Aggregator

A vulnerability, which was classified as problematic, has been found in Checkmk up to 2.1.0p49/2.2.0p40/2.3.0p28. This issue affects some unknown processing. The manipulation leads to sensitive information in log files. The identification of this vulnerability is CVE-2025-2092. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A glaring vulnerability has come to light within Samsung’s One UI interface: the clipboard history function stores all copied text, including sensitive data like passwords and personal information, in plain text and retains it indefinitely, unless users manually delete it. For countless smartphone users, copying and pasting is a daily activity. Complex passwords, banking information, […]

The post Samsung One UI Vulnerability Leaks Sensitive Data in Plain Text With No Expiration! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Вебинар Positive Technologies пройдет 24 апреля в 14:00.

There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server based on the Erlang/OTP SSH library are likely to be affected by this vulnerability. If your application uses Erlang/OTP SSH to provide remote access, assume you are affected,” Ruhr University Bochum researchers, who discovered and reported the flaw, said. About CVE-2025-32433 Erlang/OTP SSH is a set of libraries … More →

The post PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) appeared first on Help Net Security.

Phishing attacks are not only more frequent but also more sophisticated, leveraging AI to craft highly convincing messages that bypass traditional security measures.​ 

The post Beyond Firewalls: Why Phishing Demands a People-First, Trust-Centric Response  appeared first on Security Boulevard.

A survey of 420 responses from IT and security professionals finds 86% now view securing software-as-a-service (SaaS) applications as a top priority, with more than three-quarters (76%) having increased budget allocations.

The post Survey Surfaces Challenges Securing SaaS Applications appeared first on Security Boulevard.

CISA released five Industrial Control Systems (ICS) advisories on April 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-112-01 Siemens TeleControl Server Basic SQL
• ICSA-25-112-02 Siemens TeleControl Server Basic
• ICSA-25-112-03 Schneider Electric Wiser Home Controller WHC-5918A
• ICSA-25-112-04 ABB MV Drives
   
• ICSA-25-035-04 Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

GCP Cloud Composer漏洞可致攻击者通过恶意PyPI包窃取云数据！

Американцы нашли неожиданный ответ на китайские санкции.

美国防部拟建立新的安全软件保障计划

乌克兰修订网络安全法加强关基保护

关键词网络钓鱼在 LabHost 于 2024 年 4 月关闭之后，网络钓鱼即服务 (PhaaS) 领域出现了

关键词安全漏洞微软周一宣布，已将微软帐户 (MSA) 签名服务移至 Azure 机密虚拟机 (VM)，并且也正

关键词网络钓鱼网络钓鱼已不再仅仅局限于那些可疑的链接和措辞拙劣的电子邮件。

关键词Microsoft最新进展（2025年4月21日）：微软向客户发布通告，确认此次告警及账户锁定事件源于系