Aggregator

Microsoft is warning that an ongoing phishing campaign impersonating Booking.com is using ClickFix social engineering attacks to infect hospitality workers with various malware, including infostealers and RATs. [...]

Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking. com and targets organizations in the hospitality industry. The campaign uses a social engineering technique called ClickFix to deliver multiple credential-stealing malware in order to conduct financial fraud and theft.

The post Phishing campaign impersonates Booking.com, delivers a suite of credential-stealing malware appeared first on Microsoft Security Blog.

Microsoft said the ongoing phishing campaign is designed to infect hospitality firms with multiple credential-stealing malware

Defensie heeft 146 nieuwe middelzware en zware opleggers en aanhangwagens besteld. Dat is vandaag in Stroe contractueel vastgelegd met leverancier Broshuis uit Kampen.

De Herinneringsmedaille Internationale Missies (HIM) is weer uitgereikt. Er waren exemplaren voor zo’n 750 militairen uit de hele krijgsmacht. De Plaatsvervangend Commandant der Strijdkrachten luitenant-generaal Ludy Schmidt reikte de onderscheidingen uit. Hij deed dit in Omnisport in Apeldoorn met vertegenwoordigers van de krijgsmachtdelen.

Alleged Data Leak of the National Telecommunications Commission of the Philippines

Microsoft has patched a critical Windows Kernel vulnerability that has been actively exploited for nearly two years.  The vulnerability, tracked as CVE-2025-24983, was included in the company’s March 2025 Patch Tuesday release in March. According to cybersecurity firm ESET, which discovered and reported the vulnerability, attackers have been exploiting this flaw in the wild since […]

The post 2-year-old Windows Kernel 0-day Vulnerability Exploited in the Wild appeared first on Cyber Security News.

On March 13, 2025, Siemens published an advisory to address a vulnerability in the following product: Simcenter Femap V2401 – versions prior to V2401.0003 Simcenter Femap V2406 – versions prior to V2406.0002 The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.

染色体末端的端粒与衰老有着密切的联系，它起着保护 DNA 的作用。每一次细胞分裂，端粒都会缩短。因此随着年龄的增长，端粒会变短。慢性压力、久坐生活方式和睡眠不足等因素会让端粒更快地缩短。最终端粒变得如此短，以至于无法提供保护，细胞失去了正常的功能。现在，科学家报告马达加斯加的胖尾侏儒狐猴会在冬眠时延长端粒。在这项研究中，研究人员在冬眠前、冬眠期间和冬眠后跟踪了杜克狐猴中心的 15 只侏儒狐猴，通过采集脸颊拭子来跟踪它们的端粒随时间的变化。为了帮助它们冬眠，研究人员将温度从77华氏度逐渐降低到50多华氏度，以模拟狐猴原生栖息地的冬季条件，并为它们提供人工洞穴，让它们可以蜷缩起来度过寒冷。一组动物在清醒和活动时会被提供食物。另一组则在整个冬眠季节不吃、不喝、不活动，靠尾巴中储存的脂肪生存，就像它们在野外一样。基因测序显示，在冬眠期间，狐猴的端粒并没有缩短——它们实际上变长了。它们离开冬眠两周后端粒会恢复到冬眠前的长度。研究人员推测这种变长可能是为了抵消在周期性的重新升温阶段可能发生的细胞损伤。它的寿命可以达到同体型灵长类动物的两倍，能活到近 30 岁。

A vulnerability, which was classified as problematic, was found in discourse-placeholder-theme-component. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-43408. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/vood_view.cgi?lang=EN&act=user/spec_conf&sessionId=86213915328111654515&user=A&message2user=Account%20updated. The manipulation of the argument Phone Number leads to cross site scripting. The identification of this vulnerability is CVE-2024-8022. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Pligg CMS 2.0.2. Affected by this vulnerability is an unknown functionality of the file /admin/domain_management.php?whitelist_add. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-42612. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Pligg CMS 2.0.2. This affects an unknown part of the file /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-42619. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WordSurvey Plugin up to 3.2 on WordPress. This affects an unknown part. The manipulation of the argument sounding_title leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6767. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Tenda RX3 16.03.13.11_multi_TDE01. Affected by this vulnerability is an unknown functionality of the file /goform/SetPptpServerCfg of the component Packet Handler. The manipulation of the argument startIp/endIp leads to denial of service. This vulnerability is known as CVE-2025-29357. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Tenda RX3 16.03.13.11_multi_TDE01. Affected is an unknown function of the file /goform/setPptpUserList of the component Packet Handler. The manipulation of the argument list leads to denial of service. This vulnerability is traded as CVE-2025-29362. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetVirtualServerCfg of the component Packet Handler. The manipulation of the argument list leads to denial of service. The identification of this vulnerability is CVE-2025-29361. The attack may be initiated remotely. There is no exploit available.