Aggregator

Submit #636833 / VDB-323208

Shadow assets don't care about your perimeter. EASM finds every internet-facing asset, surfaces unknowns, and prioritizes real risks—so you can fix exposures before attackers do. See how Outpost24 makes it easy. [...]

The U.S. Department of the Treasury has unveiled a sweeping sanctions campaign against a network of cyber scam centers across Southeast Asia that collectively stole more than ten billion dollars from American victims in 2024. These operations, often masquerading as legitimate virtual currency investment platforms, relied on sophisticated social engineering techniques to coax users into […]

The post Magento and Adobe SessionReaper Vulnerability Exposes Thousands of Online Stores to Automated Attacks appeared first on Cyber Security News.

Submit #639030 / VDB-323207

Submit #636789 / VDB-323206

Submit #636697 / VDB-323205

Submit #636696 / VDB-323204

Relyance AI has released Data Defense Engineer, an AI-native feature that works 24/7 to understand, monitor, and protect thousands of data journeys, learns from every interaction, and autonomously enforces policies at machine speed. As organizations deploy AI systems, data becomes executable intelligence rather than passive information. Relyance AI’s Data Defense Engineer is a fundamental shift from static data scanning to real-time data journey mapping, providing enterprises with superintelligence that continuously tracks how sensitive data flows … More →

The post Relyance AI Data Defense Engineer secures AI-driven data appeared first on Help Net Security.

Zoom released a security update addressing multiple vulnerabilities in its software, including Zoom Workplace and various clients for Windows and macOS. The patches cover one high-severity flaw and several medium-severity issues, prompting a strong recommendation for users to update their applications immediately to safeguard against potential exploits. The most significant vulnerability fixed in this update […]

The post Zoom Security Update – Patch for Multiple Vulnerabilities in Clients for Windows and macOS appeared first on Cyber Security News.

A vulnerability marked as critical has been reported in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_student.php of the component Admin Panel. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2025-9665. The attack can be initiated remotely. Additionally, an exploit exists.

Sources tell Recorded Future News that top Trump administration officials have accepted that splitting up the leadership of U.S. Cyber Command and the National Security Agency would prove too lengthy and arduous amid other national security priorities.

​Microsoft is working to resolve a known issue that causes an anti-spam service to mistakenly block Exchange Online and Microsoft Teams users from opening URLs and quarantine some of their emails. [...]

123 миллиона визитов в год обернулись жёсткими мерами со стороны правообладателей.

Vanta has unveiled a new set of capabilities that integrates AI across core compliance and risk workflows. These features unify policy management with the Vanta AI Agent, expand first-party risk oversight and continuous monitoring for vendors, and deepen integrations, providing security leaders with a single system of record to act on risk before it escalates. Risk management is fragmented across siloed tools, teams and manual processes. Internal issues live in one system, vendor reviews in … More →

The post Vanta embeds agentic AI into policy and evidence workflows appeared first on Help Net Security.

在周一发生 Z 世代年轻人抗议以及紧跟着的暴力冲突之后，尼泊尔宣布取消社媒禁令。这次大规模抗议中有至少 19 人死亡，300-400 人受伤，总理 Sharma Oli 已宣布辞职。尼泊尔政府是在上周以未在期限内向政府登记注册为由屏蔽了 Facebook、WhatsApp、X、Instagram 和 YouTube 等 26 个社交媒体网站，引发了 Z 世代年轻群体周一在包括首都在内的各大城市的大规模抗议，这次事件被称为 Z 世代抗议运动。

Hummingbird announced its unified platform for risk and compliance operations. The expanded platform brings together the full risk and compliance lifecycle with the launch of new solutions for both Transaction & Risk Monitoring and Customer Screening. Financial institutions, long stymied by fragmented workflows, will find immediate value in Hummingbird’s Transaction & Risk Monitoring and Customer Screening solutions, which strengthen risk detection and accelerate decision-making. While Hummingbird may now be deployed end-to-end, the platform’s modular design … More →

The post Hummingbird’s compliance and risk platform helps financial institutions manage risk appeared first on Help Net Security.

Salty2FA phishing campaign showcases advanced techniques and professionalism of cybercrime operations

South Korean internet users are being targeted by a sophisticated phishing campaign attributed to the North Korean threat actor known as Kimsuky. The malicious emails, masquerading as official notices from the National Tax Service (NTS), inform recipients of a “September Tax Return Payment Due Notice” and urge them to click a link to view an […]

The post Phishing Alert: Kimusky Hackers Masquerade as Tax Authority with ‘September Tax Return Due Date’ Email appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability described as critical has been identified in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. This vulnerability is reported as CVE-2025-10164. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.