Aggregator

Clorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive August 2023 cyberattack by resetting an employee's password for a hacker without first verifying their identity. [...]

Five Nevada men, including a German citizen, received prison sentences of up to 84 months for operating Jetflicks, one of the largest illegal television streaming services in United States history.  The defendants generated millions in criminal profits by distributing copyrighted content through sophisticated automated systems that bypassed legitimate licensing agreements, causing an estimated $37.5 million […]

The post Jetflicks Illegal Paid Streaming Service Operators Jailed for 7 Years appeared first on Cyber Security News.

The threat actor behind the exploitation of vulnerable Craft Content Management System (CMS) instances has shifted its tactics to target Magento CMS and misconfigured Docker instances. The activity has been attributed to a threat actor tracked as Mimo (aka Hezb), which has a long history of leveraging N-day security flaws in various web applications to deploy cryptocurrency miners. "Although

OpenAI is rolling out a new "personality" feature on the ChatGPT web app. This allows you to choose between multiple personalities, such as "Robot." [...]

Всего за год компания успела поразить десятки крупных компаний, включая больницы.

Phishing attacks are evolving rapidly, allowing cybercriminals to bypass traditional security systems like email filters and static defenses. As a result, many businesses are left vulnerable to credential theft, often without realizing the threat until it’s too late. Early detection is key, and real-time analysis of suspicious emails, links, and files in a secure environment offers the solution. Let’s explore […]

The post How Businesses Prevent Credential Theft with Early Phishing Detection appeared first on Cyber Security News.

Profil3r: An OSINT tool that allows you to find potential profiles of a person on social networks, as well as their email addresses

A vulnerability, which was classified as problematic, has been found in yasm 9defefae. Affected by this issue is the function yasm_section_bcs_append of the file section.c. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-22653. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Juniper Junos OS Evolved up to 22.3/23.1/23.3/24.1/24.3. This affects an unknown part of the component VRF. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-52954. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Grafana up to 11.3.8/11.4.6/11.5.6/11.6.3/12.0.2 and classified as problematic. This issue affects some unknown processing. The manipulation leads to open redirect. The identification of this vulnerability is CVE-2025-6023. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Grafana up to 12.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the component DingDing Alerting Integration URL. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-3415. The attack needs to be initiated within the local network. There is no exploit available.

XSS.IS has been seized after its admin was arrested in Ukraine, however its dark web and mirror domains only show a 504 Gateway Timeout error.