Why Quiet Expertise No Longer Wins Cybersecurity Clients
There’s a graveyard of brilliant cybersecurity companies that no one has ever heard of. These firms had incredible…
Aggregator
BGP 系统的 Bug 处理方式导致部分网络故障
10 months 4 weeks ago
2025 年 5 月 20 日 7AM (UTC) ,可能是和记黄埔(AS9304)或 Starcloud(AS135338)广播了一则有问题的 BGP 消息,该消息包含了损坏的 BGP Prefix-SID Attribute。BGP Prefix-SID Attribute 主要用于内部 BGP 会话,在单一网络内部路由流量,它泄漏到全局路由表可能是因为将外部 BGP 会话错误配置为内部会话。对于错误的 BGP 消息,配置了 RFC7606 (“BGP 容错”)的系统会将其过滤或丢弃掉。然而 JunOS 系统没有丢弃错误消息,而是转发给了对等网络,直到该消息被没有配置 BGP 容错的 Arista EOS 系统接收到,最终导致部分网络发生故障,可能导致客户网络连接短暂中断。运行 JunOS 系统的 Juniper 硬件被互联网中转运营商广泛使用,受到此次事故影响的网络包括了 SpaceX Starlink AS14593、字节跳动 AS396986、Disney Worldwide Services AS23344 等。
CVE-2012-2908 | Viscacha 0.8.1.1 bbcodetag sql injection (EDB-18873 / XFDB-75575)
10 months 4 weeks ago
A vulnerability has been found in Viscacha 0.8.1.1 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument bbcodetag leads to sql injection.
This vulnerability was named CVE-2012-2908. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
New Android Malware GhostSpy Let Attacker Take Full Control Over Infected Devices
10 months 4 weeks ago
A sophisticated new Android malware strain called GhostSpy has emerged as a significant threat to mobile device security, demonstrating advanced capabilities that allow cybercriminals to achieve complete control over infected smartphones and tablets. This web-based Remote Access Trojan (RAT) employs a multi-stage infection process, beginning with a seemingly innocuous dropper application that silently escalates privileges […]
The post New Android Malware GhostSpy Let Attacker Take Full Control Over Infected Devices appeared first on Cyber Security News.
Tushar Subhra Dutta
Russia-linked APT Laundry Bear linked to 2024 Dutch Police attack
10 months 4 weeks ago
A new Russia-linked APT group, tracked as Laundry Bear, has been linked to a Dutch police security breach in September 2024. Netherlands General Intelligence and Security Service (AIVD) and the Netherlands Defence Intelligence and Security Service (MIVD) have linked a previously undetected Russia-linked group, tracked Laundry Bear (aka Void Blizzard), to a 2024 police breach. […]
Pierluigi Paganini
Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable
10 months 4 weeks ago
Not every "critical" vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what's actually exploitable in your environment — so you can patch what matters. [...]
Sponsored by Picus Security
CVE-2008-3163 | Regretless Dodos Mail 2.5 dodosmail.php dodosmail_header_file path traversal (EDB-32011 / XFDB-43625)
10 months 4 weeks ago
A vulnerability has been found in Regretless Dodos Mail 2.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file dodosmail.php. The manipulation of the argument dodosmail_header_file leads to path traversal.
This vulnerability is known as CVE-2008-3163. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
Nova Ransomware Group Targets Education NGO in El Salvador
10 months 4 weeks ago
You must login to view this content
cohenido
RALord
10 months 4 weeks ago
You must login to view this content
cohenido
Vietnam orders ban on Telegram messaging app over security concerns
10 months 4 weeks ago
The government, which previously criticized the app for so-called "subversive" activity on the platform, alleged Telegram had not cooperated with authorities in addressing criminal activity.
Government Calls on Organizations to Adopt SIEM and SOAR Solutions
10 months 4 weeks ago
In a landmark initiative, international cybersecurity agencies have released a comprehensive series of publications to guide organizations through the implementation and prioritization of Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms. These resources aim to help both executives and practitioners navigate the complexities of modern cyber defense, from procurement […]
The post Government Calls on Organizations to Adopt SIEM and SOAR Solutions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Anupriya
Mozilla security advisory (AV25-297)
10 months 4 weeks ago
Canadian Centre for Cyber Security
Hunters
10 months 4 weeks ago
You must login to view this content
cohenido
Hunters
10 months 4 weeks ago
You must login to view this content
cohenido
CVE-2002-2318 | BlueFace Falcon Web Server up to 2.0.0.1021 404 Error Message cross site scripting (EDB-21698 / XFDB-9812)
10 months 4 weeks ago
A vulnerability was found in BlueFace Falcon Web Server up to 2.0.0.1021. It has been declared as problematic. This vulnerability affects unknown code of the component 404 Error Message. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2002-2318. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
Hunters
10 months 4 weeks ago
You must login to view this content
cohenido
Hunters
10 months 4 weeks ago
You must login to view this content
cohenido
Hunters
10 months 4 weeks ago
You must login to view this content
cohenido
Dutch Intelligence Exposes Russian “Laundry Bear” Hackers Behind Police Hack
10 months 4 weeks ago
Dutch intelligence services have identified a previously unknown Russian hacking group responsible for cyberattacks on multiple Dutch organizations, including a significant breach of the national police system in September 2024 that compromised work-related contact information of officers. The Netherlands General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD) announced Tuesday that […]
The post Dutch Intelligence Exposes Russian “Laundry Bear” Hackers Behind Police Hack appeared first on Cyber Security News.
Guru Baran
Монстр на 128 ядрах: Китай делает суперкомпьютер с лицом AMD, но без AMD
10 months 4 weeks ago
Hygon и Sugon создают гиганта.