Aggregator

Submit #631837 / VDB-319901

Submit #631838 / VDB-319900

Submit #631826 / VDB-319900

An urgent patch has been released for two bugs affecting the Matrix messaging protocol used by some governments for secure communications.

Submit #631771 / VDB-233299

Submit #631748 / VDB-319898

Submit #631729 / VDB-319897

Submit #631727 / VDB-319896

Submit #631708 / VDB-319895

Submit #631703 / VDB-319894

Тот случай, когда шифрование нужно не для защиты, а для удобного брута.

Security researchers at Infoblox Threat Intel have revealed the complex workings of VexTrio, a highly skilled cybercriminal network that has been active since at least 2017. This discovery highlights the ongoing dangers in the digital economy. Formerly known simply as VexTrio, this group now dubbed VexTrio Viper leverages advanced traffic distribution systems (TDSs), lookalike domains, […]

The post VexTrio Hackers Use Fake CAPTCHAs and Malicious Apps on Google Play & App Store to Target Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #631680 / VDB-274875

A new CSO Online report based on research by Heimdal and FutureSafe paints a troubling picture for the managed services industry: 89% of MSPs struggle with integrating their security tools, and more than half (56%) experience daily or weekly alert fatigue. Even more concerning, MSPs juggling seven or more security tools reported almost double the

The post Tool Overload Is Fueling Alert Fatigue, and Missed Threats, for MSPs appeared first on Seceon Inc.

The post Tool Overload Is Fueling Alert Fatigue, and Missed Threats, for MSPs appeared first on Security Boulevard.

A vulnerability has been found in Kerio Mailserver 5.6.3 and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument add_name/alias leads to basic cross site scripting. This vulnerability was named CVE-2003-0488. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Snitz Forums 2000 up to 3.4.03. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search.asp. The manipulation of the argument Search leads to basic cross site scripting. This vulnerability is handled as CVE-2003-0492. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Snitz Forums 2000 up to 3.4.03. This affects an unknown part of the component Session Handler. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2003-0493. It is possible to initiate the attack remotely. There is no exploit available.

GitLab has released critical security patches addressing multiple high-severity vulnerabilities that could enable attackers to execute account takeovers and stored cross-site scripting (XSS) attacks across both Community Edition (CE) and Enterprise Edition (EE) platforms. The vulnerabilities, disclosed in patch releases 18.2.2, 18.1.4, and 18.0.6, represent serious security risks that require immediate attention from administrators. Critical […]

The post Multiple GitLab Vulnerabilities Allow Account Takeover and Stored XSS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild. The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0. "An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to

The cybersecurity community continues to grapple with the lingering effects of the XZ Utils backdoor, a sophisticated supply chain attack that shook the industry in March 2024. What began as a carefully orchestrated two-year campaign by the pseudonymous developer ‘Jia Tan’ has evolved into a persistent threat that extends far beyond its initial discovery. The […]

The post Several Docker Images Contain Infamous XZ Backdoor Planted for More Than a Year appeared first on Cyber Security News.