Aggregator

Four convicted members of the REvil cybercrime gang were released from custody after being sentenced in St. Petersburg for offenses related to payment card fraud.

Contrast Security launched Application Detection and Response (ADR) in August of 2024, and now, in a new Gartner research note, ADR is a topic. The 2025 Gartner® Implement Effective Application and API Security Controls (accessible to Gartner clients only)*, by William Dupre, discusses today’s complex problem: 

The post Application and API Security Can’t Rely Solely on Perimeter Defenses or Scanners | Notes on Gartner AppSec Research | Contrast Security appeared first on Security Boulevard.

在为期十天的比赛中，奇安信代码安全实验室针对多家主流汽车厂商的产品展开深入分析，成功挖掘出22个0day漏洞，其中包括1个超危漏洞，6个高危漏洞。

A critical security flaw has been discovered and patched in the Zimbra Collaboration Suite (ZCS) Classic Web Client, exposing millions of business users to the risk of arbitrary JavaScript execution through stored cross-site scripting (XSS). Tracked as CVE-2025-27915, this vulnerability affects ZCS versions 9.0, 10.0, and 10.1 prior to the latest patch releases, and is […]

The post Zimbra Classic Web Client Vulnerability Allows Arbitrary JavaScript Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

When malware infiltrates a system, it doesn’t always make noise. In fact, some of the most dangerous threats operate quietly embedding themselves deep within the system and ensuring they come back even after a reboot. One of the most common ways they achieve this is by abusing the Windows Registry.  In this article, we’ll walk […]

The post How to Spot Registry Abuse by Malware: Examples in ANY.RUN Sandbox  appeared first on ANY.RUN's Cybersecurity Blog.

Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. Russia-linked cyberespionage group APT28 is targeting Ukrainian government officials using Signal chats to deliver two new types of malware, tracked as BeardShell and SlimAgent. While Signal itself remains secure, attackers are exploiting its growing popularity in official […]

Cobalt found that many security professionals believe a “strategic pause” in genAI deployment is necessary to recalibrate defenses

The Department of Homeland Security has issued a critical advisory warning of escalating cyber threats from pro-Iranian hacktivist groups targeting United States networks, as tensions between Iran and the US reach a dangerous new peak following recent military exchanges. The warning comes in the aftermath of Iran’s Islamic Revolutionary Guard Corps firing missiles at US […]

The post Pro-Iranian Hacktivists Targeting US Networks Department of Homeland Security Warns appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in Hitachi Energy MicroSCADA X SYS600 up to 10.6. This issue affects some unknown processing of the component Web Interface. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-39204. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Hitachi Energy MicroSCADA X SYS600 up to 10.6. This vulnerability affects unknown code of the component Notify Service. The manipulation leads to incorrect default permissions. This vulnerability was named CVE-2025-39201. The attack needs to be approached locally. There is no exploit available.

A vulnerability classified as critical has been found in Hitachi Energy Relion 670 and 650 and SAM600-IO up to 2.2.6.3. This affects an unknown part. The manipulation leads to improper check for unusual conditions. This vulnerability is uniquely identified as CVE-2025-1718. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Helmholz/MB connect line myREX24, myREX24.virtual, mbCONNECT24 and mymbCONNECT24. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to observable response discrepancy. This vulnerability is handled as CVE-2025-3092. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MB connect line/Helmholz mbCONNECT24, mymbCONNECT24, myREX24 and myREX24.virtual. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to authorization bypass. This vulnerability is known as CVE-2025-3091. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Hitachi Energy MicroSCADA X SYS600 up to 10.6. It has been classified as critical. Affected is an unknown function of the component Monitor Pro Interface. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2025-39202. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Hitachi Energy Relion 670 and 650 and SAM600-IO 2.2.2.6/2.2.3.7/2.2.4.4/2.2.5.6/2.2.6.2 and classified as critical. This issue affects some unknown processing of the component Line Distance Communication Module. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2025-2403. The attack may be initiated remotely. There is no exploit available.

Настоящая камера пыток на основе старой доброй игрушки…

A vulnerability has been found in Hitachi Energy MicroSCADA X SYS600 up to 10.6 and classified as critical. This vulnerability affects unknown code of the component IEC 61850. The manipulation leads to improper validation of integrity check value. This vulnerability was named CVE-2025-39203. The attack can be initiated remotely. There is no exploit available.

Ukraine's cybersecurity agency said the Russian group tracked as APT28, Fancy Bear or Forest Blizzard was responsible for targeting new malware strains at government officials.