Aggregator

Max забрал документы себе — «Госключ» теперь лишь его тень.

A vulnerability was found in Apache Struts 1.x. It has been classified as problematic. Affected is the function LookupDispatchAction. The manipulation leads to improper output neutralization for logs. This vulnerability is traded as CVE-2025-54656. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.22 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-47001. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

在两大游戏平台 Steam 和 itch.io 因为支付公司的压力而限制和下架部分类型的成人游戏之后，愤怒的玩家正在动员组织起来对支付公司发动反击。在 Reddit 和 Bluesky 等社交媒体网站上，玩家们互相督促通过邮件和电话联系支付巨头 Visa 和 Mastercard。两家公司的客服证实收到了很多玩家的电话，但他们表示对于玩家的问题无能为力。客服的权力显然有限，玩家此举是对客服发动 DDoS 攻击，制造混乱，大到足以让支付公司付出代价。

Red Canary’s cloud security enthusiasts left fwd:cloudsec 2025 with some invaluable insights and community connections

Cybersecurity company Avast released a decryptor for the short-lived FunkSec ransomware and said it is assisting dozens of the gang's targets with the process.

Cybersecurity researchers from Flashpoint have exposed the intricate tactics employed by North Korean threat actors to infiltrate global organizations through remote work vulnerabilities. These operatives, affiliated with the Democratic People’s Republic of Korea (DPRK), masquerade as legitimate freelance developers, IT specialists, and contractors, embedding themselves in corporate workflows to siphon off at least $88 million […]

The post Researchers Reveal North Korean Threat Actors’ Tactics for Uncovering Illicit Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Забудьте про скучные слайды. Теперь только саспенс, драма и закадровый голос.

The notorious INC Ransomware group is claiming responsibility for a data breach at Dollar Tree, the American retail…

Website monitoring tools are essential for real-time tracking of websites’ performance, availability, and functionality. They help identify and resolve downtime, slow page load times, and broken links, ensuring an optimal user experience. These tools provide detailed analytics and reports, offering insights into website traffic, user behavior, and performance metrics. Many website monitoring tools include alerting […]

The post 15 Best Website Monitoring Tools in 2025 appeared first on Cyber Security News.

PyPI warns of phishing emails from noreply@pypj[.]org posing as “[PyPI] Email verification” to redirect users to fake package sites. PyPI warns of an active phishing attack using fake “[PyPI] Email verification” messages from noreply@pypj[.]org, aiming to lure users to spoofed PyPI sites. PyPI, short for the Python Package Index, is the official repository for Python […]

Прогресс тормозит, а у машин гипотезы рождаются быстрее, чем ты успеваешь моргнуть.

A sophisticated zero-day exploit campaign targeting unpatched vulnerabilities in Microsoft SharePoint Server has compromised approximately 400 organizations worldwide, with potential for a far higher victim count due to underreporting and delayed detections. The attacks, first identified last week by Dutch cybersecurity firm Eye Security, leverage critical flaws in on-premise SharePoint installations, allowing threat actors to […]

The post Microsoft SharePoint Server 0-Day Exploit Targets African Treasury, Companies, and University appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Apple has released a comprehensive set of security updates across its entire product ecosystem on July 29, 2025, addressing multiple vulnerabilities including a critical Safari flaw that was reportedly exploited in Chrome zero-day attacks. The updates span iOS, iPadOS, macOS, watchOS, tvOS, and visionOS platforms, demonstrating the company’s commitment to maintaining security across all its […]

The post Apple Patches Multiple Vulnerabilities, Including Safari Vulnerability Abused in Chrome 0-Day Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability in SonicWall Gen7 firewall products could allow remote unauthenticated attackers to cause service disruptions through denial-of-service (DoS) attacks.  The format string vulnerability tracked as CVE-2025-40600 affects the SSL VPN interface of multiple SonicWall firewall models and has been assigned a CVSS v3 score of 5.9, indicating medium severity with high availability impact. […]

The post Critical SonicWall SSL VPN Vulnerability Let Attackers Trigger DoS Attack on Firewalls appeared first on Cyber Security News.

In this article, we will provide a brief overview of Pillar Security's platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI systems. Using its holistic approach, the platform introduces new ways of detecting AI threats, beginning

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser's ANGLE and GPU components that could result in a sandbox escape via

AI is reshaping vCISO services—and SMBs are fueling the surge. Cynomi's 2025 report shows 3x adoption growth and major workload drops as MSPs and MSSPs scale cybersecurity like never before. Learn more in the 2025 State of the vCISO Report. [...]

Cybersecurity researchers have disclosed now-patched critical security flaws in the firmware of Dahua smart cameras that, if left unaddressed, could allow attackers to hijack control of susceptible devices. "The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device,"