Aggregator

DDoS стал праздничной традицией — благодаря одному дню в 2014.

Submit #591222 / VDB-311340

Submit #591220 / VDB-311339

Security researchers have uncovered a sophisticated malware campaign leveraging the legitimate Paste.ee platform to distribute XWorm and AsyncRAT payloads across global command-and-control (C2) infrastructure. First identified in May 2025, the operation uses heavily obfuscated JavaScript downloaders to retrieve secondary payloads from Paste.ee links, exploiting the service’s credibility to bypass initial detection layers. Hunt.io analysts confirmed […]

The post Threat Actors Abuse Paste.ee Platform to Deploy XWorm and AsyncRAT appeared first on Cyber Security News.

Two significant security vulnerabilities affecting the Dell PowerScale OneFS storage operating system, with the most severe flaw potentially allowing unauthenticated attackers to gain complete unauthorized access to enterprise filesystem data.  The critical vulnerability, tracked as CVE-2024-53298, affects PowerScale OneFS versions 9.5.0.0 through 9.10.0.1 and carries a maximum CVSS score of 9.8, indicating an extremely high […]

The post Dell PowerScale Vulnerability Let Attackers Gain Unauthorized Filesystem Access appeared first on Cyber Security News.

A sophisticated spear phishing campaign targeting Polish organizations, where threat actors successfully exploited the CVE-2024-42009 vulnerability in Roundcube webmail systems.  The attack enables JavaScript execution upon opening malicious emails, leading to credential theft through an advanced Service Worker-based approach. Security researchers attribute this campaign to UNC1151, a threat group associated with Belarusian government operations and […]

The post Hackers Exploiting Roundcube Vulnerability to Steal User Credentials appeared first on Cyber Security News.

HUMAN’s Satori Threat Intelligence and Research team, in collaboration with Google, Trend Micro, and Shadowserver, has uncovered and partially disrupted a massive cyber fraud operation named BADBOX 2.0. This operation, an evolved iteration of the original BADBOX malware disclosed in 2023, has infected over 1 million Android Open Source Project (AOSP) devices worldwide, marking it […]

The post BADBOX 2.0 Malware Hits Over a Million Android Devices in Global Cyber Threat appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

日本太空企业 ispace 6 日透露，登月舱 RESILIENCE 着陆月表失败。为在清晨 4 点多进行着陆，登月舱一度尝试从上空 100 公里的绕月轨道下降高度，但可能因未能充分减速而与月表发生了碰撞。2023 年 4 月，该公司挑战成为全球首个实现登月的民间企业但以失败告终，之后美国企业取得了成功。此次作为亚洲民间企业的首次登月尝试依然未果。登月舱高约 2.3 米、宽约 2.6 米。舱内装载着该公司的小型探测车和其他企业的实验装置等，今年 1 月搭乘美 SpaceX 的火箭从佛罗里达发射升空，5 月进入绕月轨道。6 月 6 日凌晨 3 点多，登月舱开始下降。通过自动控制朝月表方向喷射引擎，计划从时速 5800 公里减速至 2 公里左右，在月球北半球的目标地点实施着陆。然而最后阶段数据传输中断。之后该公司尝试与登月舱通讯但未能成功，因此决定终止计划。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

悬镜供应链安全情报中心近期在NPM官方仓库中连续捕获多起伪装成知名日志库pino的组件包投毒事件，该系列投毒主要开展敏感信息窃取及远程代码执行攻击。近一个月pino系列恶意包总下载量近7000次。

加州的法律禁止司机在驾驶时候操作手机。本周上诉法庭裁决司机使用手机查找地图违法，维持了对一位司机交通违规并处以罚款的裁决。涉案的司机同时也是一名律师，他在法庭上为自己辩护，认为相关法律的措施含糊不明确，意味着每个人都可能违反规定，因此不是好的法律，需要废除。法官则指出，立法的意图是禁止驾驶时使用手机的所有手持功能，鼓励司机将注意力集中在路面上。

Кому понадобилось вернуть долг Россу Ульбрихту?

De NAVO-ministers van Defensie hebben gesproken over de doelstellingen van de NAVO en een mogelijk nieuwe uitgaven-norm. Om het bondgenootschap te verdedigen tegen toenemende dreigingen en tegenstanders af te schrikken, moeten NAVO-landen meer investeren in hun militaire capaciteiten. Dat was een belangrijk punt tijdens de bijeenkomst van defensieministers in Brussel. Dit onderwerp komt ook ter tafel tijdens de NAVO-top in Den Haag op 24 en 25 juni.

A vulnerability, which was classified as critical, was found in Amazon FreeRTOS up to 4.3.1. This affects an unknown part of the component LLMNR/mDNS. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-5688. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Identity Services Engine Software. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use of hard-coded password. This vulnerability is handled as CVE-2025-20286. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Google AngularJS 1.3.1. Affected by this issue is some unknown functionality of the component SVG Element Handler. The manipulation leads to incomplete filtering of special elements. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-2336. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Cisco Unified Intelligent Contact Management Enterprise. Affected is an unknown function of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-20273. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. This vulnerability was named CVE-2025-5599. The attack can be initiated remotely. Furthermore, there is an exploit available.