Aggregator

Submit #514101 / VDB-280376

Submit #514089 / VDB-298800

Employees of a third-party company hacked into StubHub's computer system, stole almost 1,000 digital tickets to Taylor Swift concerts and other events, and emailed them to conspirators in New York, who then sold them on StubHub in a scheme that brought them $635,000 in profit.

The post Hackers Made $600,000 Selling Stolen Taylor Swift Concert Tickets appeared first on Security Boulevard.

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argument search leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-2047. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #514015 / VDB-298797

Securing Active Directory (AD) is a critical priority for organizations. Misconfigurations in AD, such as excessive permissions, outdated protocols, or unprotected service accounts, are common targets for attackers. Traditional methods of manually running disjointed PowerShell scripts to audit AD environments are time-consuming, error-prone, and ill-suited for modern security demands. To address this gap, cybersecurity professionals […]

The post InvokeADCheck – Powershell Based Tool to Detect Active Directory Misconfigurations appeared first on Cyber Security News.

YouTube creators are being targeted by scammers seeking out their credentials, using deepfake tactics to lure them in with a false sense of legitimacy.

Submit #514011 / VDB-298777

Submit #514010 / VDB-288193

A vulnerability was found in SourceCodester Best Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/print1.php. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2025-2046. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #513997 / VDB-240883

Submit #513996 / VDB-240882

A vulnerability has been found in GitLab Enterprise Edition up to 17.7.5/17.8.3/17.9.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2025-2045. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #513995 / VDB-248256

Submit #513994 / VDB-242864

Submit #513993 / VDB-242863

Submit #513992 / VDB-240885

Security researchers at SEC Consult have discovered a significant vulnerability in CrowdStrike’s Falcon Sensor that allowed attackers to bypass detection mechanisms and execute malicious applications. This vulnerability, dubbed “Sleeping Beauty,” was initially reported to CrowdStrike in late 2023 but was dismissed as merely a “detection gap.” The bypass technique involved suspending the EDR processes rather […]

The post Researchers Bypassed CrowdStrike Falcon Sensor to Execute Malicious Applications appeared first on Cyber Security News.

Submit #513971 / VDB-298796

Socure launched Identity Manipulation Risk Score, a cross-industry predictive risk score designed to stop repeat first-party fraud abusers from exploiting the digital economy at scale. This AI-powered capability is embedded within Sigma First-Party Fraud, Socure’s innovative solution that leverages the largest cross-industry first-party fraud consortium to perform real-time analysis of dispute histories, payment denials, and account closures across millions of identities and billions of transactions. Socure’s first-party fraud consortium spans major financial institutions, fintechs, payment … More →

The post Socure launches Identity Manipulation Risk Score appeared first on Help Net Security.