Aggregator

Signal 项目宣布其桌面应用在默认下不能被 Recall——aka 被屏幕截图。Microsoft Recall 会在用户使用电脑时每几秒钟截取一次屏幕截图，提取屏幕内容将其存储在一个可搜索的数据库中。Recall 引发了隐私和安全方面的争议，微软因此进行多项调整。Signal 桌面应用将默认启用支持新的“屏幕安全”设置，阻止 Recall 在用户使用 Signal 时进行屏幕截图。

International law enforcement agencies and cybersecurity vendors seized thousands of domains used to run the MaaS operations of the widely popular Lumma Stealer malware, which was used to facilitate ransomware, malvertising, and phishing attacks around the globe.

The post Law Enforcement, Microsoft Disrupt Operations of Popular Lumma Stealer appeared first on Security Boulevard.

Security researcher has discovered a zero-day vulnerability (CVE-2025-37899) in the Linux kernel’s SMB server implementation using OpenAI’s o3 language model. The vulnerability, a use-after-free bug in the SMB ‘logoff’ command handler, could potentially allow remote attackers to execute arbitrary code with kernel privileges. This discovery marks a significant advancement in AI-assisted vulnerability research, demonstrating how […]

The post Linux Kernel Zero-Day SMB Vulnerability Discovered via ChatGPT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability has been discovered in Netwrix Password Secure, an enterprise password management solution, allowing authenticated attackers to execute arbitrary code on victim machines. The vulnerability, identified as CVE-2025-26817, affects all versions of Netwrix Password Secure up to version 9.2.2, exposing organizations that haven’t updated to the latest release. The flaw resides in […]

The post Netwrix Password Manager Vulnerability Allows Authenticated Remote Code Execution appeared first on Cyber Security News.

A vulnerability was found in Apple watchOS up to 8.6 and classified as problematic. Affected by this issue is some unknown functionality of the component Apple Neural Engine. The manipulation leads to sandbox issue. This vulnerability is handled as CVE-2022-32845. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Online Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file /net-banking/edit_customer_action.php. The manipulation of the argument cust_id leads to sql injection. This vulnerability is known as CVE-2022-40122. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in vim and classified as critical. This issue affects some unknown processing. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2022-3296. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access," Cisco Talos researchers

Gujarat Anti-Terrorism Squad (ATS) has apprehended two individuals, including a minor, for orchestrating a series of sophisticated cyber attacks against Indian websites and disseminating anti-national content online. The arrests came as part of “Operation Sindoor,” a targeted cybersecurity initiative that identified over 50 attacks on critical digital infrastructure. The suspects, who demonstrated advanced technical proficiency […]

The post Gujarat Teen Arrested for Orchestrating Over 50 Cyberattacks in ‘Operation Sindoor’ appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

То, что считали невозможным с 70-х, внезапно оказалось возможным. Просто никто не смотрел с этой стороны.

Cyberaanvallen zijn inmiddels niet meer weg te denken uit de maatschappij. Of het nu gaat om de haven van Rotterdam, een ziekenhuis of een defensielocatie. De aanvallen hebben inmiddels op iedereen impact. Europa moet zich op het gebied van cybersecurity daarom nadrukkelijk roeren, vindt minister Ruben Brekelmans.

Author/Presenter: Cecilie Wian

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – PasswordsCon – Picking A Fight With The Banks appeared first on Security Boulevard.

The legislation Sens. Gary Peters and James Lankford would create an executive branch panel to align federal cyber rules.

The post Senators revive bill to harmonize conflicting cybersecurity regulations appeared first on CyberScoop.

Kettering Health is facing significant disruptions from a cyber-attack that impacted patient care