Aggregator

Threat actors are leveraging the trusted brand of Indonesia’s state pension fund, PT Dana Tabungan dan Asuransi Pegawai Negeri (Persero), or TASPEN, to deploy a malicious Android application disguised as an official portal. This banking trojan and spyware targets pensioners and civil servants, exploiting legacy systems and digital transformation vulnerabilities to steal sensitive data including […]

The post New Malware Exploits TASPEN Legacy Systems to Target Indonesian Elderly appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has warned. About CVE-2025-34158 Plex Media Server (PMS) is software that allows users to turn their Windows/Linux/macOS computer or their network-attached storage devices into a personal media server. It organizes their movies, music, photos, and other media and enables them to stream the content on nearly … More →

The post 300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 appeared first on Help Net Security.

You must login to view this content

 An MSSP leader is no stranger to the relentless pressure of growth. With an expanding client base comes the daunting task of scaling threat detection capabilities: without compromising quality, speed, or your bottom line. The challenge that rises above all is how to grow while maintaining the balance between human potential and organizational demands. Human […]

The post MSSP Growth Guide: Scaling Threat Detection for Expanding Client Base  appeared first on ANY.RUN's Cybersecurity Blog.

Spotify this week unveiled a new Direct Messaging feature, enabling users to share songs, podcasts and audiobooks within the app. While the move promises streamlined recommendations and deeper engagement among friends, it also raises fresh security and privacy considerations. Rolling out to Free and Premium users aged 16 and older in select markets on mobile devices, the […]

The post Spotify Launches Direct Messaging Feature Amid Security Concerns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Nagios has addressed a significant cross-site scripting (XSS) vulnerability in its enterprise monitoring platform Nagios XI that could allow remote attackers to execute arbitrary JavaScript code in users’ browsers. The security flaw, discovered in the Graph Explorer feature, was patched in the 2024R2.1 release on August 12, 2024. The vulnerability was responsibly disclosed by security […]

The post Nagios Flaw Enables Remote Attackers to Run Arbitrary JavaScript via XSS appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.