Aggregator

喜报！

How many real threats hide behind the noise your SOC faces every day?  When hundreds of alerts demand attention at once, even the best analysts start to lose focus. The nonstop pressure to react to everything drains energy, clouds judgment, and opens the door to real risk.  Teams using ANY.RUN have already flipped that script:  […]

The post Solve Alert Fatigue, Focus on High-Risk Incidents: An Action Plan for CISOs  appeared first on ANY.RUN's Cybersecurity Blog.

A new ClickFix campaign is tricking users with a fake Windows update that runs in their browser. Called “Fake OS Update,” this scam takes advantage of people’s trust in the familiar blue screen of death (BSOD) from Microsoft. It delivers malware and shows how social engineering can be more effective than technical tricks. Cybersecurity researcher […]

The post New ClickFix Attack Tricks Users with ‘Fake OS Update’ to Execute Malicious Commands appeared first on Cyber Security News.

美国印太司令部副司令成为美国网络司令部司令热门人选

比欧盟NIS2指令更为严格

A vulnerability was found in OpenPrinting libcupsfilters up to 2.1.1 and classified as problematic. Affected is the function cfFilterImageToRaster. Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2025-57812. The attack needs to be initiated within the local network. No exploit is available. A patch should be applied to remediate this issue.

A vulnerability categorized as problematic has been discovered in dvsekhvalnov jose2go up to 1.7.0. This vulnerability affects unknown code of the component JSON Handler. The manipulation results in denial of service. This vulnerability is cataloged as CVE-2025-63811. The attack must originate from the local network. There is no exploit available.

Атака шла месяцами через невидимый шелл, живущий только в памяти.

企业智能化转型的基础设施

数据流通中的安全与信任，正从技术问题升级为市场战略问题，一场围绕可信数据空间的产业变革已经开启。

NHS provider Synnovis is notifying clients about the extent of a data breach 17 months after it suffered a ransomware attack

Security researchers have uncovered a sophisticated supply chain attack disguised as a legitimate cryptocurrency wallet. Socket’s Threat Research Team discovered a malicious Chrome extension called “Safery: Ethereum Wallet,” published on the Chrome Web Store on November 12, 2024, that employs an ingenious technique to steal user seed phrases through hidden blockchain transactions. The extension, identified […]

The post Malicious Chrome Extension Grants Full Control Over Ethereum Wallet appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Dell Technologies has disclosed a critical security vulnerability in its Data Lakehouse platform that could allow remote attackers to escalate privileges and compromise system integrity. The flaw, tracked as CVE-2025-46608, affects all versions before 1.6.0.0 and has been assigned a CVSS score of 9.1, placing it in the critical severity category. The security flaw stems from an improper […]

The post Critical Dell Data Lakehouse Vulnerability Let Remote Attacker Escalate Privileges appeared first on Cyber Security News.

A vulnerability was found in mruby up to 3.4.0. It has been declared as critical. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. This vulnerability is traded as CVE-2025-13120. An attack has to be approached locally. Furthermore, there is an exploit available. It is advisable to implement a patch to correct this issue.

GitLab has released critical security patches addressing nine vulnerabilities across Community Edition (CE) and Enterprise Edition (EE), including a concerning prompt injection flaw in GitLab Duo that could expose sensitive information from confidential issues. The company is urging all self-managed installations to upgrade immediately to versions 18.5.2, 18.4.4, or 18.3.6. The most alarming vulnerability is CVE-2025-6945, a prompt […]

The post GitLab Vulnerabilities Expose Users to Prompt Injection Attacks and Data Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #683435 / VDB-332325

Businesses today are dealing with faster, stealthier email threats that look routine yet unleash aggressively malicious scripts the moment a user engages. This is especially true when the lure arrives as an attachment that resembles a harmless image file.  The perception gap is exactly what attackers exploit with SVG phishing, whereby what appears to be […]

The post How Attackers Turn SVG Files Into Phishing Lures appeared first on Cyber Security News.

Чтобы спастись от Gemini, вам нужно найти "секретную" кнопку в настройках.