Aggregator

A vulnerability classified as critical has been found in nltk. Affected is an unknown function. The manipulation leads to incorrect regular expression. This vulnerability is traded as CVE-2021-3842. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails that appear to originate from the legitimate financial service provider. The campaign, active since early March 2025, has already compromised an estimated 3,000 accounts, resulting in unauthorized transactions and credential theft. The malicious actors behind this attack employ convincing Pocket […]

The post Pocket Card Users Under Attack Via Sophisticated Phishing Campaign appeared first on Cyber Security News.

tl;dr: There's no silver bullet for keeping secrets out of logs, but if we put several "lead bullets" in the right places, we have a good chance of success.

The post Keeping Secrets Out of Logs: Strategies That Work appeared first on Security Boulevard.

INTERPOL led a multi-national law enforcement operation dubbed “Operation Red Card,” which has resulted in the arrest of over 300 suspected cyber criminals.  Operation Red Card, conducted from November 2024 to February 2025, targeted cross-border criminal syndicates responsible for mobile banking fraud, investment scams, and messaging app exploitation. The operation involved law enforcement agencies from […]

The post Operation Red Card – 300+ Cyber Criminals Arrested Linking to Multiple Hacking Activities appeared first on Cyber Security News.

A vulnerability classified as problematic was found in Digium Asterisk. This vulnerability affects unknown code of the file chan_skinny.c of the component chan_skinny Channel Driver. The manipulation as part of Request leads to improper resource management. This vulnerability was named CVE-2017-17090. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

波音赢得了美国空军下一代空优战斗机（NGAD）的制造合同。新战斗机被命名为 F-47，预计将在 2030 年代取代洛克希德马丁的 F-22。在赢得新合同前，波音位于圣路易斯的战斗机工厂计划于 2027 年停产 F/A-18，新合同将允许工厂继续运作。波音、洛克希德马丁以及诺斯罗普格鲁曼参与了 NGAD 项目竞标，诺格后选择主动退出专注于 B-21 Raider 项目。NGAD 的工程和制造开发 (EMD) 合同预计约 200 亿美元，一旦开始量产，每架飞机的成本估计将超过 3 亿美元。NGAD 还包括了无人驾驶的协同作战飞机项目 CCA，以及普惠和通用电气开发的新喷气发动机、武器、电子战、传感器、网络生态系统、战斗管理能力等。

Medusa ransomware uses a malicious Windows driver ABYSSWORKER to disable security tools, making detection and mitigation more difficult. Elastic Security Labs tracked a financially driven MEDUSA ransomware campaign using a HEARTCRYPT-packed loader and a revoked certificate-signed driver, ABYSSWORKER, to disable EDR tools. The attackers used a 64-bit Windows PE driver named smuol.sys, disguised as a […]

Defensie groeit door naar 100.000 mensen in 2030. Mogelijk verdubbelt dat aantal daarna nog. Dat schrijft staatssecretaris Gijs Tuinman vandaag in een brief aan de Tweede Kamer. Daarin legt hij uit hoe een zogeheten ‘schaalbare krijgsmacht’ vorm krijgt.

A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected is an unknown function of the file /admin-api/mp/material/upload-news-image of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. This vulnerability is traded as CVE-2025-2744. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. This issue affects some unknown processing of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. The identification of this vulnerability is CVE-2025-2743. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. This vulnerability affects unknown code of the file /admin-api/mp/material/upload-permanent of the component Material Upload Interface. The manipulation of the argument File leads to path traversal. This vulnerability was named CVE-2025-2742. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A novel attack vector combining browser cache exploitation and DLL proxying has emerged as a significant threat to organizations using Microsoft Teams and OneDrive. Dubbed Browser Cache Smuggling, this technique allows attackers to bypass traditional security defenses by leveraging browsers’ caching mechanisms to deliver malware disguised as benign files. Modern browsers cache static files (e.g., images, […]

The post Hackers Could Drop Teams Malware via Browser’s Cache Smuggling appeared first on Cyber Security News.

Новый раунд цифровых ограничений в марте.

Submit #519694 / VDB-300846

Submit #519692 / VDB-300845

Submit #519691 / VDB-300844

A vulnerability classified as problematic has been found in shawfactor LH OGP Meta Plugin up to 1.73 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-30587. It is possible to initiate the attack remotely. There is no exploit available.