Aggregator

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

Oracle released its July 2025 Critical Patch Update on July 15, addressing 309 security vulnerabilities across its extensive product portfolio.  This quarterly security update represents one of the most comprehensive patches in recent history, targeting critical flaws in database systems, middleware, cloud applications, and enterprise software that could potentially expose organizations to severe cyberattacks. The […]

The post Oracle Critical Security Update – 309 Vulnerabilities with 145 Remotely Exploitable Patched appeared first on Cyber Security News.

登录tix.qq.com获取更多资讯

很少有 CEO 能在艰难的时刻，如此游刃有余。

Microsoft has issued an urgent warning to Windows users about an impending security certificate expiration that could significantly impact device functionality. The tech giant announced that Secure Boot certificates used by most Windows devices are scheduled to expire starting in June 2026, potentially affecting the ability of personal and business computers to boot securely if […]

The post Windows Secure Boot Certificate Expired in June, Microsoft Issues Warning appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.11.7. Affected is the function damon_feed_loop_next_input. The manipulation leads to unchecked return value. This vulnerability is traded as CVE-2024-50270. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.11.7. Affected by this issue is the function sunxi_musb_probe of the component USB. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-50269. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.10.229/5.15.171/6.1.116/6.6.60/6.11.7. This issue affects the function ucsi_ccg_update_set_new_cam_cmd of the component USB. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-50268. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Microsoft PowerPoint. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-47175. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel up to 6.1.45/6.4.10. It has been classified as critical. Affected is the function amdgpu_cs_pass1 of the component AMD GPU. The manipulation leads to infinite loop. This vulnerability is traded as CVE-2023-52921. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Google’s artificial intelligence agent “Big Sleep” has made cybersecurity history by discovering and stopping the exploitation of a critical zero-day vulnerability in SQLite, marking the first time an AI system has directly foiled real-world cyberattacks. The AI agent, developed by Google DeepMind and Project Zero, identified the SQLite vulnerability (CVE-2025-6965) based on threat intelligence indicating […]

The post Google’s AI ‘Big Sleep’ Detects Critical SQLite 0-Day, Halts Ongoing Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Он шифровал бизнесы по всей Европе — и попался в халате на кухне.

NIST and collaborating institutions have released extensive data about the genome of pancreatic cancer cells.

Cameron John Wagenius faces up to 27 years in prison after pleading guilty to wire fraud, extortion and aggravated identity theft in data breaches involving major corporations.

Cybersecurity researchers have disclosed what they say is a "critical design flaw" in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025. "The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accounts and their resources across Active Directory indefinitely," Semperis said in a report shared with

文章介绍了异步Beacon Object Files（BOFs）的设计与应用，允许红队在目标环境中部署传感器实时监控事件（如管理员登录），并在不影响植入睡眠的情况下将数据传输至C2服务器。该设计支持自动化任务（如获取TGT、启动键盘记录器），提升红队操作的效率与隐蔽性，并为未来实现类似SIEM的解决方案奠定基础。

A vulnerability was suspected in Linux Kernel up to 5.15.10. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 5.15.10. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

The financially driven organization known as Dark Partners has been planning massive cryptocurrency theft since at least May 2025, using a complex network of more than 250 malicious domains that pose as AI tools, VPN services, cryptocurrency wallets, and well-known software brands. This is part of a rapidly developing cybercrime operation. These fake websites, distributed […]

The post Dark Partners Hacker Group Drains Crypto Wallets Using Fake AI Tools and VPN Services appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

该文章介绍了Reddit上的r/blackhat社区，专注于讨论和记录漏洞及利用技术，并提醒用户遵守规则后再参与交流。