Aggregator

A vulnerability labeled as critical has been found in SocuSoft DVD Photo Slideshow Professional 8.07. This vulnerability affects unknown code. Such manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2018-25373. Local access is required to approach this attack. Moreover, an exploit is present.

A vulnerability classified as critical has been found in Moosocial mooSocial Store Plugin 2.6. The affected element is an unknown function. The manipulation of the argument Product leads to sql injection. This vulnerability is referenced as CVE-2018-25371. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, has been found in SocuSoft iPod Photo Slideshow 8.05. This affects an unknown function. This manipulation causes stack-based buffer overflow. This vulnerability is tracked as CVE-2018-25375. The attack is restricted to local execution. Moreover, an exploit is present.

A vulnerability, which was classified as critical, was found in SocuSoft 3GP Photo Slideshow 8.05. This impacts an unknown function. Such manipulation leads to buffer overflow. This vulnerability is listed as CVE-2018-25376. The attack must be carried out locally. In addition, an exploit is available.

ChatGPT подсказывал по мелочам, а доказательство всё равно пришлось делать людям.

A solo Russian-speaking threat actor leveraged a jailbroken instance of Google Gemini to run a five-year MAGA-themed influence operation, crack WordPress administrator credentials, and empty at least one victim’s cryptocurrency wallet, all at near-zero cost using stolen API keys. In May 2026, TrendAI™ Research uncovered the full operational infrastructure of a threat actor tracked as […]

The post Russian Hacker Used Jailbroken Gemini to Steal Admin Credentials and Drain Crypto Wallets appeared first on Cyber Security News.

Hackers are actively abusing a flaw in shared Content Delivery Network (CDN) infrastructure to hide malicious traffic behind trusted, high-reputation domains, effectively slipping past the security tools that organizations rely on every day. The technique, now tracked under the name “Underminr,” is not a software bug but a deliberate abuse of how CDNs are designed […]

The post Hackers Abuse Shared CDN Infrastructure to Bypass Domain Reputation Security Controls appeared first on Cyber Security News.

A hacker is selling a 340M-strong OnlyFans-linked dataset built by correlating old breaches and public data, not by hacking OnlyFans directly. A threat actor is adverertising a purported database containing data of 340 million OnlyFans users, but the available evidence points to something less dramatic than a direct breach. According to HackRead, which reported the […]

A vulnerability was found in Ourenergy Collectric CMU 1.0. It has been classified as critical. This impacts the function Login. Performing a manipulation of the argument lang results in sql injection. This vulnerability is reported as CVE-2018-25379. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in SocuSoft Flash Slideshow Maker Professional 5.20. The impacted element is an unknown function. The manipulation results in buffer overflow. This vulnerability is identified as CVE-2018-25377. The attack is only possible with local access. Additionally, an exploit exists.

A vulnerability has been found in Stokedonit Notebook Pro 2.0 and classified as problematic. Affected is an unknown function. Performing a manipulation results in uncontrolled memory allocation. This vulnerability is cataloged as CVE-2018-25378. The attack must be initiated from a local position. Furthermore, there is an exploit available.

Anthropic appears to be preparing for the public rollout of the Mythos model, which was announced in April as a restricted model that poses major security risks to private and public software. [...]

Организаторы перехватывали коды легальных подписок каждые три минуты через виртуальные машины.

Threat actors using the aliases PescobarLegado and NyxarGroup claim to be selling internal access and employee data allegedly belonging to ContactMaster BPO, described as a strategic partner of Claro Móvil Colombia.

欧洲刑警组织披露，他们黑进了被网络犯罪分子使用的 VPN 服务“First VPN”，访问了用户数据库，识别了数千用户身份。First VPN 的网站已经显示被执法部门扣押的信息，它过去曾在俄语网络犯罪论坛上打广告，宣称能隐藏用户的 IP 地址，加密所有通信，不记录任何日志。它还声称将拒绝与司法机关合作，其服务不受任何司法管辖，且不会存储任何用户数据。First VPN 的活动始于 2014 年，在 27 个国家/地区提供了 32 个出口节点服务器。至少有 25 个勒索软件组织利用了其基础设施进行网络侦察和入侵。警方搜查了该服务管理员在乌克兰的住所，拆除了 33 台服务器。

Hackers compromised FBI Chief Kash Patel’s clothing store in a ClickFix attack that tricked macOS users into installing infostealer malware.

Hackread проверил продажу 340 млн записей OnlyFans.

AI tools are becoming part of everyday work in organizations, creating new security and oversight requirements as usage grows. To address that, Anthropic introduced 28 integrations with security and compliance tools that allow IT and security teams to manage Claude in the same way they manage other applications in their environments. The integrations are powered by the Claude Compliance API, which gives enterprise teams programmatic access to two types of data. The first category involves … More →

The post Anthropic adds 28 security and compliance integrations for Claude appeared first on Help Net Security.

A threat actor using the alias henrymartin claims to have leaked a database allegedly belonging to La Redoute, a major French multichannel retailer specializing in ready-to-wear apparel and home decor.

她在生前曾经告诉过我：“好日子我是等不到了，你们是会看到的。”