish Persistence and Control Endpoints appeared first on Cyber Security News.

Ученые утверждают, что обнаружили потенциальную биосигнатуру на Марсе.

Explore Customer Identity and Access Management (CIAM): its benefits, components, and how it differs from IAM. Learn to implement CIAM effectively for enhanced user experience and security.

The post What is Customer Identity and Access Management? appeared first on Security Boulevard.

Currently trending CVE - Hype Score: 2 - SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for ...

A vulnerability was found in Oracle Communications Diameter Signaling Router 9.0.0.0. It has been classified as critical. This affects an unknown part of the component Platform. Performing manipulation results in denial of service. This vulnerability is identified as CVE-2022-25147. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Oracle Financial Services Behavior Detection Platform 8.0.8.1/8.1.1.1/8.1.2.5/8.1.2.6. Affected is an unknown function of the component Application. Executing manipulation can lead to integer overflow. This vulnerability is registered as CVE-2022-25147. It is possible to launch the attack remotely. No exploit is available.

A vulnerability labeled as critical has been found in Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition 8.0.8. Affected by this issue is some unknown functionality of the component Platform. The manipulation results in integer overflow. This vulnerability is reported as CVE-2022-25147. The attack can be launched remotely. No exploit exists.

A vulnerability marked as critical has been reported in Apache Portable Runtime Utility up to 1.6.1. The impacted element is the function apr_base64. This manipulation causes integer overflow. This vulnerability appears as CVE-2022-25147. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability, which was classified as critical, was found in Oracle Communications Diameter Signaling Router 8.6.0.0. This vulnerability affects unknown code of the component Virtual Network Function Manager. The manipulation results in integer overflow. This vulnerability is known as CVE-2022-25147. It is possible to launch the attack remotely. No exploit is available.

A vulnerability labeled as critical has been found in Apache Portable Runtime 1.7.0. The affected element is the function apr_encode. The manipulation results in integer overflow. This vulnerability is reported as CVE-2022-24963. The attacker must have access to the local network to execute the attack. No exploit exists.

Полиция жалуется на бессмысленный софт за миллионы.

Cybersecurity researchers have uncovered a sophisticated malware campaign that exploits SVG (Scalable Vector Graphics) files and email attachments to distribute dangerous Remote Access Trojans, specifically XWorm and Remcos RAT. This emerging threat represents a significant evolution in attack methodologies, as threat actors increasingly turn to non-traditional file formats to bypass conventional security defenses. The campaign […]

The post New Malware Attack Leverages SVGs, Email Attachments to Deliver XWorm and Remcos RAT appeared first on Cyber Security News.

The well-known group of cybercriminals called Scattered Lapsus$ Hunters released a surprising farewell statement on BreachForums. This manifesto, a mix of confession and strategic deception, offers vital insights into the changing landscape of modern cybercrime and the increasing pressure from global law enforcement agencies. The statement reveals sophisticated operational security practices that extend far beyond […]

The post What Are The Takeaways From The Scattered LAPSUS $Hunters Statement? appeared first on Cyber Security News.

A vulnerability was found in Linux Kernel up to 6.16.3/6.17-rc2. It has been rated as critical. This impacts the function irq_request. Performing manipulation results in use after free. This vulnerability was named CVE-2025-39785. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.