Aggregator

We are proud to announce that NETSCOUT Arbor Threat Mitigation System (TMS) has received four badges in G2’s Summer 2025 cycle. These badges include Momentum Leader for DDoS Protection, Grid Leader for DDoS Protection and Web Security, and Regional Leader in Asia for DDoS Protection. We are proud to announce that...

Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this access for, but data theft looks most likely. According to the Shadowserver Foundation, there are currently around 1,040 exposed and unpatched CrushFTP instances vulnerable to CVE-2025-54309, predominantly located in the US, Europe, and Canada. How many have been compromised since the attacks began is difficult … More →

The post Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309) appeared first on Help Net Security.

Microsoft Issuing Emergency Patches to Combat Authentication-Bypassing Attacks
Hackers have been exploiting two zero-day vulnerabilities in on-premises installations of Microsoft SharePoint to gain remote access, and steal cryptographic keys and data. As Microsoft rolls out patches against "ToolShell," experts warn administrators to also rotate keys, to help eject attackers.

A critical vulnerability in PHP’s widely-used PDO (PHP Data Objects) library has been discovered that enables attackers to inject malicious SQL commands even when developers implement prepared statements correctly. The security flaw, revealed through analysis of a DownUnderCTF capture-the-flag challenge, exploits weaknesses in PDO’s SQL parser and affects millions of web applications worldwide. Technical Overview […]

The post PHP PDO Flaw Allows Attackers to Inject Malicious SQL Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA has issued an urgent warning about a critical zero-day remote code execution vulnerability affecting Microsoft SharePoint Server on-premises installations that threat actors are actively exploiting in the wild. The vulnerability, tracked as CVE-2025-53770, poses a significant security risk to organizations running SharePoint infrastructure and has prompted immediate action requirements from federal agencies, as well […]

The post CISA Warns of Microsoft SharePoint Server 0-Day RCE Vulnerability Exploited in Wild appeared first on Cyber Security News.

Великобритания обзавелась королевским портретом. Без участия художников.

A critical remote code execution vulnerability has been discovered in Lighthouse Studio, one of the most widely deployed yet relatively unknown survey software platforms developed by Sawtooth Software. The flaw, designated CVE-2025-34300, affects the Perl CGI scripts that power web-based surveys, potentially exposing thousands of hosting servers to complete compromise by attackers who possess nothing […]

The post Lighthouse Studio RCE Vulnerability Let Attackers Gain Access to Hosting Servers appeared first on Cyber Security News.

Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on zero-days. They work by staying unnoticed—slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious now blends in, thanks to

太热了，太快了。

Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface. [...]

Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers…

As artificial intelligence (AI) accelerates across industries from financial modeling and autonomous vehicles to medical imaging and logistics optimization, one issue consistently flies under the radar: Physical security. 

The post The Overlooked Risk in AI Infrastructure: Physical Security  appeared first on Security Boulevard.

A critical security vulnerability in Laravel’s Livewire framework has been discovered that could expose millions of web applications to remote code execution (RCE) attacks.  The flaw, designated as CVE-2025-54068, affects Livewire v3 versions from 3.0.0-beta.1 through 3.6.3, with a CVSS v4 score indicating high severity across confidentiality, integrity, and availability metrics.  The vulnerability originates from […]

The post Livewire Vulnerability Exposes Millions of Laravel Apps to Remote Code Execution Attacks appeared first on Cyber Security News.

Пользуетесь мессенджером? Проверьте, кто и зачем просит ваш код из СМС.

By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it’s now a requirement that organizations must adopt. A robust, defensible architecture built on Zero Trust principles does more than satisfy baseline regulatory mandates. It underpins cyber resilience, secures third-party partnerships, and ensures uninterrupted

Microsoft patched an exploited SharePoint flaw (CVE-2025-53770) and disclosed a new one, warning of ongoing attacks on on-prem servers. Microsoft released emergency SharePoint updates for two zero-day flaws, tracked as CVE-2025-53770 and CVE-2025-53771, exploited since July 18 in attacks dubbed “ToolShell.” Both vulnerabilities only impact on-premises SharePoint Servers, threat actors could chain them for unauthenticated, […]

A sophisticated new ransomware strain named KAWA4096 has emerged in the cybersecurity landscape, showcasing advanced evasion techniques and borrowing design elements from established threat actors. Named after the Japanese word for “river,” this malicious software first surfaced in June 2025 and has already claimed at least 11 victims across multiple regions, with the United States […]

The post New KAWA4096’s Ransomware Leverages Windows Management Instrumentation to Delete Shadow Copies appeared first on Cyber Security News.

A sophisticated surveillance operation has been discovered exploiting critical vulnerabilities in the global telecommunications infrastructure to track mobile phone users’ locations without authorization, security researchers have revealed. The attack leverages weaknesses in the decades-old SS7 (Signaling System No. 7) protocol that underpins international cellular networks. New Attack Method Discovered Security experts at Enea’s Threat Intelligence […]

The post Surveillance Firm Exploits SS7 Flaw to Track User Locations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Learning a new language doesn't have to mean night classes, bulky textbooks, or boring apps. With Babbel, you can pick up real-world conversation skills through short, fun, and practical lessons. And right now, you can get a lifetime subscription for only $159 (regularly $599). [...]

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！