Aggregator

A survey of 420 responses from IT and security professionals finds 86% now view securing software-as-a-service (SaaS) applications as a top priority, with more than three-quarters (76%) having increased budget allocations.

The post Survey Surfaces Challenges Securing SaaS Applications appeared first on Security Boulevard.

CISA released five Industrial Control Systems (ICS) advisories on April 22, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-112-01 Siemens TeleControl Server Basic SQL
• ICSA-25-112-02 Siemens TeleControl Server Basic
• ICSA-25-112-03 Schneider Electric Wiser Home Controller WHC-5918A
• ICSA-25-112-04 ABB MV Drives
   
• ICSA-25-035-04 Schneider Electric Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

GCP Cloud Composer漏洞可致攻击者通过恶意PyPI包窃取云数据！

Американцы нашли неожиданный ответ на китайские санкции.

美国防部拟建立新的安全软件保障计划

乌克兰修订网络安全法加强关基保护

关键词网络钓鱼在 LabHost 于 2024 年 4 月关闭之后，网络钓鱼即服务 (PhaaS) 领域出现了

关键词安全漏洞微软周一宣布，已将微软帐户 (MSA) 签名服务移至 Azure 机密虚拟机 (VM)，并且也正

关键词网络钓鱼网络钓鱼已不再仅仅局限于那些可疑的链接和措辞拙劣的电子邮件。

关键词Microsoft最新进展（2025年4月21日）：微软向客户发布通告，确认此次告警及账户锁定事件源于系

As SaaS and cloud-native work reshape the enterprise, the web browser has emerged as the new endpoint. However, unlike endpoints, browsers remain mostly unmonitored, despite being responsible for more than 70% of modern malware attacks. Keep Aware’s recent State of Browser Security report highlights major concerns security leaders face with employees using the web browser for most of their work.

A new malware named “RustoBot” has been discovered exploiting vulnerabilities in various router models to gain unauthorized access and initiate Distributed Denial of Service (DDoS) attacks. This advanced cyber-threat, first observed in January to February 2025, targets TOTOLINK and DrayTek devices, showcasing sophisticated techniques unlike previously known malware. Exploitation and Spread Strategy The botnet leverages […]

The post New Rust-Based Botnet Hijacks Routers to Inject Remote Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers have uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, employing advanced code flow obfuscation techniques to evade detection. This new development marks a significant escalation in cybercrime methodologies, potentially making it more challenging for traditional security measures to intercept or mitigate the impact of these theft-oriented attacks. Advanced Evasion Techniques This […]

The post Latest Lumma InfoStealer Variant Found Using Code Flow Obfuscation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The notorious Magecart group has been identified by the Yarix Incident Response Team as the culprits behind a recent credit card data theft operation on an e-commerce platform. This latest assault on consumer data showcases the group’s evolving tactics to infiltrate and compromise online payment systems. Initial Access and Web Shell Deployment The attack began […]

The post Magecart Launches New Attack Using Malicious JavaScript to Steal Credit Card Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic was found in Visual Composer Website Builder Plugin up to 45.10.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-46254. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in codepeople Appointment Booking Calendar Plugin up to 1.3.92 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-46241. It is possible to initiate the attack remotely. There is no exploit available.