Aggregator

Salat Stealer has emerged as a pervasive threat targeting Windows endpoints with a focus on harvesting browser-stored credentials and cryptocurrency wallet data. First detected in August 2025, this Go-based infostealer leverages a range of evasion tactics, including UPX packing and process masquerading, to slip past conventional defenses. Its operators advertise the malware through social engineering […]

The post Salat Stealer Exfiltrates Browser Credentials Via Sophisticated C2 Infrastructure appeared first on Cyber Security News.

Fortinet has disclosed a medium-severity vulnerability in its FortiDDoS-F product line that could allow a privileged attacker to execute unauthorized commands. Tracked as CVE-2024-45325, the flaw is an OS command injection vulnerability residing within the product’s command-line interface (CLI). The vulnerability, identified as CWE-78, stems from an improper neutralization of special elements used in an […]

The post FortiDDoS OS Command Injection Vulnerability Let Attackers Execute Unauthorized Commands appeared first on Cyber Security News.

Ivanti on September 9 released a security advisory detailing six medium and five high severity vulnerabilities impacting Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. No evidence of customer exploitation has surfaced so far. Patches and fixes are available immediately to address issues ranging from missing authorization checks and cross-site request forgery (CSRF) flaws to […]

The post Multiple Vulnerabilities Discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Sean Cairncross also talked about near-term priorities in his first public speech since being confirmed.

The post National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries appeared first on CyberScoop.

A new wave of phishing attacks purporting to originate from South Korea’s National Tax Service has emerged, leveraging familiar electronic document notifications to trick recipients into divulging their Naver credentials. Distributed on August 25, 2025, the email mimics the official format used by Naver’s secure document service, displaying the sender as “National Tax Service” and […]

The post Beware of Phishing Email from Kimusky Hackers With Subject Spetember Tax Return Due Date Notice appeared first on Cyber Security News.

 Ivanti released Security Advisory for Endpoint Manager versions 2024 SU3 and 2022 SU8, detailing two high‐severity flaws (CVE-2025-9712 and CVE-2025-9872). Both issues stem from insufficient filename validation and require only minimal user interaction, potentially granting full control over affected systems. Vulnerability Overview The two vulnerabilities share identical characteristics and impact: CVE Number Description CVSS Score […]

The post Ivanti Endpoint Manager Vulnerabilities Allow Remote Code Execution by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You must login to view this content

Zoom has released an urgent security update for its Windows client and Workplace platform to address multiple flaws, including a critical vulnerability that could allow attackers to hijack or manipulate the application. Users are strongly encouraged to apply the patch immediately to protect their systems. Update Details The new release covers ten security bulletins targeting […]

The post Zoom Security Update Fixes Vulnerabilities in Windows Client and Workplace Platform appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ivanti has released security updates to address two high-severity vulnerabilities in its Endpoint Manager (EPM) software that could allow remote code execution. The vulnerabilities, tracked as CVE-2025-9712 and CVE-2025-9872, affect multiple versions of the product. The company has stated that it is not aware of any active exploitation of these flaws in the wild at […]

The post Critical Ivanti Endpoint Manager Vulnerabilities Let Attackers Execute Remote Code appeared first on Cyber Security News.

Penetration Testing as a Service (PTaaS) is a modern evolution of traditional pentesting that combines the speed and efficiency of a platform with the skill of human ethical hackers. Unlike the time-consuming, point-in-time nature of traditional engagements, PTaaS offers a continuous, on-demand, and real-time approach to finding and managing vulnerabilities. In 2025, with rapidly expanding […]

The post Top 10 Best Penetration Testing as a Service (PTaaS) Companies in 2025 appeared first on Cyber Security News.

Police-issued body cameras have become ubiquitous tools for recording law enforcement encounters, yet a recent investigation has uncovered troubling design choices in a budget-friendly system that compromise both privacy and data integrity. The Viidure mobile application, designed to transfer video evidence from the camera’s onboard Wi-Fi hotspot to cloud servers, was found to communicate over […]

The post Police Body Camera Apps Sending Data to Cloud Servers Hosted in China Via TLS Port 9091 appeared first on Cyber Security News.