Aggregator

CVE-2025-2045 | GitLab Enterprise Edition up to 17.7.5/17.8.3/17.9.0 authorization (Issue 512050 / Nessus ID 232215)

Vuldb Updates
8 months 2 weeks ago
A vulnerability has been found in GitLab Enterprise Edition up to 17.7.5/17.8.3/17.9.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2025-2045. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-1540 | GitLab Community Edition/Enterprise Edition up to 17.6.4/17.7.3/17.8.1 Internal Project authorization (Nessus ID 232197)

Vuldb Updates
8 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 17.6.4/17.7.3/17.8.1. This issue affects some unknown processing of the component Internal Project Handler. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2025-1540. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
8 months 2 weeks ago

North Korean state-sponsored threat actors associated with the Lazarus Group, specifically the subgroup known as Famous Chollima, have evolved their tactics by deploying a new Python-based remote access trojan (RAT) dubbed PyLangGhost. This malware represents a reimplementation of the earlier GoLangGhost RAT, exhibiting code structures indicative of AI-assisted porting, including Go-like logic patterns and extensive […]

The post Lazarus Hackers Use Fake Camera/Microphone Alerts to Deploy PyLangGhost RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Nederland draagt bij aan training van 56.000 Oekraïners in Verenigd Koninkrijk

Defensie.nl - Nieuwsberichten
8 months 2 weeks ago
Meer dan 56.000 Oekraïners zijn sinds 2022 in het Verenigd Koninkrijk getraind om hun land te kunnen verdedigen. De basisvaardigheden als militair zijn hen onder andere bijgebracht door Nederlandse militairen, onder de noemer Operatie Interflex. Nederland steunt Oekraïne waar mogelijk, dus ook met het trainen van militairen. Voor minister Ruben Brekelmans alle reden om zich vandaag persoonlijk op de hoogte te laten stellen van deze trainingen.

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

The Hackers News
8 months 2 weeks ago
Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the
The Hacker News

Contrast Security Adds GitHub Copilot and Sumo Logic Integrations to ADR Platform

Security Boulevard
8 months 2 weeks ago

This week at the Black Hat USA 2025 conference, Contrast Security added integrations with GitHub Copilot and the security information and event management (SIEM) platform from Sumo Logic to the Northstar edition of its application detection and response (ADR) platform. The ADR platform from Contrast Security maps live attack paths and correlates runtime behavior to surface..

The post Contrast Security Adds GitHub Copilot and Sumo Logic Integrations to ADR Platform appeared first on Security Boulevard.

Michael Vizard

Akira and Lynx Ransomware Target MSPs Using Stolen Credentials and Exploited Vulnerabilities

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
8 months 2 weeks ago

The Acronis Threat Research Unit (TRU) dissected recent samples from the Akira and Lynx ransomware families, revealing incremental enhancements in their ransomware-as-a-service (RaaS) models and double-extortion strategies. Both groups leverage stolen credentials, VPN vulnerabilities, reconnaissance, privilege escalation, defense evasion, and data exfiltration to infiltrate systems, primarily targeting small and medium-sized businesses (SMBs) with recycled yet […]

The post Akira and Lynx Ransomware Target MSPs Using Stolen Credentials and Exploited Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Play

Dark Feed IO
8 months 2 weeks ago

You must login to view this content

cohenido

Play

Dark Feed IO
8 months 2 weeks ago

You must login to view this content

cohenido

Play

Dark Feed IO
8 months 2 weeks ago

You must login to view this content

cohenido

Play

Dark Feed IO
8 months 2 weeks ago

You must login to view this content

cohenido

Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

The Hackers News
8 months 3 weeks ago
The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device "monitoring" apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive
The Hacker News

Threat Actors Exploit Smart Contracts to Drain Over $900K from Crypto Wallets

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
8 months 3 weeks ago

SentinelLABS has exposed a sophisticated series of cryptocurrency scams where threat actors distribute malicious smart contracts masquerading as automated trading bots, resulting in the drainage of user wallets exceeding $900,000 USD. These scams leverage obfuscated Solidity code deployed on platforms like the Remix Solidity Compiler, targeting Ethereum-based ecosystems. The campaigns, active since early 2024, employ […]

The post Threat Actors Exploit Smart Contracts to Drain Over $900K from Crypto Wallets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad