Aggregator

A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. It has been classified as problematic. This affects an unknown part of the component Block Page. The manipulation of the argument Category leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8751. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

半年融资 3 个亿，前地平线、理想高管做了一只机器狗。

U.S. authorities have announced the successful dismantling of the BlackSuit ransomware operation, a notorious group linked to attacks on more than 450 organizations worldwide. The operation, led by Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI), involved seizing servers, domains, and digital assets used for deploying ransomware, extorting victims, and laundering illicit profits. BlackSuit, […]

The post US Confirms Shutdown of BlackSuit Ransomware That Hacked Over 450 Organizations appeared first on Cyber Security News.

Submit #623677 / VDB-319245

Радио с шифром — а враг уже в эфире.

The threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over $1 million in cryptocurrency from victims. This coordinated assault, uncovered by Koi Security researchers, leverages a staggering 650 hacking tools comprising 150 weaponized Firefox extensions and nearly 500 malicious Windows executables demonstrating […]

The post Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from Victims appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new, coordinated cybercrime campaign called "GreedyBear" has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security.

A vulnerability was found in Mobile Industrial Robots MiR Robots and MiR Fleet up to 2.x and classified as critical. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-8748. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Cisco Talos’ Vulnerability Discovery & Research team has disclosed a total of 12 critical security vulnerabilities across three popular software platforms, highlighting significant security risks that could potentially impact millions of users worldwide. The disclosure includes seven vulnerabilities in WWBN AVideo, four in MedDream PACS Premium, and one in Eclipse ThreadX FileX, all of which […]

The post Multiple Security Vulnerabilities Found in WWBN AVideo, MedDream, and Eclipse ThreadX appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in macrozheng mall up to 1.0.3 and classified as problematic. Affected by this vulnerability is the function Upload of the file /minio/upload of the component Add Product Page. The manipulation of the argument File leads to cross site scripting. This vulnerability is known as CVE-2025-8750. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

In recent months, security researchers have uncovered a novel attack vector targeting Python package installers through ambiguities in the ZIP archive format. By exploiting discrepancies between local file headers and the central directory, malicious actors can craft seemingly benign wheel distributions that, when unpacked by vulnerable installers, silently smuggle unauthorized files into the target environment. […]

The post PyPI Released Advisory to Prevent ZIP Parser Confusion Attacks on Python Package Installers appeared first on Cyber Security News.

Submit #623655 / VDB-319243

Cybersecurity researchers have uncovered a new technique that allows attackers to bypass Windows User Account Control (UAC) protections by exploiting an unexpected vulnerability in the system’s Private Character Editor tool, potentially granting unauthorized administrative privileges without user consent. The exploit targets eudcedit.exe, Windows’ Private Character Editor located in C:\Windows\System32, which is typically used for creating […]

The post Windows UAC Bypass Exploits Character Map Tool for Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Альцгеймер и эпилепсия больше не спрячутся.

The Python Package Index (PyPI) has announced new restrictions aimed at mitigating ZIP parser confusion attacks that could exploit discrepancies in how Python package installers and inspectors handle ZIP archives. This move comes in response to vulnerabilities identified in tools like the uv installer, which exhibits different extraction behaviors compared to Python-based installers relying on […]

The post PyPI Issues Advisory to Prevent ZIP Parser Confusion Attacks on Python Package Installers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

关键词安全漏洞超过百款戴尔笔记本电脑型号受到 ControlVault3 固件漏洞影响，黑客可借此绕过 Win

关键词勒索软件自2022年以来，一个源自Quantum、继承自臭名昭著的Conti组织的勒索软件集团，逐步演变

关键词数据泄露2025年5月16日，一个未知的威胁行为主体入侵哥伦比亚大学网络系统，窃取近87万在校及离职师生

关键词网络钓鱼一场精心设计的社交工程攻击让全球科技巨头谷歌也未能幸免。

When an organization’s credentials are leaked, the immediate consequences are rarely visible—but the long-term impact is far-reaching. Far from the cloak-and-dagger tactics seen in fiction, many real-world cyber breaches begin with something deceptively simple: a username and password. According to Verizon’s 2025 Data Breach Investigations Report, leaked credentials accounted for 22% of breaches