Aggregator

A vulnerability categorized as problematic has been discovered in Profelis Informatics SambaBox up to 5.0. The impacted element is an unknown function. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-2488. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been rated as critical. This affects an unknown part of the file libimagecodec.quram.so. This manipulation causes out-of-bounds write. This vulnerability appears as CVE-2025-21042. The attack may be initiated remotely. There is no available exploit. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Red Hat Undertow. This impacts an unknown function of the component HTTP2 Handler. Such manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-9784. It is possible to launch the attack remotely. No exploit is available.

A vulnerability categorized as critical has been discovered in Red Hat OpenShift AI and OpenShift Data Science. This impacts an unknown function. Executing manipulation can lead to improper access controls. This vulnerability is registered as CVE-2024-7557. The attack requires access to the local network. No exploit is available.

In 2025, the cybersecurity landscape is defined by its complexity and the speed of modern threats. Security teams are overwhelmed by a fragmented array of security controls and a lack of clear visibility into what’s actually working. Breach and Attack Simulation (BAS) platforms solve this problem by continuously and safely validating security defenses against real-world […]

The post Top 10 Best Breach and Attack Simulation (BAS) Tools in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in MongoDB Server up to 6.0.23/7.0.17/8.0.5 and classified as problematic. This impacts an unknown function of the component Setting Handler. This manipulation of the argument lsid causes incorrect permission assignment. The identification of this vulnerability is CVE-2025-10059. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in MongoDB Server up to 6.0.24/7.0.21/8.0.11/8.1.1. This vulnerability affects unknown code of the component Accumulator Handler. This manipulation of the argument group causes denial of service. This vulnerability appears as CVE-2025-10061. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in libming 0.4.8. It has been rated as problematic. The affected element is the function parseSWF_PLACEOBJECT3. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2025-29486. The attack can only be initiated within the local network. No exploit exists.

Scattered Lapsus$ Hunters, linked to the Jaguar Land Rover cyberattack, claims to shut down as experts suggest the…

A Finnish judge set free Aleksanteri "Julius" Kivimäki, convicted of extorting victims of the Vastaamo psychotherapy center's data breach, as his appeal in the case continues.

A vulnerability was found in libming 0.4.8. It has been declared as problematic. Impacted is the function parseSWF_ENABLEDEBUGGER2. Executing manipulation can lead to memory leak. This vulnerability is handled as CVE-2025-29483. The attack can only be done within the local network. There is not any exploit available.

A vulnerability identified as critical has been detected in libming 0.4.8. The affected element is the function decompileSETVARIABLE. This manipulation causes memory corruption. This vulnerability is handled as CVE-2025-29492. The attack can only be done within the local network. Additionally, an exploit exists.

A vulnerability identified as problematic has been detected in libming 0.4.8. This affects the function parseSWF_MORPHLINESTYLES. This manipulation causes memory leak. The identification of this vulnerability is CVE-2025-29489. The attack needs to be done within the local network. There is no exploit available.

Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year. Slovakian cybersecurity company ESET said the samples were uploaded

The Cybersecuritynews researcher team uncovered a sophisticated social engineering campaign that is exploiting the public’s need for free internet access, using deceptive Wi-Fi portals to trick users into downloading and executing PowerShell-based malware. Dubbed the “Clickfix” attack, this method turns a user’s own browser actions against them to compromise their system under the guise of […]

The post New Clickfix Attack Promises “Free WiFi” But Delivers Powershell-Based Malware appeared first on Cyber Security News.

A malicious ISO image named Servicenow-BNM-Verify.iso was uploaded to VirusTotal from Malaysia with almost no detections. The image contains four files—two openly visible and two hidden. The visible files include a Windows shortcut, servicenow-bnm-verify.lnk, which launches PanGpHip.exe, a legitimate Palo Alto Networks binary. Hidden in the same ISO are libeay32.dll, a genuine OpenSSL library, and […]

The post New Malware Abuses Azure Functions to Host Command and Control Infrastructure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Samsung fixed the remote code execution flaw CVE-2025-21043 that was exploited in zero-day attacks against Android devices. Samsung addressed the remote code execution vulnerability, tracked as CVE-2025-21043, that was exploited in zero-day attacks against Android users. The vulnerability is an out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1. A remote attacker can exploit […]

Пароли, MFA и даже сессии теперь в руках у кого-то очень коварного.

A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies. [...]

A sophisticated malvertising campaign has been uncovered targeting unsuspecting users through “dangling commits” in a legitimate GitHub repository. Attackers are injecting promotional content for a counterfeit GitHub Desktop installer into popular development and open-source projects. When users download what appears to be the genuine client, the installer quietly delivers malicious payloads in the background, compromising […]

The post New Malvertising Campaign Exploits GitHub Repositories to Distribute Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.