Aggregator

北京谋智火狐信息技术有限公司（北京火狐）宣布，2025 年 5 月 8 日，Mozilla 与北京火狐达成一致，北京火狐将不再运营 Firefox 浏览器及任何与 Firefox 有关的中国大陆业务。自 2025 年 9 月 29 日晚 24:00 起，Firefox 火狐中文官方网站（firefox.com.cn）、Firefox 火狐社区网站（mozilla.com.cn）、Firefox 火狐通行证账户服务（accounts.firefox.com.cn）及 Firefox 火狐主页（home.firefoxchina.cn）将正式停止运营，所有相关功能将终止。自即日起，Firefox 火狐中文官方网站 www.firefox.com.cn 将不再提供 Firefox 浏览器相关产品的下载。中国火狐用户需要在 2025 年 9 月 29 日前将北京火狐服务器上的数据同步到本地，在这之后所有数据都将删除。Mozilla Firefox 用户不受任何影响。

Как автоматические системы превращают фото в оружие суда.

Личные признания, измены, аборты — и всё это теперь доступно каждому.

Outpost24’s threat intelligence researchers have uncovered the operations of Lionishackers, a financially motivated cyber threat actor specializing in the exfiltration and illicit sale of corporate databases. This group employs an opportunistic approach to target selection, with a notable preference for entities in Asian countries such as Thailand, Syria, and India. While primarily driven by profit, […]

The post Lionishackers Exfiltrate Sensitive Corporate Databases for Sale on the Dark Web appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Alkacon OpenCms 10.5.3 and classified as problematic. Affected by this vulnerability is the function gallery of the component SVG Image Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2018-8815. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in OpenEMR up to 5.0.1.3. It has been classified as critical. This affects an unknown part of the file interface/super/manage_site_files.php of the component File Upload. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2018-15139. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenEMR up to 5.0.1.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file portal/account/register.php. The manipulation leads to improper authentication. This vulnerability is known as CVE-2018-15152. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Online Voting System 1.0. It has been classified as critical. Affected is an unknown function of the component Password Handler. The manipulation leads to 7pk security features. This vulnerability is traded as CVE-2018-6180. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Open-AudIT Professional 2.1. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Name/Description leads to cross site scripting. This vulnerability is known as CVE-2018-8903. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in OPAC EasyWeb Five 5.7. It has been declared as critical. This vulnerability affects unknown code of the file w2001/index.php?scelta=campi. The manipulation of the argument biblio as part of Parameter leads to sql injection. This vulnerability was named CVE-2018-17428. The attack can be initiated remotely. Furthermore, there is an exploit available.

Linux creator Linus Torvalds announced the release of Linux kernel version 6.16 on July 27, 2025, marking the end of what he described as a “nice and calm” development cycle. The latest stable release brings numerous performance improvements, networking enhancements, and driver fixes across multiple hardware platforms, continuing the kernel’s evolution with focused stability improvements […]

The post Linux 6.16 Released with Performance and Networking Enhancements appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Not all browser add-ons are handy helpers – some may contain far more than you have bargained for

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that enables attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework, potentially exposing sensitive user data including files protected by privacy controls and information cached by Apple Intelligence. Vulnerability Overview The newly discovered vulnerability, dubbed “Sploitlight” by Microsoft researchers, exploits Spotlight plugins to access private […]

The post New macOS Vulnerability Allows Attackers to Steal Private Files by Bypassing TCC appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in MetForm Plugin up to 4.0.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument mf-template leads to cross site scripting. This vulnerability is handled as CVE-2025-5684. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in SolarWinds Web Help Desk up to 12.8.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Configuration Handler. The manipulation leads to xml external entity reference. This vulnerability is known as CVE-2025-26400. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

仙女座大星系近旁发现被称为 SDSO1 的星云。根据一篇预印本，SDSO1 可能并非来自仙女座，而是位于银河系内的一个古老行星状星云，被命名为「幽灵行星状星云」（Ghost Planetary Nebula, GPN）。这项研究由多位业余天文摄影师联合完成。研究团队透过影像显示的弓形震波与尾迹结构，并比对银河系内，距离地球约 600 光年的共生双星 EG Andromedae（仙女座EG）的位置与特性，推论这片云气正是由该双星系统在数十万年前抛出的壳层所形成，进而成为行星状星云。分析显示，仙女座EG 以每秒约 107 公里的速度穿越星际介质，因而产生壮观的弓形结构与长达 45 光年的尾迹。这类行星状星云在演化后期已极度稀薄而黯淡，但因与周围介质的高速交互作用才显现，SDSO1 也因此成为已知首个被提出的幽灵行星状星云案例。研究团队还辨识出银河系内另有 7 个具有类似特征的幽灵行星状星云候选天体，显示这类古老天体可能比我们以往认为的更为普遍。

Злоумышленники бесплатно публикуют базы в Telegram назло компаниям.

Two pro-Ukraine hacktivists have claimed responsibility for a destructive attack on Aeroflot

Varonis released Next-Gen Database Activity Monitoring (DAM), a new approach to database security that deploys quickly and overcomes the challenges legacy vendors face in preventing data breaches and ensuring regulatory compliance. Databases are the backbone of the global economy and serve as the central nervous system of AI, yet they’ve never been harder to protect. Lack of competition and complex barriers to entry have stifled innovation in the DAM market. “Legacy DAM solutions use outdated, … More →

The post Varonis unveils Next-Gen Database Activity Monitoring for agentless database security and compliance appeared first on Help Net Security.

Security researchers have examined a complex online shell script called UpdateChecker.aspx that was installed on compromised Internet Information Services (IIS) servers in response to a notable increase in cyberthreats directed at Microsoft Windows installations. This analysis stems from a follow-up investigation by FortiGuard’s Incident Response Team into a prolonged intrusion at a Middle East critical […]

The post Hackers Exploit IIS Servers with New Web Shell Script for Full Remote Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.