Aggregator

Hackers Using Malicious Imageless QR Codes to Render Phishing Attack Via HTML Table

Cyber Security News
5 months 1 week ago

A recent phishing campaign is abusing QR codes in a new way, turning simple HTML tables into working codes that redirect users to malicious sites. Instead of embedding a QR image in the email body, the attackers build the code from hundreds of tiny table cells, each styled as black or white. The result still […]

The post Hackers Using Malicious Imageless QR Codes to Render Phishing Attack Via HTML Table appeared first on Cyber Security News.

Tushar Subhra Dutta

Qilin

Dark Feed IO
5 months 1 week ago

You must login to view this content

cohenido

Fighting Deep Fakes: Think Like the Attacker

Security Boulevard
5 months 1 week ago

Deepfakes have moved from novelty to a practical weapon — and Brian Long, CEO of Adaptive Security, says most organizations still aren’t built to handle what comes next. Long explains why AI-driven impersonation has become one of the fastest-growing forms of social engineering: it’s cheap, widely accessible, and increasingly convincing across channels that traditional security..

The post Fighting Deep Fakes: Think Like the Attacker appeared first on Security Boulevard.

Michael Vizard

Why AI Changes the Risk Model for Application Security

Security Boulevard
5 months 1 week ago

As AI becomes embedded in everyday development workflows, the security model for applications is shifting fast — and not always in ways teams are prepared for. James Wickett, CEO of DryRun Security, breaks down why “AI everywhere” is forcing organizations to rethink what application security should look like when developers are shipping faster than ever...

The post Why AI Changes the Risk Model for Application Security appeared first on Security Boulevard.

Alan Shimel

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

The Hackers News
5 months 1 week ago
Security teams are still catching malware. The problem is what they're not catching. More attacks today don't arrive as files. They don't drop binaries. They don't trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access, browsers, and developer workflows. That shift is creating a blind spot. Join us for a deep-dive
The Hacker News

CVE-2025-38499 | Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.2 clone_private_mnt privilege escalation (Nessus ID 259927 / WID-SEC-2025-1757)

Vuldb Updates
5 months 1 week ago
A vulnerability labeled as problematic has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.2. Impacted is the function clone_private_mnt. The manipulation results in privilege escalation. This vulnerability is cataloged as CVE-2025-38499. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-38502 | Linux Kernel up to 6.16.0 bpf_get_local_storage different out-of-bounds (EUVD-2025-25076 / Nessus ID 259993)

Vuldb Updates
5 months 1 week ago
A vulnerability marked as problematic has been reported in Linux Kernel up to 6.16.0. The affected element is the function bpf_get_local_storage. This manipulation of the argument different causes out-of-bounds read. The identification of this vulnerability is CVE-2025-38502. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-38495 | Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 Low Level Transport Driver allocation of resources (Nessus ID 252225 / WID-SEC-2025-1665)

Vuldb Updates
5 months 1 week ago
A vulnerability marked as problematic has been reported in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This impacts an unknown function of the component Low Level Transport Driver. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-38495. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-38497 | Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 usb os_desc_qw_sign_store out-of-bounds (Nessus ID 253428 / WID-SEC-2025-1665)

Vuldb Updates
5 months 1 week ago
A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. The affected element is the function os_desc_qw_sign_store of the component usb. Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2025-38497. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-38500 | Linux Kernel up to 6.6.100/6.12.40/6.15.8 xfrm net/core/dev.c xfrmi_changelink use after free (Nessus ID 260032 / WID-SEC-2025-1810)

Vuldb Updates
5 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.6.100/6.12.40/6.15.8. It has been declared as critical. This impacts the function xfrmi_changelink of the file net/core/dev.c of the component xfrm. Executing a manipulation can lead to use after free. This vulnerability is registered as CVE-2025-38500. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-38491 | Linux Kernel prior 6.12.40/6.15.8 mptcp net/mptcp/protocol.h __mptcp_do_fallback infinite loop (EUVD-2025-22872 / Nessus ID 265749)

Vuldb Updates
5 months 1 week ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.39/6.15.7/6654efe264b014d8ea9fc38f79efb568b1b79069/609937aa962a62e93acfc04dd370b665e6152dfb. This affects the function __mptcp_do_fallback in the library net/mptcp/protocol.h of the component mptcp. The manipulation results in infinite loop. This vulnerability is identified as CVE-2025-38491. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-38498 | Linux Kernel up to 6.15.2 do_change_type permission (EUVD-2025-23147 / Nessus ID 253428)

Vuldb Updates
5 months 1 week ago
A vulnerability was found in Linux Kernel up to 6.15.2. It has been declared as critical. This issue affects the function do_change_type. Such manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2025-38498. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

The Hackers News
5 months 1 week ago
A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. According to a report published by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) and
The Hacker News

Managed ad