Aggregator

Если Skydweller  поднялся — он не вернётся, пока не увидит всё, что хотел.

Proofpoint Threat Research has identified a sophisticated multi-pronged cyberespionage campaign targeting Taiwan’s semiconductor industry between March and June 2025. Three distinct Chinese state-sponsored threat actors, designated as UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp, conducted coordinated phishing operations against organizations spanning semiconductor manufacturing, design, testing, supply chain entities, and financial investment analysts specializing in the Taiwanese semiconductor market. […]

The post Chinese State-Sponsored Hackers Target Semiconductor Industry with Weaponized Cobalt Strike appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cyberattacks on educational institutions are growing. But with budget constraints and funding shortfalls, leadership teams are questioning whether — and how — they can keep their institutions safe.

Co-op has confirmed that all 6.5 million members of the UK retail cooperative had their personal data compromised during a sophisticated cyberattack in April.  The breach, which affected names, addresses, and contact information, represents one of the largest data exfiltrations in recent UK retail history.  Key Takeaways1. 6.5 million Co-op members' personal data stolen in […]

The post UK Retailer Co-op Confirms 6.5 Million Members’ Data Stolen in Massive Cyberattacks appeared first on Cyber Security News.

A former National Crime Agency investigator who worked on the Silk Road case was sentenced to more than five years in prison for stealing 50 bitcoins seized in that operation.

The Higher School of Economics (HSE), a leading Russian institution, said the two-year course will focus on international corporate compliance and business ethics, and will be taught in both Russian and English.

A vulnerability was found in Bluebird kr.co.bluebird.android.bbsettings up to 1.3.2. It has been classified as problematic. Affected is an unknown function of the component kr.co.bluebird.android.bbsettings.BootReceiver. The manipulation leads to improper export of android application components. This vulnerability is traded as CVE-2025-5346. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Bluebird com.bluebird.filemanagers up to 1.3.5/1.4.4 and classified as problematic. This issue affects some unknown processing of the component com.bluebird.system.koreanpost.IsdcardRemoteService. The manipulation leads to improper export of android application components. The identification of this vulnerability is CVE-2025-5345. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Bluebird com.bluebird.kiosk.launcher up to 1.1.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper export of android application components. This vulnerability was named CVE-2025-5344. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in TOTOLINK N300RB 8.54. This affects an unknown part. The manipulation leads to backdoor. This vulnerability is uniquely identified as CVE-2025-52089. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Researchers discovered a security flaw in Google's Gemini AI chatbot that could put the 2 billion Gmail users in danger of being victims of an indirect prompt injection attack, which could lead to credentials being stolen or phishing attacks.

The post Google Gemini AI Flaw Could Lead to Gmail Compromise, Phishing appeared first on Security Boulevard.

Архитектура корпоративных брандмауэров оказалась идеальной для незаметного взлома.

美国乔治梅森大学(GMU)｜张亦成老师招生：系统与硬件安全方向博士生（2026春/秋入学）

The Federal Communications Commission said Wednesday that the ban will be part of a broader package of policies to encourage an expansion of submarine telecommunications infrastructure while protecting it from “foreign adversary threats.”

Security researchers have discovered over 4 million vulnerable Internet hosts that can be weaponized for devastating new denial-of-service attacks, marking one of the largest infrastructure vulnerabilities uncovered in recent years. The groundbreaking research, conducted by Angelos Beitis and Mathy Vanhoef from DistriNet at KU Leuven, reveals that millions of devices worldwide accept unauthenticated tunneling traffic […]

The post Over 4 Million Exposed Devices Used in Two New DoS Attack Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Тысяча экспериментов, тонны формул, и всё зря — пока не включили инфракрасную камеру.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.92/6.12.30/6.14.8. Affected by this vulnerability is the function vhost_scsi_complete_cmd_work. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-38074. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A stealthy MaaS infostealer exfiltrating browser, crypto, and system data, Katz Stealer is enabling full campaign control for threat actors.