Aggregator

A vulnerability was found in Grafana up to 8.5.13/9.1.7. It has been declared as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to improper verification of cryptographic signature. This vulnerability was named CVE-2022-31123. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Communications Convergent Charging Controller 12.0.4/12.0.5/12.0.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Common fns. The manipulation leads to improper verification of cryptographic signature. This vulnerability is known as CVE-2022-31123. The attack needs to be approached locally. There is no exploit available.

A vulnerability classified as problematic has been found in PyJWT up to 2.3.x. This affects an unknown part. The manipulation leads to risky cryptographic algorithm. This vulnerability is uniquely identified as CVE-2022-29217. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A sophisticated Advanced Persistent Threat (APT) group, known as CNC, has been conducting a cyber espionage campaign dubbed “Operation Sea Elephant” targeting scientific research institutions and universities in South Asia. The operation, which aims to steal research data related to ocean sciences, was recently uncovered by security researchers. The CNC group, previously associated with Patchwork, […]

The post Operation Sea Elephant Targets Organizations to Steal Research Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A network of suspected North Korean IT workers is using GitHub to create and backstop fake personas, aiming to infiltrate companies globally, particularly in Japan and the United States. DPRK-Linked Network Targets Companies in Japan and US Cybersecurity firm Nisos has uncovered this operation, which appears to be part of Pyongyang’s efforts to fund its […]

The post North Korean IT Workers Exploit GitHub to Launch Global Cyber Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert on March 4, 2025, adding three critical VMware vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog following confirmed in-the-wild exploitation. The vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 allow attackers with privileged access to virtual machines (VMs) to escalate privileges, execute code on hypervisors, and […]

The post CISA Warns of Actively Exploited VMware Vulnerabilities, Urges Immediate Patching appeared first on Cyber Security News.

ISACA identified factors such as heavy workload and long hours as the primary causes of stress, while there has been high turnover of IT professionals in the past two years

A sophisticated phishing campaign targeting the Albion Online gaming community has been uncovered, revealing a complex operation involving impersonation of the Electronic Frontier Foundation (EFF) and deployment of advanced malware. The campaign, discovered on March 4, 2025, showcases the evolving tactics of cybercriminals in exploiting trust in reputable organizations and leveraging the immersive nature of […]

The post Cybercriminals Impersonate Electronic Frontier Foundation to Target Gaming Community appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

This post first appeared on blog.netwrix.com and was written by James Anderson.
Organizations today collect and generate enormous volumes of sensitive data. Much of it is stored in SQL Server databases, making SQL Server security management crucial for protecting critical applications and services. Implementing strong Microsoft SQL Server security measures helps organizations defend against cyber threats and comply with regulations like GDPR, HIPAA, and PCI DSS. This … Continued

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sweeping sanctions today against Behrouz Parsarad, an Iran-based cybercriminal identified as the sole administrator of the Nemesis darknet marketplace.  This move marks OFAC’s first recognition as a member of the FBI-led Joint Criminal Opioid and Darknet Enforcement (JCODE) Team, demonstrating a strengthened […]

The post U.S Treasury Sanctions Admin of Nemesis Darknet Marketplace appeared first on Cyber Security News.

Группа мошенников превратила украденные URL в золото концертной индустрии.

Gartner 预测，到 2030 年，75%的SOC团队将依赖自动化和人工智能。当前，AI技术与安全运营的融 […]

人工智能技术的飞速发展深刻影响着人类生产生活方式，同时也带来了许多问题。如何确保人工智能朝着有益于人类社会的方向发展，已经成为一个亟待处理好的关键问题。

随着互联网技术的快速发展，基于境外架设的网站和平台进行的跨国网络犯罪呈现高发态势，对国民的人身和财产安全造成了巨大威胁。网络犯罪的特殊性在于，其发生场所从现实空间转向了网络空间，电子证据成为网络犯罪中的重要物证。

近日，工业和信息化部、市场监管总局联合发布了《关于进一步加强智能网联汽车产品准入、召回及软件在线升级管理的通知》。

2月28日，工信部、市场监管总局联合发布《关于进一步加强智能网联汽车产品准入、召回及软件在线升级管理的通知》，旨在进一步规范智能网联汽车准入、召回及软件在线升级管理，切实保障车辆安全，提升智能网联汽车产品安全水平，推动汽车产业高质量发展。

近期发布的 Deep Seek 系列模型训练中大量高质量推理数据集的使用更加凸显了高质量数据的重要性，而大模型要与垂直领域深度融合同样需要高质量数据集的支撑。

漏洞作为攻击入侵的重要突破口，同时也是网络安全防护工作的基础，而人才作为这一基础的核心要素，如何培养并打造具备实战化能力的漏洞安全人才，已成为网络安全防护领域的重要课题。

How can security teams effectively monitor evolving attacks and stay ahead of constantly shifting attacker infrastructure? We spoke with a chief information security officer at a transport company about how they use subscriptions to Search Updates in Threat Intelligence Lookup to tackle this challenge.  Here’s what we learned.  Company Info  Without getting into any specifics, […]

The post How Transport Company Gets Real-Time IOC and IOB Updates on Active Cyber Attacks  appeared first on ANY.RUN's Cybersecurity Blog.

The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex. "Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and developing