Aggregator

According to Ericsson, the opportunity created by mobile network application programming interfaces (APIs) will grow to more than $20 billion by 2028. APIs are ways for different types of software applications to communicate with each other. They are critical to a dynamic 5G network ecosystem and the secret sauce that...

A vulnerability, which was classified as critical, was found in AmpJuke 0.7.5. Affected is an unknown function of the file index.php. The manipulation of the argument special leads to sql injection. This vulnerability is traded as CVE-2008-4525. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Google is set to acquire Wiz, a cloud security platform founded in 2020, for $32bn in an all-cash deal

While still not widely distributed, a new Windows remote access trojan (RAT) dubbed StilachiRAT is a serious threat. “[The malware] demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data,” Microsoft threat analysts have warned on Monday. The StilachiRAT StilachiRAT’s capabilities include: Collection of information that helps paint a picture of the target system: OS/system info, hardware identifiers, BIOS serial number, camera presence, active Remote Desktop Protocol (RDP) sessions, software … More →

The post Stealthy StilachiRAT steals data, may enable lateral movement appeared first on Help Net Security.

A recent threat intelligence report highlights the emergence of a sophisticated cyberattack technique known as Browser-in-the-Middle (BitM), which allows hackers to hijack user sessions across various web applications in a matter of seconds. This method exploits the inherent functionalities of web browsers to deceive victims into believing they are interacting with a secure connection, while […]

The post New BitM Attack Enables Hackers to Hijack User Sessions in Seconds appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in MySQL 5.5.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper resource management. This vulnerability is handled as CVE-2011-5049. The attack may be launched remotely. Furthermore, there is an exploit available.

In a recent cybersecurity threat, hackers have been using virtual hard disk image files (.vhd) to distribute the VenomRAT malware, exploiting a novel technique to bypass security measures. This campaign begins with a phishing email that uses a purchase order as a lure, enticing users to open an attached archive file. Upon extraction, the archive […]

The post Hackers Exploit Hard Disk Image Files to Deploy VenomRAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

哈佛大学周一宣布，从 2025-26 学年起，家庭年收入不足 20 万美元的学生将免除学费。校长 Alan M. Garber 在一份声明中表示，“让更多人能负担得起哈佛大学的费用，可以拓宽学生的背景、经历和视角，促进智力和个人成长。”“通过吸引人才聚在一起学习，真正实现大学的巨大潜力。”他表示，新计划将使约 86% 的美国家庭有资格获得哈佛的经济资助，扩大常春藤联盟为学生提供所需资源的承诺。

A vulnerability has been found in X2Engine X2CRM up to 5.1 and classified as problematic. This vulnerability affects unknown code of the file index.php/users/create. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2015-5075. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the

A sophisticated new phishing campaign has been discovered that exploits Microsoft 365’s legitimate infrastructure to conduct highly convincing credential harvesting and account takeover attempts. Unlike traditional phishing attempts that rely on lookalike domains or email spoofing, this attack leverages Microsoft’s own trusted systems to bypass security controls and deceive users. The attack utilizes Microsoft’s legitimate […]

The post New Sophisticated Phishing Attack Exploiting Microsoft 365 Infrastructure To Attack Users appeared first on Cyber Security News.

Flashpoint data points to a surge in data breaches fueled by compromised credentials, ransomware and exploits

ReliaQuest sponsors the PGA TOUR’s Valspar Championship youth golf clinic, in partnership with youth golf program First Tee of Tampa Bay.

The Bybit hack, which occurred on February 21, 2025, has been extensively analyzed by multiple cybersecurity teams, including Sygnia. This attack exposed significant security vulnerabilities across various domains, including macOS malware, AWS cloud compromise, application security, and smart contract security. The incident involved unauthorized activity in Bybit’s Ethereum (ETH) cold wallets, where an ETH multisig […]

The post Bybit Hack: Details of Sophisticated Multi-Stage Attack Uncovered appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A recent discovery by Xavier Mertens, a senior handler at the Internet Storm Center, has highlighted a sophisticated attack where hackers utilize DLL side-loading to deploy malicious Python code. This technique involves tricking an application into loading a malicious DLL instead of a legitimate one, allowing attackers to execute malicious code while evading detection by […]

The post Hackers Use DLL Side-Loading to Deploy Malicious Python Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Microsoft Internet Explorer 5.5/6.0. It has been rated as critical. This issue affects some unknown processing of the component Error Message Handler. The manipulation with the input http://[host.with.unparsable.xml.file]/flaw.xml?<script>alert(document.cookie)</script> leads to basic cross site scripting. The identification of this vulnerability is CVE-2003-0446. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Cloudflare has announced the first phase of end-to-end quantum readiness for its Zero Trust platform, enabling organizations to protect their corporate network traffic against future quantum computer threats.  The initiative, which builds on Cloudflare’s research into post-quantum cryptography since 2017, addresses growing concerns about the vulnerability of conventional encryption methods to quantum computing attacks. Quantum […]

The post Cloudflare to Implement Post-Quantum Cryptography to Defend Attacks from Quantum Computers appeared first on Cyber Security News.

In a sophisticated phishing campaign uncovered by the BI.ZONE Threat Intelligence team, the Squid Werewolf group, also known as APT37, has been impersonating recruiters to target key employees in various organizations. This espionage cluster uses fake job opportunities to lure victims into opening malicious attachments, which ultimately lead to system compromise and data theft. Phishing […]

The post Squid Werewolf Mimics Recruiters to Target Job Seekers and Steal Personal Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The cybersecurity landscape has witnessed a new threat with the emergence of the DocSwap malware, which disguises itself as a “Document Viewing Authentication App” to deceive users into installing it on their Android devices. This sophisticated malware is suspected to be linked to a North Korean-backed Advanced Persistent Threat (APT) group, as revealed by the […]

The post DocSwap Malware Masquerades as Security Document Viewer to Attack Android Users Worldwide appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in WPS Hide Login Plugin 1.9.1 on WordPress. Affected by this issue is the function auth_redirect of the component Login Page. The manipulation leads to open redirect. This vulnerability is handled as CVE-2024-6289. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.