Aggregator

PT NAD вскрыл скрытые угрозы в сети салонов.

A widespread cyberattack campaign has successfully compromised dozens of Fortinet FortiWeb instances through webshell deployment, exploiting a critical vulnerability for which proof-of-concept code became publicly available just days ago. The rapid weaponization of the exploit demonstrates the immediate risks organizations face when security flaws become public knowledge. Critical Vulnerability Details and Impact The attacks center […]

The post FortiWeb Systems Compromised via Webshells After Public PoC Release appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has announced its 2025 Most Valuable Researchers (MVRs), recognizing 100 security researchers who made significant contributions to protecting the company’s customers through the Microsoft Security Response Center’s vulnerability disclosure program. The annual recognition celebrates researchers who discovered and responsibly reported security vulnerabilities between July 1, 2024, and June 30, 2025. The Microsoft Researcher Recognition […]

The post Microsoft Honors Top Contributors to MSRC’s Security Research Program appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Samsung Email up to 6.1.90.16 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2024-20867. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Notes 2.0.02.31/4.2.00.22/4.2.04.27/4.3.14.39 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2024-20868. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Notes up to 4.4.21.62. It has been declared as problematic. This vulnerability affects unknown code of the component Content Drawing. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-20913. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Notes up to 4.4.21.62. It has been rated as problematic. This issue affects some unknown processing of the component Hand Writing. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-20914. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Samsung Notes up to 4.4.21.62. Affected is an unknown function of the component Voice Content. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-20915. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in imartinez privategpt up to 0.5.0. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument File leads to open redirect. This vulnerability is traded as CVE-2024-5936. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Samsung Members 2.4.25/3.9.10.11/4.2.005. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper input validation. This vulnerability is known as CVE-2025-20898. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Blockchain Keystore 1.3.12.1/1.3.13.5/1.3.16. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-20900. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Samsung Blockchain Keystore 1.3.12.1/1.3.13.5/1.3.16. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-20901. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Samsung Email up to 6.1.94.2. This issue affects some unknown processing. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2025-20894. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

In this Help Net Security video, Andy Ulrich, CISO at Vonage, explains how silent authentication offers a smarter, seamless solution to the security and productivity challenges of BYOD. He breaks down how it works, why it matters, and how businesses can boost both user experience and compliance without compromising protection. Read more: Aegis Authenticator: Free, open-source 2FA app for Android Why should companies or organizations convert to FIDO security keys? Product showcase: Secure digital and … More →

The post Why silent authentication is the smarter way to secure BYOD appeared first on Help Net Security.

How Focused Skill Building Solves Real Problems in Cyber Roles
The pressure to grow doesn't come from curiosity alone. It comes from real friction in the systems you work with. That's why the smartest way to continue learning is not to try to master everything. Instead, focus on the next thing that will actually help you move forward in your role.

Experts Aim to Probe How AI Models Reason, and Why It Matters
AI researchers from OpenAI, Google DeepMind and Anthropic and others have urged deeper study into chain-of-thought monitoring, a technique to track how reasoning models arrive at answers. Their joint paper warns that transparency may erode if not prioritized.

5G OT Security Summit Speakers on Delicate Balance Between Innovation, Cyber Risk
Digital transformation - which now includes a convergence of cloud-based applications, AI and OT systems - introduces new threat vectors particularly as legacy systems struggle to adapt. Speakers at the 5G OT Security Summit discussed cyber defenses and policies and for securing OT systems.

67 Malicious Packages, XORIndex Loader Target JavaScript Code-Sharing Platform
North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm Registry as part of the ongoing Contagious Interview campaign. The malware targets open-source JavaScript developers with malware loaders.

Agency to Collaborate with External Experts on Vulnerability Research
The U.K. NCSC will collaborate with industry experts for vulnerability detection and mitigation as part of its latest Vulnerability Research Initiative. The announcement comes on the heels of funding concerns for the U.S. government-based Common Vulnerabilities and Exposures program.