Aggregator

A vulnerability was found in IBM SmartCloud Analytics Log Analysis up to 1.3.8.2 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to client-side enforcement of server-side security. This vulnerability is handled as CVE-2024-41751. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM SmartCloud Analytics Log Analysis up to 1.3.8.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to client-side enforcement of server-side security. This vulnerability is known as CVE-2024-41750. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A Silicon Valley engineer with dual U.S.-China citizenship pleaded guilty to stealing critical defense technologies worth hundreds of millions of dollars, including classified systems designed to detect nuclear missile launches and track hypersonic weapons. The case highlights growing concerns about economic espionage and technology transfer to foreign adversaries. Engineer Admits to Massive Data Theft Chenguang […]

The post Silicon Valley Engineer Pleads Guilty in U.S. Missile Detection Data Theft Case appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

npm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. [...]

The 2025 Gartner® Market Guide provides crucial insights for security and risk management professionals seeking to understand the Digital Forensics and Incident Response (DFIR) retainer market, evaluate trends, refine requirements, and identify market players.

The post 2025 Gartner® Market Guide for DFIR Retainer Services appeared first on Sygnia.

У нас гораздо больше общего, чем мы казалось…

PlexTrac launched enhanced Workflow Automation Engine, a major product update designed to standardize workflows across the vulnerability lifecycle, automate pentest findings delivery, accelerate time to remediation, and increase operational efficiency. By leveraging the unified security data already centralized in PlexTrac, the new automation capabilities drive consistent, end-to-end vulnerability lifecycle management. Organizations spend a lot of time writing pentest reports, only to deliver them as static PDFs. These reports aren’t immediately actionable and stakeholders must manually … More →

The post PlexTrac Workflow Automation Engine enhancements accelerate time to remediation appeared first on Help Net Security.

BforeAI today disclosed the discovery of a phishing campaign that is leveraging the same core infrastructure to spoof multiple domains.

The post BforeAI Identifies Phishing Campaign Using Same Infrastructure Across Multiple Domains appeared first on Security Boulevard.

Germany’s AMEOS Hospital Network has confirmed a sophisticated cyberattack that compromised its IT infrastructure, leading to unauthorized access and potential exposure of sensitive data. Despite robust defenses including multi-factor authentication, intrusion detection systems, and regular vulnerability assessments, attackers managed to infiltrate the network, resulting in a brief but impactful breach. Potential Ramifications The incident involved […]

The post Cyberattack on Germany’s AMEOS Hospital Network Exposes Patient Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Help desk workers from the IT services company Cognizant were directly responsible for an August 2023 cyberattack that disrupted operations at the Clorox Company, the cleaning products giant alleges in a lawsuit.

Several ransomware groups used highly targeted social engineering tactics to create a major impact across several industry sectors in Q2 2025. 

With an industry forward by GSMA Intelligence, “ The application of AI/ML to workflow automation for complex networks” offers communications service providers (CSPs) a window into turning operational data oceans into a competitive differentiator. Recognizing the massive increase in network complexity and growing...

A vulnerability was found in fdkaac. It has been classified as critical. Affected is the function wav_open of the file /src/wav_reader.c. The manipulation leads to incorrect comparison. This vulnerability is traded as CVE-2022-36148. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in fdkaac 1.0.3. This affects the function __interceptor_memcpy.part.46 of the file /sanitizer_common/sanitizer_common_interceptors.inc. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-37781. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in fdkaac up to 1.0.4. This vulnerability affects the function read_callback of the file src/main.c. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2023-34823. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in fdkaac up to 1.0.4. This issue affects the function caf_info of the file caf_reader.c. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2023-34824. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

The Windows banking trojan known as Coyote has become the first known malware strain to exploit the Windows accessibility framework called UI Automation (UIA) to harvest sensitive information. "The new Coyote variant is targeting Brazilian users, and uses UIA to extract credentials linked to 75 banking institutes' web addresses and cryptocurrency exchanges," Akamai security researcher Tomer

Suspected admin of XSS.IS, a major Russian-language cybercrime forum, arrested in Ukraine after years of running malware and data trade operations.

A significant cybersecurity breach has exposed vulnerabilities in critical US government infrastructure, as the National Nuclear Security Administration (NNSA) was reportedly compromised through a Microsoft SharePoint zero-day exploit linked to Chinese government-affiliated hacking groups. Chinese Hackers Target Critical Infrastructure The breach came to light hours after Microsoft disclosed that Chinese government-affiliated hacking groups had been […]

The post US Nuclear Weapons Data Compromised via SharePoint Zero-Day Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.