Aggregator

In the past decade, social engineering attacks have become more sophisticated and prevalent than ever. From AI voice impersonation to deepfake video calls, cybercriminals are leveraging the latest technology to make their scams increasingly convincing. Despite growing awareness of these threats, social engineering remains one of the most successful attack methods because it exploits something technology can't secure—human psychology.

More than 70% of successful breaches start with social engineering attacks. Whether you're a business professional, student, or retiree, understanding how these scams work is your first line of defense.

The post Learn & Avoid Social Engineering Scams in 2025 appeared first on Security Boulevard.

The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor's malicious payload into an external process, waitfor.exe,

A vulnerability was found in D-Link DIR-859 A3 up to 1.05. It has been classified as critical. This affects an unknown part of the file /getcfg.php. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-57045. It is possible to initiate the attack remotely. There is no exploit available.

Unit21 launched its new scams solution that helps financial institutions and fintechs detect and stop scams before they cause financial harm. Using AI automation, the new solution can be integrated into a fraud team’s workflow to accelerate investigations and response times while also incorporating IP insights and consortium signals to prevent and detect scams before they hit consumer financial accounts. Advancements in technology have allowed criminals to scam consumers and businesses at unprecedented speed and … More →

The post Unit21 empowers financial institutions to detect and stop scams appeared first on Help Net Security.

A vulnerability was found in TP-LINK WR840N v6 up to 0.9.1 4.16 and classified as critical. Affected by this issue is some unknown functionality of the file /cgi. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-57050. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in TP-LINK Archer C20 up to 6.6_230412 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cgi. The manipulation leads to improper authentication. This vulnerability is known as CVE-2024-57049. The attack can be launched remotely. There is no exploit available.

Trend Micro found that Chinese espionage group Mustang Panda is deploying malware via legitimate Microsoft tools, enabling it to bypass ESET antivirus applications

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.77/6.12.13/6.13.2/6.14-rc1. Affected is the function qdisc_tree_reduce_backlog of the component netem. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-21703. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.13/6.13.2/6.14-rc1. This issue affects some unknown processing of the component pfifo_tail_enqueue. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2025-21702. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

OpenSSH修复了两个高危漏洞，可能导致中间人攻击和DoS攻击，威胁敏感数据和关键服务器。用户需立即升级至9.9p2版本以防范风险。

Яндекс Браузер зафиксировал рост атак на 20% по сравнению с декабрем.

Amazon GuardDuty is often referred to as the security hub of Amazon’s cloud ecosystem. It provides advanced threat detection by analyzing run-time (OS-level) activities, network traffic logs, and security events. Amazon describes it as “a single runtime monitoring solution for your compute on AWS.”  In our latest Veriti research, we analyzed Amazon GuardDuty logs to […]

The post Inside Amazon GuardDuty: What the Logs Reveal About Cloud Security  appeared first on VERITI.

The post Inside Amazon GuardDuty: What the Logs Reveal About Cloud Security  appeared first on Security Boulevard.

A vulnerability classified as critical was found in undsgn Uncode Core Plugin up to 2.9.1.6 on WordPress. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability was named CVE-2024-13689. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Netgear DGN2200 up to 1.0.0.46. This affects an unknown part. The manipulation of the argument x with the input 1.gif leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-57046. It is possible to initiate the attack remotely. There is no exploit available.