Aggregator

A 19-year-old and an 18-year-old have been arrested and charged in the hack of London's transport agency in 2024 — an attack attributed to the Scattered Spider cybercrime collective.

One third of Android and over half iOS apps shown to be leaking insecure APIs and hardcoded secrets

12 mei 1940, half 3 in de middag. Langs het spoor in Dordrecht zijn Duitse paratroepen en Nederlandse militairen verwikkeld in een hevig gevecht. Kapitein Jan Koolhaas probeert met zijn mannen de Krispijnseweg over te steken. Maar de Duitsers hebben die afgesloten. Koolhaas wordt geraakt door mitrailleurvuur en overlijdt de volgende dag aan zijn verwondingen in het ziekenhuis.

Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT. "CountLoader is being used either as part of an Initial Access Broker's (IAB) toolset or by a ransomware affiliate with ties to the LockBit,

SonicWall said that threat actors accessed firewall preference files stored in the cloud for around 5% of its firewall install base

EclecticIQ analysts assess with high confidence that ShinyHunters is expanding its operations by combining AI-enabled voice phishing, supply chain compromises, and leveraging malicious insiders, such as employees or contractors, who can provide direct access to enterprise networks. ShinyHunters is very likely relying on members of Scattered Spider and The Com to conduct voice phishing attacks […]

The post New ‘shinysp1d3r’ Ransomware-as-a-Service Targets VMware ESXi in Ongoing Development appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability categorized as critical has been discovered in Form Maker Plugin up to 1.13.2 on WordPress. This issue affects the function get_labels_parameters of the file form-maker/admin/models/Submissions_fm.php. Such manipulation of the argument Submissioc as part of Parameter leads to sql injection. This vulnerability is listed as CVE-2019-10866. The attack may be performed from remote. In addition, an exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Email Subscribers and Newsletters up to 4.2.2 on WordPress. It has been declared as problematic. Affected by this issue is some unknown functionality of the component File Download. The manipulation results in information disclosure. This vulnerability is known as CVE-2019-19985. It is possible to launch the attack remotely. Furthermore, an exploit is available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Email Subscribers and Newsletters up to 4.3.0 on WordPress. This affects an unknown function. The manipulation of the argument hash as part of Parameter results in sql injection. This vulnerability was named CVE-2019-20361. The attack may be performed from remote. In addition, an exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in download-manager Plugin up to 2.9.93 on WordPress. Affected is an unknown function of the component Category Handler. This manipulation of the argument orderby/search[publish_date] as part of Parameter causes cross site scripting. This vulnerability is tracked as CVE-2019-15889. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is recommended to upgrade the affected component.

A vulnerability has been found in WordPress up to 5.2.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Preview. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2019-16223. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The affected component should be upgraded.

A vulnerability described as problematic has been identified in ARforms Plugin 3.7.1 on WordPress. Impacted is the function arf_delete_file of the file arformcontroller.php. Executing manipulation can lead to improper input validation (Path). This vulnerability appears as CVE-2019-16902. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in Webiness Inventory 2.3. The affected element is an unknown function of the component ProductModel. The manipulation leads to unrestricted upload. This vulnerability is listed as CVE-2019-8404. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in Web Port 1.19.1. It has been rated as problematic. This affects an unknown function of the file /access/setup. The manipulation of the argument Type as part of Parameter leads to cross site scripting. This vulnerability is uniquely identified as CVE-2019-12460. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in webERP 4.15 and classified as critical. This issue affects some unknown processing of the file Payments.php. Such manipulation as part of SQL Query leads to sql injection. This vulnerability is uniquely identified as CVE-2019-13292. The attack can be launched remotely. Moreover, an exploit is present.

Что показал опрос Кибердома о новых угрозах.

A vulnerability has been found in ABB FLXEON up to 9.3.5 and classified as problematic. This affects an unknown part. This manipulation causes one-way hash without salt. This vulnerability appears as CVE-2025-10205. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability described as critical has been identified in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The identification of this vulnerability is CVE-2025-10664. The attack may be launched remotely. Furthermore, there is an exploit available.

Поиск второй Земли только начинается.

Google has released a security update for the Chrome stable channel to fix a zero‑day vulnerability (CVE-2025-10585) reported by its Threat Analysis Group (TAG) on Tuesday. “Google is aware that an exploit for CVE-2025-10585 exists in the wild,” the company announced. About CVE-2025-10585 Like CVE-2025-6554, which was fixed earlier this year, CVE-2025-10585 is a type confusion vulnerability in V8, Chrome’s JavaScript and WebAssembly engine. Unfortunately, that’s the only information Google has shared about it. As … More →

The post Google fixes actively exploited Chrome zero-day vulnerability (CVE-2025-10585) appeared first on Help Net Security.