Aggregator

A vulnerability was found in UBtech Freepass 1.3.1807.1500. It has been classified as problematic. Affected is an unknown function. The manipulation leads to open redirect. This vulnerability is traded as CVE-2025-23183. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in measure-cold-start 1.4.1 and classified as critical. This issue affects some unknown processing of the component Customer Cloud Account Handler. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2025-45471. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability has been found in UBtech Freepass 1.3.1807.1500 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information exposure through discrepancy. This vulnerability was named CVE-2025-23182. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in EnterpriseDB pglogical and BDR PGD. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-2506. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

通过简单的指纹统计进行流量分类 by ourren

更多最新文章，请访问SecWiki

The loosely affiliated hacking group has shifted closer to ransomware gangs, raising questions about Scattered Spider's ties to the Russian cybercrime underground.

想要成为施瓦辛格那样的健美先生？成为施瓦辛格是有代价的，统计显示健美先生有高心源性猝死风险，施瓦辛格本人过去十年就做过多次心脏手术。研究人员跟踪了 20286 名参加国际健美与健身联合会(IFBB)比赛的健美先生，平均随访时间为 8.1±3.8 年，研究期间发生了 121 例死亡：73 例为猝死，其中 46 例为心源性猝死——尸检结果显示心脏扩大和心室肥大。统计显示，现役健美先生的心源性猝死发病率为每 10 万职业年 32.83 例，职业选手的发病风险高于业余选手。

Halo Security, a leading provider of attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type 1 compliance following a comprehensive audit by Insight Assurance. This certification validates that Halo Security’s security controls and practices are properly designed and implemented to meet the SOC 2 trust principles. “Security isn’t a destination; it’s […]

The post Halo Security Achieves SOC 2 Type 1 Compliance, Validating Security Controls for Its Attack Surface Management Platform appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

注学习了一下 Uber 的跨云平台密钥管理方案，简单翻译了一下，英文不错的师傅可以直接翻到文末的原文链接看原文

Socket’s Threat Research Team, a series of malicious npm packages have been found lurking in the JavaScript ecosystem for over two years, amassing more than 6,200 downloads. These weaponized packages, targeting popular frameworks like React, Vue.js, Vite, Node.js, and the Quill Editor, were crafted by a threat actor under the npm alias “xuxingfeng” (linked to […]

The post Hackers Deploy Weaponized npm Packages to Target React and Node.js JavaScript Frameworks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Halo Security, a leading provider of attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type 1 compliance following a comprehensive audit by Insight Assurance. This certification validates that Halo Security’s security controls and practices are properly designed and implemented to meet the SOC 2 trust principles. “Security isn’t a destination; it’s […]

The post Halo Security Achieves SOC 2 Type 1 Compliance, Validating Security Controls for Its Attack Surface Management Platform appeared first on Cyber Security News.

装在包里的空间大屏，但它或许没想取代你的电脑。

​芯片已经上了手机，YU7 还得再等两个月。

Malware campaign exploiting TikTok’s popularity has been observed using social engineering to spread Vidar and StealC

Police arrested 270 suspects following an international law enforcement action codenamed 'Operation RapTor' that targeted dark web vendors and customers from ten countries. [...]

Datadog Security Research has uncovered a targeted malware campaign aimed at Solidity developers on Windows systems, using malicious Visual Studio Code (VS Code) extensions as the initial attack vector. Identified as the work of a single threat actor tracked as MUT-9332, this operation deployed three trojanized extensions solaibot, among-eth, and blankebesxstnion disguised as legitimate tools […]

The post Malicious VS Code Extensions Target Windows Solidity Developers to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The [“BadSuccessor”] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement,” Akamai researcher Yuval Gordon warned. BadSuccessor attack technique explained The exploitable feature was introduced to help organizations replace the legacy non-managed service accounts … More →

The post Unpatched Windows Server vulnerability allows full domain compromise appeared first on Help Net Security.

Вредоносный модуль маскируется под веб-сервер.

The U.S. Justice Department, in collaboration with the FBI and private sector partners like Microsoft, has announced the disruption of the Lumma Stealer (also known as LummaC2) malware infrastructure. This global operation targeted the notorious Malware-as-a-Service (MaaS) platform, which has been linked to over 1.7 million instances of data theft worldwide. The unsealing of two […]

The post Lumma Stealer Infrastructure Behind Global Attacks on Millions of Users Dismantled appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.