Aggregator

Техас нашёл способ узнать о гражданах чуть больше, чем ваш поисковик.

The U.S. Federal Bureau of Investigation (FBI) has revealed that it has observed the notorious cybercrime group Scattered Spider broadening its targeting footprint to strike the airline sector. To that end, the agency said it's actively working with aviation and industry partners to combat the activity and help victims. "These actors rely on social engineering techniques, often impersonating

Netskope Threat Labs has uncovered a malicious campaign exploiting fake software installers, including those mimicking popular tools like DeepSeek, Sogou, and WPS Office, to deliver dangerous malware payloads such as the Sainbox RAT (a variant of Gh0stRAT) and the Hidden rootkit. This operation, primarily targeting Chinese-speaking users through phishing websites and counterfeit MSI installers, showcases […]

The post Weaponized DeepSeek Installers Deploy Sainbox RAT and Hidden Rootkit appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Код из Rust может вскоре заменить большую часть существующих реализаций.

开篇提醒：如果您不知道AiPy，不知道Python-Use请先点击阅读下面两篇文章：【Agents/MCP可能

Cybercriminals use malicious AI models to write malware and phishing scams Cisco Talos warns of rising threats from uncensored and custom AI tools.

Threat actors have capitalized on the immense popularity of CapCut, the leading short-form video editing app, to orchestrate a highly deceptive phishing campaign. According to the Cofense Phishing Defense Center (PDC), attackers are deploying meticulously crafted fake invoices that impersonate CapCut’s branding to lure users into surrendering their Apple ID credentials and credit card information. […]

The post Cybercriminals Exploit CapCut Popularity to Steal Apple ID Credentials and Credit Card Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool. "Recent campaigns in June 2025 demonstrate GIFTEDCROOK's enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and

Космос — это не только серьёзно, но и весело.

From Australia's new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news

A vulnerability was found in Linux Kernel up to 5.10.176/5.15.104/6.1.21/6.2.8. It has been declared as critical. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to improper initialization. This vulnerability was named CVE-2023-53079. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.176/5.15.104/6.1.21/6.2.8. It has been declared as critical. Affected by this vulnerability is the function xdp_umem_reg of the component xsk. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2023-53080. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.176/5.15.104/6.1.22/6.2.7. It has been rated as critical. Affected by this issue is the function lpuart32_shutdown of the component tty. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2023-53094. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.15.103/6.1.20/6.2.7. Affected is the function ether_setup of the file net/core/dev.c. The manipulation leads to state issue. This vulnerability is traded as CVE-2023-53103. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.2.8. Affected is the function snd_card_free of the component Block Driver. The manipulation leads to uncontrolled file descriptor consumption. This vulnerability is traded as CVE-2023-53045. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.2.8. It has been classified as critical. This affects an unknown part of the component qed/qed_sriov. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2023-53066. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adrian Ladó PlatiOnline Payments Plugin up to 6.3.2 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-53288. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in iCount Payment Gateway Plugin up to 2.0.6 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-53295. The attack can be initiated remotely. There is no exploit available.