Aggregator

Cloudflare’s Dashboard and a set of related APIs were unavailable or partially available for an hour starting on Sep 12, 17:57 UTC. The outage did not affect the serving of cached files via the

A sophisticated backdoor malware known as Backdoor.WIN32.Buterat has emerged as a significant threat to enterprise networks, demonstrating advanced persistence techniques and stealth capabilities that enable attackers to maintain long-term unauthorized access to compromised systems. The malware has been identified targeting government and corporate environments through carefully orchestrated phishing campaigns, malicious email attachments, and trojanized software […]

The post Buterat Backdoor Attacking Enterprises to Establish Persistence and Control Endpoints appeared first on Cyber Security News.

Ученые утверждают, что обнаружили потенциальную биосигнатуру на Марсе.

Explore Customer Identity and Access Management (CIAM): its benefits, components, and how it differs from IAM. Learn to implement CIAM effectively for enhanced user experience and security.

The post What is Customer Identity and Access Management? appeared first on Security Boulevard.

Currently trending CVE - Hype Score: 2 - SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for ...

Currently trending CVE - Hype Score: 49 - FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code ...

A vulnerability was found in Oracle Communications Diameter Signaling Router 9.0.0.0. It has been classified as critical. This affects an unknown part of the component Platform. Performing manipulation results in denial of service. This vulnerability is identified as CVE-2022-25147. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Oracle Financial Services Behavior Detection Platform 8.0.8.1/8.1.1.1/8.1.2.5/8.1.2.6. Affected is an unknown function of the component Application. Executing manipulation can lead to integer overflow. This vulnerability is registered as CVE-2022-25147. It is possible to launch the attack remotely. No exploit is available.

A vulnerability labeled as critical has been found in Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition 8.0.8. Affected by this issue is some unknown functionality of the component Platform. The manipulation results in integer overflow. This vulnerability is reported as CVE-2022-25147. The attack can be launched remotely. No exploit exists.

A vulnerability marked as critical has been reported in Apache Portable Runtime Utility up to 1.6.1. The impacted element is the function apr_base64. This manipulation causes integer overflow. This vulnerability appears as CVE-2022-25147. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability, which was classified as critical, was found in Oracle Communications Diameter Signaling Router 8.6.0.0. This vulnerability affects unknown code of the component Virtual Network Function Manager. The manipulation results in integer overflow. This vulnerability is known as CVE-2022-25147. It is possible to launch the attack remotely. No exploit is available.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.43/6.16.3. Affected by this issue is the function blk_queue_enter. The manipulation results in deadlock. This vulnerability is identified as CVE-2025-39791. The attack can only be performed from the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.16.6. It has been classified as critical. Affected is the function prctl. Performing manipulation results in information disclosure. This vulnerability is known as CVE-2025-40300. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.15.189/6.1.148/6.6.102/6.12.43/6.16.3. The affected element is the function xfer_cb. Performing manipulation results in double free. This vulnerability was named CVE-2025-39790. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Apache Portable Runtime 1.7.0. The affected element is the function apr_encode. The manipulation results in integer overflow. This vulnerability is reported as CVE-2022-24963. The attacker must have access to the local network to execute the attack. No exploit exists.

A vulnerability described as critical has been identified in Linux Kernel up to 6.16.3. This vulnerability affects unknown code of the file drivers/ufs/host/ufs-exynos.c. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-39788. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.

Полиция жалуется на бессмысленный софт за миллионы.

Cybersecurity researchers have uncovered a sophisticated malware campaign that exploits SVG (Scalable Vector Graphics) files and email attachments to distribute dangerous Remote Access Trojans, specifically XWorm and Remcos RAT. This emerging threat represents a significant evolution in attack methodologies, as threat actors increasingly turn to non-traditional file formats to bypass conventional security defenses. The campaign […]

The post New Malware Attack Leverages SVGs, Email Attachments to Deliver XWorm and Remcos RAT appeared first on Cyber Security News.

The well-known group of cybercriminals called Scattered Lapsus$ Hunters released a surprising farewell statement on BreachForums. This manifesto, a mix of confession and strategic deception, offers vital insights into the changing landscape of modern cybercrime and the increasing pressure from global law enforcement agencies. The statement reveals sophisticated operational security practices that extend far beyond […]

The post What Are The Takeaways From The Scattered LAPSUS $Hunters Statement? appeared first on Cyber Security News.

A vulnerability was found in Linux Kernel up to 6.16.3/6.17-rc2. It has been rated as critical. This impacts the function irq_request. Performing manipulation results in use after free. This vulnerability was named CVE-2025-39785. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.