Aggregator

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

2 weeks 6 days ago

A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.

BrianKrebs

BioPharma Services Inc. has been Claimed a Victim by Qilin Ransomware

Dark Web Informer - Cyber Threat Intelligence

2 weeks 6 days ago

BioPharma Services Inc. has been Claimed a Victim by Qilin Ransomware

Dark Web Informer

Digital Fraud at Industrial Scale: 2025 Wasn't Great

darkreading

2 weeks 6 days ago

Advanced fraud attacks surged 180% in 2025 as cyber scammers used generative AI to churn out flawless IDs, deepfakes, and autonomous bots at levels never before seen.

Jai Vijayan, Contributing Writer

How to Protect from Online Fraud This Holiday Season

Security Boulevard

2 weeks 6 days ago

Peak e-commerce season hits retailers every year just as the Halloween decorations start to come down. Unsurprisingly, cyber criminals see this time as an opportunity to strike, and criminal activity online spikes alongside sales. Shockingly, 4.6% of attempted e-commerce transactions during the 2024 Black Friday period were suspected to be digital fraud. In the UK..

The post How to Protect from Online Fraud This Holiday Season appeared first on Security Boulevard.

Vaidotas Sedys

Вузы США возвращают мел и бумагу, чтобы не вырастить поколение жертв цифровой лоботомии

Securitylab.ru

2 weeks 6 days ago

Отказ от электронных девайсов стал единственным способом доказать существование интеллекта.

AI Meeting Assistants Are Rising – But Is Your Data Safe? A Deep Look at TicNote AI

Hack Read

2 weeks 6 days ago

AI meeting assistants have become essential tools for professionals who want fast, accurate, and automated transcription. Yet behind…

Owais Sultan

著名歌星的平均寿命较短

Solidot

2 weeks 6 days ago

德国研究人员回顾性对比了 648 名歌手的死亡风险，其中一半是明星，另一半则未成名。研究人员将 324 名明星与名气较小的同行在年龄、性别、国籍、种族、音乐流派以及是否为乐队独唱/主唱等方面进行了匹配。数据分析显示，著名歌手的平均寿命为 75 岁，而名气较小的歌手平均寿命为 79 岁。尽管与独唱艺人相比，乐队成员的死亡风险低 26%，但并未影响名气的整体效应——著名歌手的早逝风险仍比名气较小的同行高 33%。研究人员提出，一个可能解释是“名气带来的独特社会心理压力，例如强烈的公众审视、表演压力和隐私丧失”。“这些压力源可能引发心理困扰和有害的应对行为，使名气成为一种慢性负担，加剧了已有的职业风险。”

CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems

Security Boulevard

2 weeks 6 days ago

3 min readAs AI platforms grow more complex and interdependent, small failures can cast long shadows. That’s what happened inside the open-source CrewAI platform, where a vulnerability in its error-handling logic surfaced during a provisioning failure. The resulting “exception response” – the message a service returns when it encounters an unhandled error during a request – contained […]

The post CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems appeared first on Aembit.

The post CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems appeared first on Security Boulevard.

Dan Kaplan

LeakedData

Dark Feed IO

2 weeks 6 days ago

You must login to view this content

cohenido

CVE-2025-13680 | Tiger Plugin up to 101.2.1 on WordPress set_role privileges management

VulDB Recent Entries

2 weeks 6 days ago

A vulnerability described as critical has been identified in Tiger Plugin up to 101.2.1 on WordPress. Affected is the function set_role. The manipulation results in improper privilege management. This vulnerability was named CVE-2025-13680. The attack may be performed from remote. There is no available exploit.

vuldb.com

CVE-2025-13538 | FindAll Listing Plugin up to 1.0.5 on WordPress privileges management

VulDB Recent Entries

2 weeks 6 days ago

A vulnerability marked as critical has been reported in FindAll Listing Plugin up to 1.0.5 on WordPress. This impacts the function findall_listing_user_registration_additional_params. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2025-13538. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

CVE-2025-13539 | FindAll Membership Plugin up to 1.0.4 on WordPress Social Login findall_membership_check_google_user improper authentication

VulDB Recent Entries

2 weeks 6 days ago

A vulnerability labeled as critical has been found in FindAll Membership Plugin up to 1.0.4 on WordPress. This affects the function findall_membership_check_google_user of the component Social Login. Executing manipulation can lead to improper authentication. This vulnerability is handled as CVE-2025-13539. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2025-63938 | Tinyproxy up to 1.11.2 src/reqs.c strip_return_port integer overflow

VulDB Recent Entries

2 weeks 6 days ago

A vulnerability identified as critical has been detected in Tinyproxy up to 1.11.2. The impacted element is the function strip_return_port of the file src/reqs.c. Performing manipulation results in integer overflow. This vulnerability is known as CVE-2025-63938. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2025-46175 | y_project RuoYi 4.8.0 SysUserController.java authRole access control

VulDB Recent Entries

2 weeks 6 days ago

A vulnerability categorized as critical has been discovered in y_project RuoYi 4.8.0. The affected element is the function authRole of the file SysUserController.java. Such manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-46175. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2025-65239 | OpenCode USSD Gateway OC 6.13.11 /aux1/ocussd/trace access control

VulDB Recent Entries

2 weeks 6 days ago

A vulnerability was found in OpenCode USSD Gateway OC 6.13.11. It has been rated as critical. Impacted is an unknown function of the file /aux1/ocussd/trace. This manipulation causes improper access controls. This vulnerability appears as CVE-2025-65239. The attack may be initiated remotely. There is no available exploit.

vuldb.com

Ваш телефон только что оплатил кофе. Но не вам. И ваш антивирус даже не заметил, как это произошло

Securitylab.ru

2 weeks 6 days ago

Что такое RelayNFC и почему эта схема опаснее обычного скимминга?

Thailand bans World iris scans, orders company to delete data

The Record

2 weeks 6 days ago

Data regulators in Thailand said they are blocking the Sam Altman-founded company Tools for Humanity from collecting iris scans in exchange for cryptocurrency payments.

科学家可能首次观察到了暗物质

Solidot

2 weeks 6 days ago

科学家可能首次观察到了“看不见”的暗物质。日本东京大学研究团队利用 NASA 费米伽马射线望远镜的最新观测数据探测到了与假想的“弱相互作用大质量粒子（WIMP）”碰撞湮灭时所预测的高能光子。科学家怀疑暗物质由 WIMP 构成。这些粒子被认为比质子重，与普通物质极少相互作用。理论预测，当两个 WIMP 粒子碰撞时，它们会相互湮灭并释放出包括伽马射线光子在内的高能粒子。东京大学的 Tomonori Totani 教授报告探测到了与理论预测结果相符的 20 GeV 伽马射线光晕。研究报告本周发表在《Journal of Cosmology and Astroparticle Physic》期刊上，预印本 7 月发表在 arXiv 上。

DragonForce

Dark Feed IO

2 weeks 6 days ago

You must login to view this content

cohenido

CVE-2025-50399 | FAST FAC1200R F400_FAC1200R_Q sub_80435780 Password buffer overflow

VulDB Recent Entries

2 weeks 6 days ago

A vulnerability was found in FAST FAC1200R F400_FAC1200R_Q. It has been declared as critical. This issue affects the function sub_80435780. The manipulation of the argument Password results in buffer overflow. This vulnerability is reported as CVE-2025-50399. The attack can be launched remotely. No exploit exists.

vuldb.com

Aggregator

Managed ad