Ваши деньги, но снять их не дадут. Банки тренируются определять, не звонят ли вам «из службы безопасности»
Подозрительным клиентам предлагают задержку и лимиты, чтобы сорвать сценарий мошенников.
Aggregator
CVE-2024-7694
1 month 2 weeks ago
Currently trending CVE - Hype Score: 1 - ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.
CVE-2020-7796
1 month 2 weeks ago
Currently trending CVE - Hype Score: 7 - Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
CVE-2025-32355
1 month 2 weeks ago
Currently trending CVE - Hype Score: 1 - Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.
CVE-2025-59793
1 month 2 weeks ago
Currently trending CVE - Hype Score: 1 - Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to ...
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
1 month 2 weeks ago
INTERPOL’s Operation Red Card 2.0 led to 651 arrests across 16 African countries and recovered over $4.3 million from online scams. INTERPOL’s Operation Red Card 2.0, a joint effort involving law enforcement agencies from 16 African countries, resulted in 651 arrests linked to online scam networks. The operation was carried out under the African Joint […]
Pierluigi Paganini
CVE-2026-2848 | SourceCodester Simple Responsive Tourism Website 1.0 Registration Master.php?f=register Username sql injection
1 month 2 weeks ago
A vulnerability identified as critical has been detected in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Registration. This manipulation of the argument Username causes sql injection.
This vulnerability appears as CVE-2026-2848. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com
Пока Илон Маск обещает – китайцы вживляют. В Шанхае уже вовсю двигают курсоры силой мысли
1 month 2 weeks ago
Как Китай превратил нейротехнологии в государственную программу.
CVE-2026-2847 | UTT HiPER 520 1.7.7-160105 Web Management Interface formReleaseConnect sub_44EFB4 Isp_Name os command injection
1 month 2 weeks ago
A vulnerability categorized as critical has been discovered in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of the argument Isp_Name results in os command injection.
This vulnerability is reported as CVE-2026-2847. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com
651 arrested, $4.3 million recovered in African cybercrime sweep
1 month 2 weeks ago
Operation Red Card 2.0, supported by INTERPOL and involving law enforcement agencies from 16 African countries, led to 651 arrests and the recovery of more than $4.3 million from online scams. In Nigeria police took down a fraud ring that used phishing, identity theft and social engineering to scam victims (Source: Interpol) Running from 8 December 2025 to 30 January 2026, the operation targeted networks behind high-yield investment fraud, mobile money scams and fraudulent loan … More →
The post 651 arrested, $4.3 million recovered in African cybercrime sweep appeared first on Help Net Security.
Sinisa Markovic
Lockbit
1 month 2 weeks ago
You must login to view this content
cohenido
FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025
1 month 2 weeks ago
The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than $20 million in 2025.
The agency said 1,900 ATM jackpotting incidents have been reported since 2020, out of which 700 took place last year. In December 2025, the U.S. Department of Justice (DoJ) said about $40.73 million has been collectively
The Hacker News
CVE-2026-2846 | UTT HiPER 520 1.7.7-160105 Web Management Interface /goform/formPdbUpConfig sub_44D264 policyNames os command injection
1 month 2 weeks ago
A vulnerability was found in UTT HiPER 520 1.7.7-160105. It has been rated as critical. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection.
This vulnerability is documented as CVE-2026-2846. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com
Submit #753967: sourcecodester.com Simple Responsive Tourism Website 1.0 SQL Injection [Accepted]
1 month 2 weeks ago
Submit #753967 / VDB-347084
anxxc
Hackers Actively Exploiting Critical BeyondTrust Vulnerability to Deploy VShell and SparkRAT
1 month 2 weeks ago
A critical vulnerability in BeyondTrust’s remote support software is being actively exploited by hackers to deliver dangerous backdoors on compromised systems. The flaw, tracked as CVE-2026-1731, carries a CVSS score of 9.9 and lets attackers run system commands with no login required. BeyondTrust released a security advisory on February 6, 2026, confirming that CVE-2026-1731 is […]
The post Hackers Actively Exploiting Critical BeyondTrust Vulnerability to Deploy VShell and SparkRAT appeared first on Cyber Security News.
Tushar Subhra Dutta
Submit #753965: UTT HiPER 520 nv520v3v1.7.7-160105 Command Injection [Accepted]
1 month 2 weeks ago
Submit #753965 / VDB-347083
Ruler-Chovy
Submit #753964: UTT HiPER 520 nv520v3v1.7.7-160105 Command Injection [Accepted]
1 month 2 weeks ago
Submit #753964 / VDB-347082
Ruler-Chovy
Hackers Using OAuth Apps in Microsoft Entra ID to Establish Persistence
1 month 2 weeks ago
Hackers are increasingly abusing OAuth applications in Microsoft Entra ID to gain persistent access, blending in as normal “business integrations” while keeping access even after defenders reset passwords. Recent Wiz research and incident reporting show attackers using fake OAuth apps, deceptive consent prompts, and redirect URLs to steal tokens and maintain long-term footholds in Microsoft 365 environments. […]
The post Hackers Using OAuth Apps in Microsoft Entra ID to Establish Persistence appeared first on Cyber Security News.
Abinaya
PromptSpy abuses Gemini AI to gain persistent access on Android
1 month 2 weeks ago
PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity […]
Pierluigi Paganini
Security Compass brings policy-driven security and compliance to agentic AI development
1 month 2 weeks ago
Security Compass released SD Elements for Agentic AI Workflow, enabling organizations to stay in control of security and compliance as AI becomes part of software development. AI agents introduce an unprecedented opportunity to accelerate the velocity of software development, but concerns about security and compliance are holding back adoption in regulated industries. Emerging laws like EU Cyber Resilience Act increase the burden of security on software manufacturers. Using the SD Elements Agentic AI workflow, you … More →
The post Security Compass brings policy-driven security and compliance to agentic AI development appeared first on Help Net Security.
Industry News