Aggregator

A vulnerability, which was classified as critical, was found in LabRedesCefetRJ WeGIA up to 3.4.5. This affects an unknown part of the file /html/funcionario/profile_dependente.php. The manipulation of the argument id_dependente leads to sql injection. This vulnerability is uniquely identified as CVE-2025-54062. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A sophisticated new attack vector where malicious actors are hiding malware inside DNS records, exploiting a critical blind spot in most organizations’ security infrastructure. This technique transforms the Internet’s Domain Name System into an unconventional file storage system, allowing attackers to distribute malware while evading traditional detection methods. Recent investigations using DNSDB Scout, a passive […]

The post Hackers Exploiting DNS Blind Spots to Hide and Deliver Malware appeared first on Cyber Security News.

Вселенная может ломаться, трещать, рассыпаться, но чёрные дыры всё равно останутся.

Alleged Multi-Access Sale: RDWeb Accounts Across USA, Canada & Australia

Researchers have uncovered critical security vulnerabilities affecting millions of computer servers and routers worldwide, stemming from the insecure implementation of fundamental internet tunneling protocols. The flaws could allow attackers to bypass security controls, spoof their identity, access private networks, and launch powerful denial-of-service attacks. The discovery was made by security researchers Mathy Vanhoef and Angelos […]

The post 4M+ Internet-Exposed Systems at Risk From Tunneling Protocol Vulnerabilities appeared first on Cyber Security News.

Cryptocurrency exchange BigONE announced that it suffered a security breach, in which hackers stole various digital assets valued at $27 million. [...]

Ransomware group Stormous claims it stole data from 600,000 North Country HealthCare patients across 14 sites in northern Arizona. The Stormous ransomware gang claims it has stolen personal and health data belonging to 600,000 patients from health provider North Country HealthCare. North Country HealthCare is a nonprofit, federally qualified health center (FQHC) based in northern […]

Investors had accused the executives of ignoring problems at Cambridge Analytica, a now defunct political consulting firm which allegedly improperly collected data about millions of Facebook users.

Alleged Sale of Unauthorized Access to Indian Pharmaceutical Firm

Officials confirmed the incident on Thursday but claimed the hackers only defaced the website and did not penetrate servers that stored any data.

Минус один MethaneSat. Плюс тысяча поводов ничего не замечать.

1Password this week announced it has added a Model Context Protocol (MCP) server to the Trelica governance platform for software-as-a-service (SaaS) applications it acquired earlier this year. In addition, the MCP Server for Trelica by 1Password is also being made available on the Amazon Web Services (AWS) Marketplace for artificial intelligence (AI) agents that just..

The post 1Password Adds MCP Server to Trelica Governance Platform appeared first on Security Boulevard.

TorBot: Open Source Intelligence (OSINT) Tool for the Dark Web

In an operation called Eastwood, authorities arrested two people and shut down more than 100 servers linked to the Russian group NoName057(16).

Explore Gartner's ® Magic Quadrant™ 2025 for Endpoint Protection Platforms. Learn why SentinelOne was named a Leader for the 5th year in a row.

Photon: An incredibly fast crawler designed for OSINT

The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to compromise other government networks. [...]

Emerging in mid-2023 as an apparent successor to Meiya Pico’s notorious MFSocket, the newly identified Android application Massistant has begun surfacing on confiscated handsets at Chinese border checkpoints and police stations. Unlike conventional spyware that relies on covert remote delivery, Massistant is installed physically when a device is in official custody, then pairs with a […]

The post Massistant Chinese Mobile Forensic Tooling Gain Access to SMS Messages, Images, Audio and GPS Data appeared first on Cyber Security News.