Malicious Open Source Packages Spike 188% YoY
Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.
Aggregator
Samsung announces major security enhancements coming to One UI 8
8 months ago
Samsung has announced multiple data security and privacy enhancements for its upcoming Galaxy smartphones running One UI 8, its custom user interface on top of Android. [...]
Bill Toulas
M&S confirms social engineering led to massive ransomware attack
8 months ago
M&S confirmed today that the retail outlet's network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack. [...]
Lawrence Abrams
China-Linked VELETRIX Loader Used in Attacks on Telecommunications Infrastructure
8 months ago
A China-Nexus Threat Actor has launched a highly advanced assault against China Mobile Tietong Co., Ltd., a division of China Mobile, one of the biggest telecom behemoths in the nation, in a compelling illustration of state-aligned cyberwarfare. Named “DragonClone” by Seqrite Labs APT-Team, this operation underscores the strategic motivations behind China-linked cyber threats, which go […]
The post China-Linked VELETRIX Loader Used in Attacks on Telecommunications Infrastructure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
Dire Wolf
8 months ago
You must login to view this content
cohenido
Dire Wolf
8 months ago
You must login to view this content
cohenido
Dire Wolf
8 months ago
You must login to view this content
cohenido
Dire Wolf
8 months ago
You must login to view this content
cohenido
Dire Wolf
8 months ago
You must login to view this content
cohenido
Adobe security advisory (AV25-408)
8 months ago
Canadian Centre for Cyber Security
Postcard теперь open source: Ruby, Docker, два режима — всё на GitHub
8 months ago
Закрытый личный сайт стал открытым кодом.
XMRig Malware Disables Windows Updates and Scheduled Tasks to Maintain Persistence
8 months ago
Monero (XMR), a cryptocurrency, saw a spectacular surge in early 2025, rising 45% from $196 to $285 by May, with a notable peak in April. This surge coincided with a high-profile Bitcoin theft in the US, where the stolen assets were reportedly converted into Monero by a single individual, drawing attention to the privacy-focused coin. […]
The post XMRig Malware Disables Windows Updates and Scheduled Tasks to Maintain Persistence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
CVE-2025-6491 | PHP SOAP Extension null pointer dereference
8 months ago
A vulnerability has been found in PHP and classified as problematic. This vulnerability affects unknown code of the component SOAP Extension. The manipulation leads to null pointer dereference.
This vulnerability was named CVE-2025-6491. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-1735 | PHP pgsql Extension null pointer dereference
8 months ago
A vulnerability, which was classified as problematic, was found in PHP. This affects an unknown part of the component pgsql Extension. The manipulation leads to null pointer dereference.
This vulnerability is uniquely identified as CVE-2025-1735. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-53204 | Event List Plugin up to 1.9.2 on WordPress file inclusion
8 months ago
A vulnerability, which was classified as critical, has been found in Event List Plugin up to 1.9.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to file inclusion.
This vulnerability is handled as CVE-2025-53204. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-6742 | SureForms Plugin up to 1.7.3 on WordPress file_exists Remote Code Execution
8 months ago
A vulnerability classified as critical was found in SureForms Plugin up to 1.7.3 on WordPress. Affected by this vulnerability is the function file_exists. The manipulation leads to Remote Code Execution.
This vulnerability is known as CVE-2025-6742. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-6691 | SureForms Plugin up to 1.7.3 on WordPress delete_entry_files
8 months ago
A vulnerability classified as critical has been found in SureForms Plugin up to 1.7.3 on WordPress. Affected is the function delete_entry_files. The manipulation leads to an unknown weakness.
This vulnerability is traded as CVE-2025-6691. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-5804 | Case Theme User Plugin up to 1.0.3 on WordPress file inclusion
8 months ago
A vulnerability was found in Case Theme User Plugin up to 1.0.3 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to file inclusion.
The identification of this vulnerability is CVE-2025-5804. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-21167 | Adobe Substance3D up to 14.1 out-of-bounds (apsb25-62)
8 months ago
A vulnerability was found in Adobe Substance3D up to 14.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to out-of-bounds read.
This vulnerability is uniquely identified as CVE-2025-21167. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-48300 | Groundhogg Plugin up to 4.2.1 on WordPress unrestricted upload
8 months ago
A vulnerability was found in Groundhogg Plugin up to 4.2.1 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload.
This vulnerability was named CVE-2025-48300. The attack can be initiated remotely. There is no exploit available.
vuldb.com