Aggregator

You must login to view this content

A sophisticated Trojan malware campaign has been targeting mobile device users across iOS and Android platforms since February 2024, with cybersecurity researchers identifying a significant escalation in photo theft capabilities that poses particular risks to cryptocurrency users and individuals storing sensitive information in their device galleries. SparkKitty represents a concerning evolution in mobile malware distribution, […]

The post SparkKitty Malware Steals Photos from iOS and Android Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has released critical security updates to address CVE-2025-47981, a severe heap-based buffer overflow vulnerability in the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism that affects multiple Windows and Windows Server versions.  This vulnerability carries a CVSS score of 9.8 out of 10, indicating maximum severity with the potential for remote code execution without user interaction.  […]

The post Microsoft Patches Wormable RCE Vulnerability in Windows Client and Server appeared first on Cyber Security News.

AlertMedia launched Incident Response, an addition to its AI-enabled platform designed to help organizations mitigate risks and resolve incidents faster. When impacted by critical events like natural disasters, workplace or public safety emergencies, cybersecurity incidents, and system failures, organizations often struggle to coordinate an effective response due to disparate tools and manual, error-prone processes. AlertMedia’s Incident Response addresses these gaps by delivering a suite of tools that enables security and business continuity teams to activate … More →

The post AlertMedia Incident Response improves coordination and visibility into resolving incidents appeared first on Help Net Security.

Red Hat announced Red Hat Enterprise Linux for Business Developers to simplify access to the world’s leading enterprise Linux platform for business-focused development and testing scenarios. A new self-service offering through the Red Hat Developer Program, Red Hat Enterprise Linux for Business Developers helps business development teams build, test and iterate on applications more quickly and on the same platform that underpins production systems across the hybrid cloud at no cost. IT complexity continues to … More →

The post Red Hat introduces Enterprise Linux for Business Developers appeared first on Help Net Security.

A sophisticated supply chain attack has compromised ETHcode, a popular Visual Studio Code extension for Ethereum development, through a malicious GitHub pull request that required just two lines of code to weaponize the trusted software. The attack, discovered by ReversingLabs researchers, demonstrates how threat actors can infiltrate legitimate development tools with minimal code changes, potentially […]

The post VS Code Extension Weaponized With Two Lines of Code Leads to Supply Chain Attack appeared first on Cyber Security News.

Splunk has released critical security updates addressing multiple vulnerabilities in third-party packages in SOAR versions 6.4.0 and 6.4.  Published on July 7, 2025, this comprehensive security update remediates various Common Vulnerabilities and Exposures (CVEs) ranging from medium to critical severity levels.  The vulnerabilities affect essential components, including git, Django, cryptography libraries, and JavaScript packages, requiring […]

The post Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions – Update Now appeared first on Cyber Security News.

A new Android vulnerability called TapTrap that allows malicious apps to bypass the operating system’s permission system without requiring any special permissions themselves. The attack exploits activity transition animations—a core feature of Android’s user interface—to trick users into unknowingly granting sensitive permissions or performing destructive actions. Unlike traditional tapjacking attacks that rely on malicious overlays, […]

The post TapTrap Android Exploit Allows Malicious Apps to Bypass Permissions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft has released critical security updates addressing a severe remote code execution vulnerability that could allow attackers to execute malicious code across networks without user interaction. The vulnerability, tracked as CVE-2025-47981, affects Windows client machines running Windows 10 version 1607 and above, potentially exposing millions of systems to cyberattacks. Critical Security Vulnerability Details The SPNEGO Extended […]

The post Microsoft Fixes Wormable Remote Code Execution Flaw in Windows and Server appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical Local File Inclusion (LFI) vulnerability was recently discovered in Microsoft 365’s Export to PDF functionality, potentially allowing attackers to access sensitive server-side data, including configuration files, database credentials, and application source code.  The vulnerability, reported by security researcher Gianluca Baldi and subsequently patched by Microsoft, earned a $3,000 bounty reward for its significant […]

The post Microsoft 365 PDF Export LFI Vulnerability Allows Access to Sensitive Server Data appeared first on Cyber Security News.