Aggregator

Обычно 30 знаков, а тут почти 300: странные сигналы ВВС США.

A vulnerability classified as very critical has been found in Dover Fueling Solutions ProGauge MagLink LX consoles. Affected is an unknown function of the component Target Communication Framework Interface. The manipulation leads to missing authentication. This vulnerability is traded as CVE-2025-5310. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Pixel Manager for WooCommerce Plugin up to 1.49.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-6201. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Real Estate Management 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /store/index.php. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-45786. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Couchbase .NET SDK up to 3.7.0. It has been classified as problematic. This affects an unknown part of the component TLS Certificate Validation Handler. The manipulation leads to certificate with host mismatch. This vulnerability is uniquely identified as CVE-2025-49015. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in D-Link DPH-400S SE VoIP Phone 1.01 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument PROVIS_USER_PASSWORD leads to insecure storage of sensitive information. This vulnerability is handled as CVE-2025-45784. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability has been found in EfroTech Time Trax 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component File Attachment Handler. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-46157. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in miniTCG 1.3.1. Affected is an unknown function of the file /members/edit.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is traded as CVE-2025-45661. It is possible to launch the attack remotely. There is no exploit available.

Amazon Web Services has announced new and improved security features at its annual AWS re:Inforce cloud security conference. The company has also introduced features aimed at speeding up backup recovery, and has announced the completion of its push to protect all AWS root users’s accounts with multi-factor authentication. AWS Shield network security director (Preview) AWS Shield, the managed DDoS protection service that protects applications running on AWS, is gaining the ability to pinpoint network issues … More →

The post AWS launches new cloud security features appeared first on Help Net Security.

China’s People’s Liberation Army has accelerated its integration of generative artificial intelligence across military intelligence operations, marking a significant shift in how the world’s largest military force approaches data collection, analysis, and strategic decision-making. This technological transformation represents the PLA’s recognition that traditional intelligence methods can no longer adequately identify threats and opportunities in an […]

The post PLA Rapidly Deploys AI Technology Across Military Intelligence Operations appeared first on Cyber Security News.

Barracuda observed a big spike in spam emails generated using AI tools, making up the majority detected in April 2025

被称为 Sukunaarchaeum 的新微生物不是病毒但非常像病毒，它生存的唯一目的是和病毒一样进行自我复制。它是一种寄生物，但不能回报宿主，而是必须从宿主 Citharistes regius 身上窃取所需要的一切。它与细胞生命之间的亲缘关系远大于病毒大肠杆菌。合成生物学家 Kate Adamala 认为这一发现挑战了细胞生命与病毒之间的界限，可能代表了一种正演化成病毒的微生物，或有助于科学家理解病毒最初是如何演化而来。科学家发现，Sukunaarchaeum 并非是孤例。

Microsoft has announced a new security capability within its Defender for Office 365 suite aimed at combating the growing threat of email bombing attacks.  The feature, officially labeled “Mail Bombing Detection,” will automatically identify and quarantine high-volume email flooding campaigns that attempt to overwhelm user inboxes or obscure legitimate messages.  This technology enhancement will be […]

The post Microsoft Defender for Office 365 to Block Email Bombing Attacks appeared first on Cyber Security News.

A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called Stargazers Ghost Network. "The campaigns resulted in a multi-stage attack chain targeting Minecraft users specifically," Check Point researchers Jaromír Hořejší and Antonis Terefos said in a report shared with The Hacker News. "The malware was

As SEO leans towards AI, site owners are more in need of third-party tools, and agencies and updating…

The RapperBot botnet has reached unprecedented scale, with security researchers observing over 50,000 active bot infections targeting network edge devices across the globe. This sophisticated malware campaign represents one of the most persistent and evolving cyber threats currently plaguing internet-connected infrastructure, demonstrating remarkable adaptability and technical sophistication since its initial emergence. First disclosed by CNCERT […]

The post RapperBot Botnet Attack Peaks 50,000+ Attacks Targeting Network Edge Devices appeared first on Cyber Security News.

微软根据 Microsoft 365 用户匿名数据以及对全球 31,000 名办公室职员的调查发表了年度报告《2025 Work Trend Index》。报告称，晚上八点后开会的次数比一年前增加了 16%；晚上十点后近三分之一活跃员工仍然在查看收件箱；早上 6 点上网用户有四成会查看当天的优先事项邮件；员工平均每个工作日会收到 117 封邮件，大部分邮件在 60 秒内看完；收件人数逾 20 人的群发邮件数量增长了 7%，一对一邮件数量下降 5%；平均每个工作日员工收到 153 则 Team 消息（ Team 是 MS 的协作式消息平台）；近五分之一员工会在周六和周日中午之前查看电子邮件，逾 5% 员工会在周日晚上再次查看邮箱，为新一周的工作做准备。

Phishing has evolved—and trust is the new attack vector. ChainLink Phishing uses real platforms like Google Drive & Dropbox to sneak past filters and steal credentials in the browser. Watch Keep Aware's on-demand webinar to see how these attacks work—and how to stop them. [...]

The speakers at ShowMeCon 2025 explored why policy isn't protection without validation. AI, identity, and threat detection must align to reduce operational risk.

The post The Role of AI and Compliance in Modern Risk Management: ShowMeCon 2025 appeared first on Security Boulevard.