Aggregator

网宿安全团队结合新标准的发布，以及行业多年的实践经验，对信息安全风险管理工作进行了深入的分析与解读。

The SideWinder Advanced Persistent Threat (APT) group has been observed intensifying its activities, particularly targeting military and government entities across various regions. This group, known for its aggressive expansion beyond traditional targets, has recently updated its toolset to include sophisticated malware designed for espionage. SideWinder’s primary targets have historically included entities in Pakistan, Sri Lanka, […]

The post SideWinder APT Deploys New Tools in Attacks on Military & Government Entities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

瑞士NCSC要求关键基础设施组织在遭受网络攻击后24小时内报告，否则将面临高额罚款。

Вебинар Positive Technologies состоится 18 марта в 14:00.

A significant security vulnerability affecting Apache Pinot, an open-source distributed data store designed for real-time analytics, has been publicly disclosed. The flaw, identified as CVE-2024-56325, allows remote attackers to bypass authentication on vulnerable installations, posing a critical threat to affected systems. Vulnerability Details The vulnerability stems from improper neutralization of special elements in URIs handled by […]

The post Apache Pinot Vulnerability Allows Attackers to Bypass Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

North Korea’s Lazarus Group has launched a new wave of attacks targeting the npm ecosystem, compromising six packages designed to steal login credentials and deploy backdoors. The malicious packages is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator have collectively been downloaded over 330 times. These packages mimic the names of widely trusted libraries, employing a typosquatting […]

The post Lazarus Hackers Exploit 6 NPM Packages to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

More than 14,500 girls from across the UK took part in this year’s CyberFirst Girls competition

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with the addition of three high-risk security flaws affecting Ivanti Endpoint Manager (EPM). These vulnerabilities, which involve absolute path traversal issues, have been observed being actively exploited in the wild, prompting federal agencies and organizations to implement remediation measures before […]

The post CISA Added 3 Ivanti Endpoint Manager Bugs to Wildly Exploited Vulnerabilities Catalog appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent analysis by FortiGuard Labs has revealed a significant increase in malicious software packages, with over 5,000 identified since November 2024. These packages employ sophisticated techniques to evade detection and exploit system vulnerabilities, posing a substantial threat to Windows systems and other software environments. The tactics used by attackers include low-file-count packages, suspicious install […]

The post Hackers Compromise Windows Systems Using 5000+ Malicious Packages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

为全球人工智能技术普及与治理贡献 “中国方案”。

Japanese telecom giant NTT Communications (NTT Com) has confirmed a data breach that compromised the information of nearly 18,000 corporate customers. The breach, which occurred in February, involved unauthorized access to an internal system used for managing service orders. Details of the Breach The breached data includes customer names, contract numbers, phone numbers, email addresses, […]

The post Telecom Giant NTT Confirms Data Breach Affecting 18,000 Corporate Customers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A Proof of Concept (PoC) exploit for the Apache Camel vulnerability CVE-2025-27636 has been released on GitHub. This vulnerability affects Apache Camel versions 4.10.0-4.10.1, 4.8.0-4.8.4, and 3.10.0-3.22.3, allowing attackers to inject arbitrary headers and potentially execute internal Camel methods, including Remote Code Execution (RCE) via the Camel Exec component. Vulnerability Details The vulnerability arises from […]

The post Apache Camel RCE Vulnerability PoC Exploit Released in GitHub appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Siemens SiPass integrated AC5102 and SiPass integrated ACC-AP up to 6.4.8 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Command Line Interface Parser. The manipulation leads to command injection. This vulnerability is handled as CVE-2025-27493. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Siemens Teamcenter Visualization and Tecnomatix Plant Simulation and classified as critical. Affected by this vulnerability is an unknown functionality of the component WRL File Handler. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-27438. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Siemens SiPass integrated AC5102 and SiPass integrated ACC-AP up to 6.4.8. Affected is an unknown function of the component REST API. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-27494. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.