Aggregator

A vulnerability has been found in IBM QRadar SIEM up to 7.5.0 Update Package 12 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to file inclusion. This vulnerability is known as CVE-2025-33117. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. [...]

Alleged Data Breach of Iraq’s Ministry of Labor and Social Affairs

The Wordfence Threat Intelligence team identified a severe security flaw in the AI Engine plugin, a widely used tool installed on over 100,000 WordPress websites. This vulnerability, classified as an Insufficient Authorization to Privilege Escalation via Model Context Protocol (MCP), has a CVSS score of 8.8 (High) and has been assigned the identifier CVE-2025-5071. Affecting […]

The post Over 100,000 WordPress Sites Exposed to Privilege Escalation via MCP AI Engine appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Banana Squad hid data-stealing malware in fake GitHub repos posing as Python tools, tricking users and targeting sensitive info like browser and wallet data.

The North Korean state-sponsored threat actor group, identified as TA444 (also known as BlueNoroff, Sapphire Sleet, and others), has unleashed a sophisticated malware campaign targeting cryptocurrency foundations. This intricate attack, uncovered by Huntress, leverages weaponized Calendly links and deceptive Google Meet invitations to deliver a barrage of malicious payloads, specifically designed for macOS systems. The […]

The post North Korean Hackers Deploy Malware Using Weaponized Calendly and Google Meet Links appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Author/Presenter: Angela Fischer (Jupiter Broadcasting Co-Owner)

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: How To Linuxfest appeared first on Security Boulevard.

The China-based advanced persistent threat (APT) group Silver Fox, also known as Void Arachne or The Great Thief of Valley, has been identified as the orchestrator of a complex multi-stage campaign targeting healthcare delivery organizations (HDOs) and public sector entities. Active since 2024 and believed to be state-sponsored, Silver Fox is deploying cyber espionage and […]

The post Silver Fox APT Uses Weaponized Medical Software to Deploy Remote Access Tools and Disable AV appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Juneteenth National Independence Day 2025

Permalink

The post Juneteenth National Independence Day 2025 appeared first on Security Boulevard.

Minecraft, the wildly popular sandbox game with over 200 million monthly active players, has become the latest hunting ground for cybercriminals. Check Point Research recently uncovered a sinister campaign targeting Minecraft users through the Stargazers Ghost Network, a Distribution as a Service (DaaS) platform operating on GitHub. This network distributes malware disguised as legitimate Minecraft […]

The post Gamers Targeted! Fake Minecraft Mods Enable Attackers to Take Control of Your System appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

China-linked APT Typhoon has reportedly targeted satellite firm Viasat, the group has breached multiple telecom providers in the past. China-linked APT group Salt Typhoon hacked the satellite communications firm Viasat, the cyber-espionage group has previously breached the networks of multiple other telecom providers in the United States and globally. Viasat is a global communications company […]

Физики придумали, как избежать ловушки космических струн и приблизить великое открытие.

Het Nederlandse spoor speelt een belangrijke rol in de verdediging van het NAVO-grondgebied. Daarom is een robuust spoornetwerk essentieel. Dat benadrukte Commandant der Strijdkrachten (CDS) generaal Onno Eichelsheim vanavond tijdens een bijeenkomst van ProRail in Den Haag. 

A vulnerability was found in Linux Kernel up to 5.15.30/5.16.16 and classified as problematic. Affected by this issue is the function free_log_tree of the file fs/btrfs/block-group.c of the component btrfs. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2022-48833. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.16.11. This issue affects the function configfs_register_subsystem/configfs_unregister_subsystem of the component configfs. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-48931. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.26/5.16.12. It has been classified as critical. This affects an unknown part of the file fs/btrfs/extent_io.c. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2022-48902. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.7.0. Affected is an unknown function of the component f2fs. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2023-52436. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.7.1. Affected is the function f2fs_rename of the component f2fs. The manipulation leads to reachable assertion. This vulnerability is traded as CVE-2023-52444. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.7.3. This affects the function dmt_stree of the component jfs. The manipulation leads to improper validation of array index. This vulnerability is uniquely identified as CVE-2023-52601. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.7.3. This vulnerability affects unknown code of the component jfs. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2023-52602. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.