Aggregator

Submit #556871 / VDB-305780

Recent research has unveiled a concerning vulnerability within the realm of containerized applications, where threat actors are leveraging stolen certificates and private keys to infiltrate organizations. This tactic not only allows hackers to bypass security measures but also potentially permits them to remain undetected for extended periods, posing significant risks to corporate security. The Stealth […]

The post Hackers Exploit Stolen Certificates and Private Keys to Breach Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Павел Дуров заявил о принципиальной позиции.

Cybersecurity researchers at Guardio Labs have unveiled a troubling new trend dubbed “VibeScamming,” where cybercriminals are using AI tools to create sophisticated phishing campaigns with unprecedented ease. This development, which allows even novice hackers to craft convincing scams, marks a significant shift in the cyber threat landscape, facilitated by the democratization of AI technology. The […]

The post VibeScamming: Hackers Leverage AI to Craft Phishing Schemes and Functional Attack Models appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to buffer overflow. This vulnerability is traded as CVE-2025-3854. The attack needs to be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. Other functions might be affected as well.

In an era where cybersecurity has become paramount, the banking and financial sectors are facing an alarming escalation in ransomware attacks. According to recent findings, each ransomware attack costs banks an average of $6.08 million, excluding the additional expenses on cybersecurity upgrades and regulatory fines. These cyber threats not only drain finances but also cause […]

The post Ransomware Attacks Cost Banks $6.08 Million on Average, Triggering Downtime and Reputation Damage appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new variant of the FOG ransomware has been identified, with attackers exploiting the name of the Department of Government Efficiency (DOGE) to mislead victims. This operation, which came to light through the analysis of nine malware samples uploaded to VirusTotal between March 27 and April 2, demonstrates a cunning approach to ransomware distribution. Infiltration […]

The post Cybercriminals Deploy FOG Ransomware Disguised as DOGE via Malicious Emails appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #556616 / VDB-305778

Submit #556617 / VDB-305778

Submit #556618 / VDB-305778

Submit #556615 / VDB-305778

Submit #556614 / VDB-305778

A vulnerability was found in Apple iOS and iPadOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component App Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2023-40400. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple watchOS. It has been rated as problematic. Affected by this issue is some unknown functionality of the component App Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-40400. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple macOS. This affects an unknown part of the component App Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-40400. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Froala Editor 4.1.1. This issue affects some unknown processing of the component Insert Image. The manipulation of the argument Insert link leads to cross site scripting. The identification of this vulnerability is CVE-2023-42426. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in GStreamer and classified as critical. This issue affects some unknown processing of the component Parsing. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2023-40476. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

The AI security race is on — and it will be won where defenders come together with developers and researchers to do things right.