Aggregator

A vulnerability was found in Moodle and classified as problematic. Affected by this issue is some unknown functionality of the component H5P Error Message Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-43439. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. This vulnerability is traded as CVE-2025-0881. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Ivanti Endpoint Manager up to 2022 SU5/2024 and classified as very critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-50330. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Blue Shield of California has disclosed a significant data breach affecting 4.7 million members, representing the majority of its nearly 6 million customers.  The health insurance provider revealed that protected health information (PHI) was inadvertently shared with Google’s advertising platforms over a nearly three-year period due to a misconfiguration of Google Analytics on the company’s […]

The post Blue Shield Leaked Health Info of 4.7M patients with Google Ads appeared first on Cyber Security News.

SonicWall has issued an urgent advisory (SNWLID-2025-0009) warning of a high-severity vulnerability in its SSLVPN Virtual Office interface that enables unauthenticated attackers to remotely crash firewalls, causing widespread network disruptions. Tracked as CVE-2025-32818, this flaw carries a CVSS v3 score of 7.5 and affects dozens of firewall models across its Gen7 and TZ80 product lines. The […]

The post SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Edgescan 2025 Vulnerability Statistics Report offers a data-rich snapshot of the global cybersecurity landscape, drawing from thousands of assessments and penetration tests conducted in 2024. Now in its 10th year, the report analyzes full-stack security trends across industries, highlighting common vulnerabilities, patching delays, and risk hotspots. With insights into exploit availability, attack surface exposure, and remediation timelines, it equips organizations with the data they need to make smarter, risk-based decisions. The report highlights a … More →

The post Exposed and unaware: The state of enterprise security in 2025 appeared first on Help Net Security.

在新冠疫情爆发五年后，Google 开始强迫部分远程工作员工必须回办公室工作否则他们将面临被解雇。根据内部文件，Google 多个部门通知远程工作的员工必须前往最近的办公室，要求每周必须去办公室至少三天，否则他们的职位可能面临裁减风险。截至去年底 Google 有 18.3 万员工，而两年前这一数字是 19 万。Google 联合创始人 Sergey Brin 此前在内部备忘录中表示，从事 AI 工作的员工每周必须都去办公室工作，每周工作 60 小时最佳。Google 发言人 Courtenay Mencini 表示由公司各个团队决定远程办公员工回办公室工作的要求，这不是整个公司的政策。他表示面对面的协作有助于创新和解决复杂问题。

In a previous article of JPCERT/CC Eyes, we reported on SPAWNCHIMERA malware, which infects the target after exploiting the vulnerability in Ivanti Connect Secure. However, this is not the only malware observed in recent attacks. This time, we focus on...

Microsoft has launched an expanded bug bounty program offering rewards of up to $30,000 for researchers who identify critical vulnerabilities in AI systems within its Dynamics 365 and Power Platform products.  The initiative, announced by Microsoft Security Response, aims to strengthen security in enterprise AI by incentivizing ethical hackers to uncover potential weaknesses before malicious […]

The post Microsoft to Offer Rewards Up to $30,000 for AI Vulnerabilities appeared first on Cyber Security News.

A sweeping wave of suspicious online activity is putting organizations on alert as hackers ramp up their efforts to probe vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems. Cybersecurity firm GreyNoise has identified a dramatic nine-fold increase in suspicious scanning activity, suggesting coordinated reconnaissance that could foreshadow future exploitation. According […]

The post Hackers Use 1000+ IP Addresses to Target Ivanti VPN Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

AI-Powered Tools Protect Containerized Environments Against Sophisticated Attacks
Container security experts skilled in AI-driven defense tools are becoming critical as organizations rely more on containerized applications. These experts must contend with ephemeral workloads, secure CI/CD pipelines and implement real-time anomaly detection to protect cloud-native environments.

European Commission Also Fines Apple 500 Million Euros
European regulators said Facebook conducted an end run around privacy regulations by requiring users to pay a monthly subscription fee or else accept that their personal data would be fed to advertisers. The European Commission fined the social media giant 200 million euros.

Breach Victim Tally Soars Since Firm Filed an Initial Breach Report in Early April
Kelly Benefits is notifying nine large clients and nearly 264,000 individuals that their sensitive personal information was potentially compromised in a December data theft incident. The tally of affected people has climbed eight-fold since the company’s first estimate earlier this month.

2019 Phishing Incident at California-Based PIH Health Affected Nearly 190,000
A regional healthcare network with three California hospitals serving Los Angeles and Orange Counties has agreed to pay federal regulators $600,000 and implement a corrective action plan to resolve potential HIPAA violations identified during an investigation into a 2019 phishing breach.

Series D Round Comes at $3.5B Valuation, Fuels Product Expansion Beyond Containers
Chainguard’s $356 million Series D haul will help it push beyond securing containers to protecting virtual machines and language libraries. CEO Dan Lorenc says customers want security that scales with open-source adoption, especially amid rising software supply chain threats.

根据 Asia Pacific Network Information Center (APNIC)实验室提供的数据，亚洲的 IPv6 覆盖率超过五成。这并不意味着亚洲五成的联网设备依赖 IPv6 地址。它测量的是 APNIC 服务区域内的主机是否支持 IPv6，基于实验室过去 30 天内的网络分析和探查而获得的平均值。中国的 IPv6 覆盖率为 45.28%，IPv6 用户超过 8.1 亿；印度 78.16%，用户 6 亿；日本 58.2%，用户 1 亿；越南 60.18%，用户 5400 万；泰国 50.62%，用户 4500 万；韩国 23.75%，用户 5100 万。American Registry for Internet Numbers (ARIN)服务区域内的 IPv6-覆盖率最高达到 52%，但用户总数比亚洲地区要少得多。