Aggregator

A critical vulnerability in Realtek’s Bluetooth Low Energy (BLE) implementation enables attackers to launch denial-of-service (DoS) attacks during device pairing. The flaw (CVE-2024-48290) affects Realtek RTL8762E BLE SDK v1.4.0, allowing malicious actors to disrupt connections by exploiting protocol inconsistencies. Attackers can send a crafted ll_terminate_ind packet or inject premature pairing data, crashing the target device’s Bluetooth stack […]

The post Realtek Bluetooth Flaw Allows Attackers to Launch DoS Attacks During Pairing appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

In this write-up we present a malware sample found in the wild that boasts a novel and unusual evasion mechanism — an attempted prompt injection (”Ignore all previous instructions…”) aimed to manipulate AI models processing the sample. The sample gives the impression of an isolated component or an experimental proof-of-concept, and we can only speculate […]

The post In the Wild: Malware Prototype with Embedded Prompt Injection appeared first on Check Point Research.

The Chrome team has announced the rollout of a critical security update for its popular web browser, Chrome, addressing 11 code execution vulnerabilities that could potentially put millions of users at risk. The update, Chrome 138.0.7204.49 for Linux and 138.0.7204.49/50 for Windows and Mac, is now being distributed through the stable channel and will reach […]

The post Chrome Releases Security Patch for 11 Code Execution Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2024-54085 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability
• CVE-2024-0769 D-Link DIR-859 Router Path Traversal Vulnerability
• CVE-2019-6693 Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

June 2025 saw several sophisticated and stealthy cyber attacks that relied heavily on obfuscated scripts, abuse of legitimate services, and multi-stage delivery techniques. Among the key threats observed by ANY.RUN’s analysts were malware campaigns using GitHub for payload hosting, JavaScript employing control-flow flattening to drop Remcos, and obfuscated BAT scripts delivering NetSupport RAT. Let’s see […]

The post Top 3 Cyber Attacks in June 2025: GitHub Abuse, Control Flow Flattening, and More  appeared first on ANY.RUN's Cybersecurity Blog.

Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal is to push all users to upgrade to Windows 11, but the company understands that not everybody can do it immediately or even in the next couple of years. ESU for home users “Windows 10 launched in … More →

The post Windows 10: How to get security updates for free until 2026 appeared first on Help Net Security.