Aggregator

Security researchers have identified a critical vulnerability in ServiceNow’s widely-used enterprise platform that could enable attackers to extract sensitive data including personally identifiable information (PII), credentials, and financial records. The flaw, dubbed “Count(er) Strike” by Varonis Threat Labs, affects ServiceNow instances used by 85% of Fortune 500 companies and has been assigned CVE-2025-3648 with a […]

The post ServiceNow Platform Vulnerability Enables Attackers to Exfiltrate Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the affected software, Carnegie Mellon University’s CERT Coordination Center (CERT/CC) has warned. The vulnerabilities have yet to be patched and it’s unknown when (or whether) they will be. The vulnerabilities Ruckus Networks is a subsidiary of American network infrastructure provider CommScope. It sells a variety of wired and wireless … More →

The post Ruckus network management solutions riddled with unpatched vulnerabilities appeared first on Help Net Security.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security advisory warning that multiple vulnerabilities in Emerson ValveLink Products could allow attackers to access sensitive system information and execute unauthorized code. The alert, designated ICSA-25-189-01 and released on July 8, 2025, carries a maximum CVSS v4 score of 9.3, indicating the severity of […]

The post CISA Warns ValveLink Products May Expose Sensitive System Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security researchers have disclosed a critical set of Bluetooth vulnerabilities dubbed “PerfektBlue” that affect millions of vehicles and other devices using OpenSynergy’s BlueSDK framework. The vulnerabilities can be chained together to achieve remote code execution (RCE) with minimal user interaction, requiring only device pairing to launch successful attacks. Bluetooth Protocol Vulnerabilities The PerfektBlue attack leverages […]

The post Critical Bluetooth Protocol Vulnerabilities Expose Devices to RCE Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Sigma360 launched AI Investigator Agent, an autonomous GenAI agent that transforms how compliance teams handle risk alerts. This innovation leverages advanced AI and entity resolution models to clear easily identifiable false positives, reducing manual match reviews by up to 90% and enabling analysts to focus on genuine threats. The agent addresses one of the most persistent challenges in financial crime compliance: dealing with overwhelming volumes of alerts that drain valuable analyst time and expertise. Through … More →

The post Sigma360 AI Investigator Agent reduces manual reviews appeared first on Help Net Security.

You must login to view this content

CISA released thirteen Industrial Control Systems (ICS) advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-191-01 Siemens SINEC NMS
• ICSA-25-191-02 Siemens Solid Edge
• ICSA-25-191-03 Siemens TIA Administrator
• ICSA-25-191-04 Siemens SIMATIC CN 4100
• ICSA-25-191-05 Siemens TIA Project-Server and TIA Portal
• ICSA-25-191-06 Siemens SIPROTEC 5
• ICSA-25-191-07 Delta Electronics DTM Soft
• ICSA-25-191-08 Advantech iView
• ICSA-25-191-09 KUNBUS RevPi Webstatus
• ICSA-25-191-10 End-of-Train and Head-of-Train Remote Linking Protocol
   
• ICSA-25-121-01 KUNBUS GmbH Revolution Pi (Update A)
• ICSA-25-135-19 ECOVACS DEEBOT Vacuum and Base Station (Update A)
• ICSA-24-263-02 IDEC Products (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. 

• CVE-2025-5777 Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. 

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.