Aggregator

The 20-year bureau pro wants to see what it’s like to fight ransomware from the private sector.

The post Top FBI cyber official Cynthia Kaiser exits for Halcyon appeared first on CyberScoop.

Abnormal AI found that engagement rates with VEC attacks globally is “worrisomely high”, overtaking BEC in the EMEA region

Бизнесу придётся выбирать “своих”.

暗网惊现超强加密工具，你的电脑还安全吗？

看雪论坛作者ID：櫬木汐

欢迎点赞、转发、评论！！！

6月7日-9日，2025全球人工智能技术博览会，不见不散！

A significant denial of service vulnerability has been discovered in ModSecurity, one of the most widely deployed open-source web application firewall (WAF) engines used to protect Apache, IIS, and Nginx web servers.  The vulnerability, designated as CVE-2025-48866, affects all ModSecurity versions prior to 2.9.10 and allows attackers to crash systems through exploitation of the sanitiseArg […]

The post New ModSecurity WAF Vulnerability Let Attackers Crash the System appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5523. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #585711 / VDB-310218

A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2025-5522. The attack may be launched remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders. Cybersecurity researchers have uncovered a sophisticated campaign where attackers leverage the widely-used Node Package Manager (NPM) ecosystem to distribute harmful code disguised as legitimate libraries. This attack vector exploits the trust developers place in […]

The post Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #585342 / VDB-310959

银河系被广泛认为会在 45 亿年之后与其最近邻居仙女座相撞。但最新研究认为这并非是必然发生的。研究团队分析了来自哈勃和盖亚的资料，考虑了 22 种可能影响我们星系与邻近星系之间潜在碰撞的不同变量，并进行多达 10 万次的电脑模拟，并延伸至未来 100 亿年。由于变数太多，每个变数都有误差，累积起来对结果的不确定性相当大，结果显示银河系和仙女座在接下来 100 亿年内发生真正碰撞的机率只有约 50%，换言之，另一半的机率可能只是擦身而过，而非正面相撞。研究团队指出预测星系相互作用的长期未来具有很大的不确定性，但新发现挑战了先前的共识，并表明银河系的命运仍然是一个悬而未决的问题。再考虑到太阳会在大约 10 亿年后让地球变得不适合居住，而太阳本身也很可能在 50 亿年后燃烧殆尽，因此与仙女座相撞是我们在宇宙中最不需要担心的事。

Submit #584986 / VDB-310958

Submit #584947 / VDB-214689

Проверка на устойчивость закончилась падением на ровном месте.

A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim's contacts list. "Recent

A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-5521. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A high-severity denial-of-service (DoS) vulnerability (CVE-2025-48866) has been identified in ModSecurity’s Apache module (mod_security2), threatening web application firewall stability. Rated 7.5/10 on the CVSS scale, this flaw enables attackers to crash servers by exploiting argument sanitization logic, with patches now available in version 2.9.10. Sanitisation Logic Flaw The vulnerability stems from ModSecurity’s sanitiseArg action, designed […]

The post New ModSecurity WAF Vulnerability Enables Attackers to Crash Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.