Aggregator

20 мая в Москве состоится конференция, посвящённая вопросам информационной безопасности в корпоративном сегменте.

Unauthenticated Hackers Exploit CVE-2025-31324 to Upload Webshells
Threat actors are exploiting a zero-day flaw in a partially deprecated SAP tool still widely used by governments and businesses. On Friday, SAP's security division, Onapsis, disclosed that CVE-2025-31324 is "actively exploited in the wild."

Co. Is Already Facing Several Lawsuits Based on Its Much Lower Victim Estimates
Employee benefits administrator Verisource Services Inc. has told regulators that a hack discovered in February 2024 has affected 4 million individuals, up significantly from initial estimates reported last summer. The company already faces several lawsuits involving its earlier lowball estimates.

4-Day Cybersecurity Event Covers Emerging Tech, Latest Cyberthreats
ISMG Editors convened in San Francisco for coverage of RSAC Conference. Panelists shared an overview of opening-day speakers and hot topics, including the growth of AI, uncertainties in the global threat landscape, the Innovation Sandbox contest and Cryptographers' Panel session.

Enforcement Action Is Latest Under Agency's Ransomware, Risk Analysis Initiatives
Federal regulators fined a New York neurology practice $25,000 following an investigation into a 2020 ransomware breach affecting nearly 7,000 individuals. Comprehensive Neurology failed to conduct an accurate and thorough risk analysis, regulators said.

诈骗者指示受害者将他们的支付卡轻敲到他们的手机上以验证他们的卡，允许恶意软件读取卡芯片数据并将其发送给攻击者。

诈骗者指示受害者将他们的支付卡轻敲到他们的手机上以验证他们的卡，允许恶意软件读取卡芯片数据并将其发送给攻击者。

A recent surge in cyber reconnaissance has put thousands of organizations at risk after GreyNoise, a global threat intelligence platform, detected an alarming spike in attempts to access sensitive Git configuration files. Between April 20 and 21, GreyNoise observed the daily count of unique IPs targeting these files soar past 4,800-a record-breaking figure and a […]

The post Massive Attack: 4,800+ IPs Used to Target Git Configuration Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-request.php. The manipulation of the argument viewid leads to sql injection. This vulnerability is known as CVE-2025-4080. The attack can be launched remotely. Furthermore, there is an exploit available.

零配置快速搭建软件开发与逆向分析环境

零配置快速搭建软件开发与逆向分析环境

A vulnerability, which was classified as critical, was found in PCMan FTP Server up to 2.0.7. Affected is an unknown function of the component RENAME Command Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2025-4079. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=log_export_file. The manipulation of the argument file_name leads to path traversal. The identification of this vulnerability is CVE-2025-4078. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects School Billing System 1.0. This vulnerability affects the function searchrec. The manipulation of the argument Name leads to stack-based buffer overflow. This vulnerability was named CVE-2025-4077. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

Submit #560558 / VDB-306517

There must be a fundamental shift in strategy for B2B leaders, one that places artificial intelligence (AI) threat detection at the core of cyberdefense. 

The post Why B2B Leaders Must Rethink Cybersecurity Strategies With AI at the Core appeared first on Security Boulevard.

Submit #560541 / VDB-306516

Submit #560540 / VDB-306515

Submit #560534 / VDB-306514

近日看到几张网络安全在线培训的截图，扯个闲淡。授课，不是单纯地说技术水平高就可以。技术水平在这件事里，可能是排到最后面的。