Aggregator

Living Security，全球人类风险管理（HRM）领导者，发布了由顶尖研究机构 Cyentia Institute 独立完成的《2025年人类网络风险现状报告》

Cary, United States, 11th August 2025, CyberNewsWire

Cary, United States, 11th August 2025, CyberNewsWire

The post INE Named to Training Industry’s 2025 Top 20 Online Learning Library List appeared first on Security Boulevard.

AI coding tools like Claude CLI are unintentionally changing the attack surface for developers and businesses in the rapidly changing cybersecurity landscape. Gone are the days when adversaries required weeks or months of meticulous infrastructure mapping, credential probing, and tech stack analysis. Instead, these tools compile comprehensive, contextualized intelligence reports directly on users’ machines through […]

The post AI Coding Assistant: Creating the Perfect Blueprint for Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

F6 выявила схему кражи криптовалюты под видом раздачи токенов.

A critical zero-day vulnerability has been identified in WinRAR that cybercriminals are actively exploiting through sophisticated phishing campaigns to distribute RomCom malware.  The flaw, designated as CVE-2025-8088, represents a significant security threat with a CVSS v3.1 score of 8.4, enabling attackers to execute arbitrary code on victims’ systems through malicious archive files. Key Takeaways1. WinRAR […]

The post WinRAR 0-Day in Phishing Attacks to Deploy RomCom Malware appeared first on Cyber Security News.

作者：Borui Li, Li Yan, Jianmin Liu 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2508.04265v1 摘要 联邦学习（FL）能够在分散的数据上进行协作式模型训练，但仍然容易受到梯度泄露攻击，这些攻击可以重构敏感的用户信息。现有的防御机制，如差分隐私（DP）和同态加密（HE），通常会在隐私、模型效用和系统开销之间引...

Sygniaでは、VMware ESXi、vCenter、および各種ネットワークアプライアンスを標的とした、極めてステルス性の高いサイバー諜報キャンペーン「Fire Ant」を調査しました。本攻撃では、ハイパーバイザーレイヤにおける高度な手法が用いられており、従来の検知メカニズムを巧妙に回避しながら、長期間にわたる潜伏と持続的なアクセスの確保が可能となっていました。

The post Fire Ant：ハイパーバイザーレベルのスパイ活動を徹底解析 appeared first on Sygnia.

Уязвимость в дилерском портале дала полный контроль над чужими машинами.

Security researchers have unveiled SSHamble, a powerful new open-source tool designed to identify vulnerabilities and misconfigurations in SSH implementations across networks. Developed by HD Moore and Rob King, the tool represents a significant advancement in SSH security testing capabilities, addressing critical gaps in how organizations assess their secure shell infrastructure. SSH (Secure Shell) has become […]

The post SSHamble: New Open-Source Tool Targets SSH Protocol Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, was found in CBX Restaurant Booking Plugin up to 1.2.1 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-7965. It is possible to initiate the attack remotely. There is no exploit available.

MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters. MedusaLocker is a ransomware strain that was first observed in late 2019, it encrypts files on infected systems and demands a ransom, usually in cryptocurrency, for their decryption. The group operates as Ransomware-as-a-Service (RaaS), meaning affiliates can rent […]

A vulnerability, which was classified as problematic, was found in Vincent Hor Calendarix Advanced 1.5.2005-05-01. Affected is an unknown function of the file yearcal.php. The manipulation of the argument ycyear leads to basic cross site scripting. This vulnerability is traded as CVE-2006-1835. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Campware.org Campsite 2.6.0/2.6.1. This vulnerability affects unknown code of the file alias.php. The manipulation of the argument g_documentRoot leads to file inclusion. This vulnerability was named CVE-2006-5911. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Campware.org Campsite 2.6.0/2.6.1. This affects an unknown part. The manipulation of the argument g_documentRoot leads to file inclusion. This vulnerability is uniquely identified as CVE-2006-5910. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Litespeed Technologies LiteSpeed Web Server 2.1.5. It has been classified as problematic. Affected is an unknown function of the file admin/config/confmgr.php. The manipulation of the argument m leads to basic cross site scripting. This vulnerability is traded as CVE-2005-3695. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Limbo CMS up to 1.0.4.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index2.php. The manipulation of the argument _server leads to basic cross site scripting. This vulnerability is known as CVE-2005-4317. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Limbo CMS 1.0.4.2. This affects an unknown part of the file index2.php. The manipulation of the argument option leads to path traversal. This vulnerability is uniquely identified as CVE-2005-4319. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Lighthouse Development Squirrelcart 1.5.5. This affects an unknown part of the file index.php. The manipulation of the argument rn leads to sql injection. This vulnerability is uniquely identified as CVE-2005-0962. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Limbo CMS up to 1.0.4.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument _server leads to sql injection. This vulnerability is handled as CVE-2005-4318. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.