Aggregator

During "CISO: The Worst Job I Ever Wanted," several chief information security officers reveal how difficult it is to be in a role that, despite being around for decades, remains undefined.

Town of Kittery, Maine falls victim to INC RANSOM Ransomware

A sophisticated cyber attack campaign has emerged targeting Ukraine’s critical infrastructure, utilizing a previously unknown destructive malware variant that researchers have designated “PathWiper.” This latest threat represents a significant escalation in the ongoing cyber warfare landscape, demonstrating advanced capabilities designed to cause maximum disruption to essential services and systems across the embattled nation. The malware […]

The post New PathWiper Malware Attacking Critical Infrastructure To Deploy Administrative Tools appeared first on Cyber Security News.

A vulnerability was found in QNAP File Station 5.5.6.4741 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper certificate validation. This vulnerability is handled as CVE-2025-29884. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in QNAP File Station 5.5.6.4741 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper certificate validation. This vulnerability is known as CVE-2025-29883. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in QNAP File Station 5.5.6.4741. Affected is an unknown function. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2025-22486. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in QNAP Qsync Central 4.3.0.11/4.4.0.15/4.4.0.16_20240819. This issue affects some unknown processing. The manipulation leads to format string. The identification of this vulnerability is CVE-2025-22482. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in WOLFBOX Level 2 EV Charger. This vulnerability affects unknown code of the component Tuya Communications Module. The manipulation leads to exposed dangerous routine. This vulnerability was named CVE-2025-5748. Access to the local network is required for this attack. There is no exploit available.

A newly identified information-stealing malware, crafted in the Rust programming language, has emerged as a significant threat to users of Chromium-based browsers such as Google Chrome, Microsoft Edge, and others. Dubbed “RustStealer” by cybersecurity researchers, this sophisticated malware is designed to extract sensitive data, including login credentials, cookies, and browsing history, from infected systems. Emerging […]

The post New Rust-Developed InfoStealer Drains Sensitive Data from Chromium-Based Browsers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical has been found in WOLFBOX Level 2 EV Charger. This affects an unknown part of the component MCU Command Parser. The manipulation leads to misinterpretation of input. This vulnerability is uniquely identified as CVE-2025-5747. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in QNAP File Station 5.5.6.4847. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2025-29872. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in QNAP File Station 5.5.6.4847. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2025-22484. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in QNAP QTS and QuTS hero. It has been classified as critical. Affected is an unknown function. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-22481. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in QNAP QTS and QuTS hero and classified as critical. This issue affects some unknown processing. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-56805. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Korean cybersecurity researchers have uncovered a sophisticated malware campaign targeting cryptocurrency users worldwide, with ViperSoftX emerging as a persistent threat that continues to evolve its attack methodologies. First identified by Fortinet in 2020, this malware has demonstrated remarkable longevity and adaptability, consistently updating its techniques to bypass security measures while maintaining its core objective of […]

The post Threat Actors Using ViperSoftX Malware to Exfiltrate Sensitive Details appeared first on Cyber Security News.

Wireshark Filters

A sophisticated social engineering technique known as ClickFix baiting has gained traction among cybercriminals, ranging from individual hackers to state-sponsored Advanced Persistent Threat (APT) groups like Russia-linked APT28 and Iran-affiliated MuddyWater. This method targets human end users as the weakest link in cybersecurity defenses, tricking them into executing malicious commands through seemingly benign prompts. A […]

The post Hackers Leverage New ClickFix Tactic to Exploit Human Error with Deceptive Prompts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum. "macOS users are served a

作者写过三本书，这是第三本

Sophos X-Ops researchers have identified over 140 GitHub repositories laced with malicious backdoors, orchestrated by a single threat actor associated with the email address ischhfd83[at]rambler[.]ru. Initially sparked by a customer inquiry into the Sakura RAT, a supposed open-source malware touted for its “sophisticated anti-detection capabilities,” the investigation revealed a much broader and more insidious campaign. […]

The post Hundreds of Malicious GitHub Repos Targeting Novice Cybercriminals Traced to Single User appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.