Aggregator

H1 выходит на сцену гостиничного сервиса.

The manufacturing sector has emerged as a prime target for cyber attackers in 2024, with a staggering 71% surge in active threat actors compared to the previous year, according to a recent report by Forescout Technologies. Between 2024 and the first quarter of 2025, 29 threat actors were actively targeting this critical infrastructure sector, with […]

The post State-Sponsored Groups Intensify Attacks on Manufacturing Sector and OT Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Android Security Bulletin for June 2025, published on June 2, details a series of high-severity vulnerabilities affecting a wide range of Android devices. Security patch levels of 2025-06-05 or later address all reported issues, with source code patches set for imminent release to the Android Open Source Project (AOSP) repository. The most critical vulnerability […]

The post Android Security Update Addresses High-Severity Privilege Escalation Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Scattered Spider isn't one group — it's an identity-first threat model evolving fast. From vishing to AiTM phishing, they're exploiting MFA gaps to hijack the cloud. Watch the Push Security webinar to learn how their identity-based tactics work — and how to stop them. [...]

If your CISO isn't wielding influence with the CEO and helping top leaders clearly see the flight path ahead, your company is dangerously exposed.

Microsoft Edge for Android is rolling out an enhanced privacy feature that allows users to secure their InPrivate browsing sessions with PIN codes or biometric authentication when switching away from the app, bringing the browser in line with similar functionality already available in Google Chrome for Android. The new InPrivate tab locking feature represents a […]

The post Microsoft Edge for Android Adds InPrivate Tab Locking with PIN & Bio Authentication appeared first on Cyber Security News.

Aembit, the workload identity and access management (IAM) company, today announced a major expansion of its platform to support Microsoft environments. With this launch, enterprises can now enforce secure, policy-based access for software workloads and agentic AI running on Windows Server, Active Directory, Microsoft Entra ID, and Azure – while extending that same access model […]

The post Aembit Extends Workload IAM to Microsoft Ecosystem, Securing Hybrid Access for Non-Human Identities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server. [...]

A vulnerability has been found in Python CPython up to 3.14.0b1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to an unknown weakness. This vulnerability was named CVE-2025-4435. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Python CPython up to 3.14.0b1. This affects the function TarFile.extractall/TarFile.extract. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-4517. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Python CPython up to 3.14.0b1. Affected by this issue is the function TarFile.extractall/TarFile.extract. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-4330. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Python CPython up to 3.14.0b1. Affected by this vulnerability is the function TarFile.extractall/TarFile.extract. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-4138. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Python CPython up to 3.14.0b1. Affected is the function TarFile.extractall/TarFile.extract. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-12718. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

The North Face, a prominent outdoor fashion brand under VF Outdoor, LLC, detected unusual activity on its website, thenorthface.com. Following a swift and thorough investigation, the company identified the incident as a small-scale credential stuffing attack. Unauthorized Access Incident on thenorthface.com Credential stuffing is a sophisticated cyberattack where malicious actors use stolen authentication credentials typically […]

The post North Face Fashion Brand Alerts Customers to Credential Stuffing Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA is facing $495m budget cut, losing 1000 employees and reducing staff to 2324

Malwarebytes launched Scam Guard, an AI-powered digital safety companion that provides real-time feedback on scams, threats and malware alongside digital safety recommendations. Whether it’s a suspicious text, DM, email, image or link, Scam Guard offers judgment-free, personalized advice to help users spot and avoid potential scams. Embedded within the Malwarebytes Mobile Security app, the new feature aims to remove the stigma of shame around scams by helping educate and guide users before it’s too late. … More →

The post Malwarebytes Scam Guard spots and avoids potential scams appeared first on Help Net Security.

A vulnerability, which was classified as critical, has been found in Infoblox NETMRI up to 7.6.0. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-32814. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. This vulnerability is known as CVE-2025-5149. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MDM, Snapdragon Mobile and Snapdragon Technology and classified as critical. This issue affects some unknown processing of the component HLOS. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2024-53010. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.