Aggregator

CISA paused plans to overhaul its advisory system after backlash from the infosec community

Some members of Congress seem more intent on grabbing headlines than actually working to make America more cyber secure.

How Weak Identity Security Posture Affects Organizations 

The report paints a clear picture: fraudsters are refining their strategies, targeting high-value credentials and exploiting vulnerabilities across all channels. Several statistics stand out, demanding immediate attention from security and risk leaders.  

The post TransUnion 2025 State of Omnichannel Fraud Report Insights appeared first on Security Boulevard.

Foxit launched Smart Redact Server, a new AI-driven platform built to automate the redaction of sensitive data at scale across enterprise environments. Designed for organizations that manage large volumes of regulated content, the solution enables legal, financial, healthcare, and compliance teams to detect and redact classified, personally identifiable (PII), and other sensitive information quickly, accurately, and securely. Smart Redact Server equips teams tasked with data privacy and regulatory compliance, including (but not limited to) enterprise … More →

The post Foxit Smart Redact Server automates the redaction of sensitive data appeared first on Help Net Security.

Newly disclosed information-stealing malware dubbed Katz Stealer has emerged as a significant threat to users of Chromium and Gecko-based browsers, with capabilities to extract sensitive data from over 78 browser variants. Developed in C and Assembly (ASM) for lightweight efficiency, the malware targets credentials, cookies (including version 20+), autofill data, CVV2 codes, OAuth tokens, cryptocurrency […]

The post Katz Stealer Malware Hits 78+ Chromium and Gecko-Based Browsers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

House of Dior, the French luxury fashion brand commonly referred to as Dior, has disclosed a cybersecurity incident that has exposed customer information. [...]

A vulnerability classified as critical was found in Linux Kernel up to 6.5.4. Affected by this vulnerability is the function dw2102_i2c_transfer of the component Media. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2023-53146. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Themewinter Eventin Plugin up to 4.0.26 on WordPress. Affected is an unknown function. The manipulation leads to relative path traversal. This vulnerability is traded as CVE-2025-47445. It is possible to launch the attack remotely. There is no exploit available.

Microsoft has disclosed two critical vulnerabilities in its Remote Desktop Gateway (RDG) service, posing significant risks to organizational networks. CVE-2025-26677 and CVE-2025-29831, both rated Important by Microsoft, enable denial-of-service (DoS) attacks and remote code execution (RCE), respectively. These flaws, patched in Microsoft’s May 2025 security update, underscore persistent challenges in securing remote access infrastructure. Security […]

The post Critical Vulnerability in Windows Remote Desktop Gateway Allows Denial-of-Service Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Zoho ManageEngine ADSelfService Plus up to 6513. It has been rated as critical. This issue affects some unknown processing of the component MFA Report. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-3833. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zoho ManageEngine ADAudit Plus up to 8510. It has been declared as critical. This vulnerability affects unknown code of the component OU History Report. The manipulation leads to sql injection. This vulnerability was named CVE-2025-3834. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Naukowa i Akademicka Sieć Komputerowa EZD RP up to 20.18. It has been classified as critical. This affects an unknown part of the file /api/Token/gettoken. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-4430. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Red Hat Enterprise Linux and Satellite and classified as critical. Affected by this issue is some unknown functionality of the component Yggdrasil. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is handled as CVE-2025-3931. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

Накопитель, который живёт по стандартам спецназа.

Newly disclosed vulnerability in Microsoft Outlook (CVE-2025-32705) permits attackers to execute arbitrary code on compromised systems through a memory corruption flaw. Rated 7.8 (CVSS v3.1) and classified as Important by Microsoft, this out-of-bounds read vulnerability (CWE-125) exposes email clients to localized attacks requiring minimal user interaction. With over 400 million enterprise users relying on Outlook […]

The post Critical Microsoft Outlook Flaw Enables Remote Execution of Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

McAfee is introducing McAfee’s Scam Detector, a new feature that automatically identifies scams across text, email, and video. Available now in all core McAfee plans at no extra cost, it arrives at a critical moment: nearly 1 in 3 Americans say they have fallen victim to an online scam in the last 12 months. To meet this growing threat, McAfee is protecting customers with advanced, in-plan, AI-powered scam detection – and driving education and awareness … More →

The post McAfee’s Scam Detector identifies scams across text, email, and video appeared first on Help Net Security.

Forwarded mail can be more trouble than it’s worth - especially when it’s done without checks, validation, or spam filtering. Typos, spamtraps, and forged senders can quickly snowball into blocklistings and delivery failures. In this second part on mail relays, we dive into the mess forwarding can cause, and what you can do to avoid it.

The post Mail relays – Part 2 | Problems with forwarded mail? appeared first on Security Boulevard.

A vulnerability has been found in ArcGIS 0; 0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component client_credentials OAuth 2.0 API. The manipulation leads to violation of secure design principles. This vulnerability is known as CVE-2025-0020. The attack can be launched remotely. There is no exploit available. This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves.

A vulnerability, which was classified as problematic, was found in Schneider Electric Modicon Controllers M241, Modicon Controllers M251, Modicon Controllers M258 and Modicon Controllers LMC058. Affected is an unknown function of the component URL Handler. The manipulation leads to externally controlled reference. This vulnerability is traded as CVE-2025-2875. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.