Aggregator

'Tijd om de stap te zetten'. Dat is de boodschap van de nieuwe wervingscampagne die Defensie vandaag lanceert. De campagne moet jongeren activeren om hun twijfels overboord te gooien. Barrières oplossen die hen ervan weerhoudt om daadwerkelijk bij Defensie te solliciteren.

It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that allows users to log in with biometrics or a hardware key. According to FIDO, over 15 billion accounts have been passkey-enabled, with 69% […]

The post Breaking the Passkey Promise: SquareX Discloses Major Passkey Vulnerability at DEF CON 33 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability marked as problematic has been reported in IBM Watson Studio on Cloud Pak for Data 4.0/5.0. This impacts an unknown function of the component Web UI. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2024-49790. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

Prisma SASE作为战略级产品，正在成为引领企业安全与价值创新的关键引擎，带来前所未有的战略价值。

Модель нового поколения думает иначе, учится быстрее и рвёт лидеров на старте.

A new report from the Brennan Center for Justice says the Trump administration has foreshadowed plans to meddle with mail-in voting, voter rolls and much more.

The post Trump administration setting the stage for elections power grab, voting rights group warns appeared first on CyberScoop.

The emergence of sophisticated cybercriminal organizations continues to pose significant threats to individuals and institutions worldwide, with the UTG-Q-1000 group representing one of the most concerning developments in recent cybersecurity history. This highly organized criminal network has demonstrated exceptional technical prowess by exploiting China’s national childcare subsidy policy, transforming what should be a beneficial government […]

The post UTG-Q-1000 Group Weaponizing Subsidy Schemes to Exfiltrate Sensitive Data appeared first on Cyber Security News.

The SpiderLabs Threat Hunt Team recently discovered a cyber campaign in which threat actors used the genuine ScreenConnect remote management application as a weapon to spread the Xworm Remote Access Trojan (RAT) through a multi-phase infection chain. The attack begins with social engineering tactics, including phishing, malvertising, and deceptive social media posts, luring users to […]

The post Weaponized ScreenConnect RMM Tool Deceives Users into Installing Xworm RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Reolink Web and Mobile App Services 4.54.0.4.20250526 and classified as critical. This issue affects some unknown processing. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2025-55621. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Reolink App 4.54.0.4.20250526 on Android. This vulnerability affects unknown code. Performing manipulation results in improper initialization. This vulnerability is cataloged as CVE-2025-55619. The attack must originate from the local network. There is no exploit available.

A vulnerability was found in Reolink App 4.54.0.4.20250526 on Android and classified as problematic. This affects an unknown function of the component Setting Handler. Such manipulation leads to public cloneable() method without final ('object hijack'). This vulnerability is traded as CVE-2025-55622. An attack has to be approached locally. There is no exploit available.

A vulnerability described as critical has been identified in Reolink App 4.54.0.4.20250526 on Android. Impacted is an unknown function of the component ADB Handler. Executing manipulation can lead to improper authentication. This vulnerability is tracked as CVE-2025-55623. The physical device can be targeted for the attack. No exploit exists.

A vulnerability classified as problematic was found in Reolink App 4.54.0.4.20250526 on Android. The impacted element is the function valuateJavascript. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-55620. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Reolink App 4.54.0.4.20250526 on Android. This affects an unknown function. This manipulation causes improper verification of intent by broadcast receiver. This vulnerability is registered as CVE-2025-55624. The attack needs to be launched locally. No exploit is available.

A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7 and classified as critical. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. This vulnerability is traded as CVE-2025-9140. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The affected component should be upgraded. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+."

A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4 and classified as critical. This vulnerability affects unknown code of the file crm/WeiXinApp/yunzhijia/event.php. This manipulation of the argument openid causes sql injection. This vulnerability is handled as CVE-2025-8908. The attack can be initiated remotely. Additionally, an exploit exists. The affected component should be upgraded. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+."

A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Impacted is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. This vulnerability is listed as CVE-2025-8528. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as problematic, was found in Drupal Open Social up to 12.3.7/12.4.4. This issue affects some unknown processing. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2024-13273. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

Farmers Insurance has disclosed a data breach stemming from unauthorized access to a third-party vendor’s database, potentially compromising the personal information of approximately 1.1 million customers. The breach, detected on May 30, 2025, involved an unauthorized actor infiltrating a system managed by the vendor, which housed sensitive customer data. Farmers, encompassing Farmers Insurance Exchange, Farmers […]

The post Farmers Insurance Breach Exposes Data of 1.1 Million Customers via Salesforce Compromise appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.