Aggregator

A vulnerability was found in Adobe Substance3D up to 14.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2025-21164. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Broadcom Brocade Fabric OS up to 9.2.2. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper check for unusual conditions. This vulnerability was named CVE-2025-4663. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Dimension up to 4.1.2. It has been classified as critical. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-30312. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

The arrest came at the request of the United States, which hailed the development as a sign that patience in pursuing cybercriminals in court is rewarded.

The post Italian authorities arrest Chinese man over Microsoft Exchange Server hack, targeting of COVID-19 researchers appeared first on CyberScoop.

A vulnerability was found in Adobe Dimension up to 4.1.2 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-47135. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Canonical Juju up to 2.9.51/3.6.7 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authorization. This vulnerability is known as CVE-2025-0928. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in HPE Networking Instant On up to 3.2.0.1. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-37103. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in IBM OpenPages with Watson 9.0. This issue affects some unknown processing of the component Web UI. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-43039. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in HPE Networking Instant On up to 3.2.0.1. This vulnerability affects unknown code of the component Command Line Interface. The manipulation leads to command injection. This vulnerability was named CVE-2025-37102. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in IBM OpenPages with Watson 8.3/9.0. This affects an unknown part. The manipulation leads to risky cryptographic algorithm. This vulnerability is uniquely identified as CVE-2024-49784. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

The United States identified and sanctioned another North Korean involved with the country's IT worker schemes, this time for illicit operations based in China and Russia.

A vulnerability was found in IBM OpenPages with Watson 8.3/9.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to generation of predictable iv with cbc mode. This vulnerability is handled as CVE-2024-49783. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM OpenPages with Watson 8.3/9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is known as CVE-2025-27369. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM OpenPages with Watson 8.3/9.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. This vulnerability is traded as CVE-2025-27367. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A novel tapjacking technique can exploit user interface animations to bypass Android's permission system and allow access to sensitive data or trick users into performing destructive actions, such as wiping the device. [...]

A newly identified ransomware group, BERT, tracked by Trend Micro as Water Pombero, has emerged as a significant threat to organizations across Asia, Europe, and the US. First observed in April, BERT targets critical sectors such as healthcare, technology, and event services, employing a dual-platform approach to infect both Windows and Linux systems. Threat Targeting […]

The post BERT Ransomware Can Force Shutdown of ESXi Virtual Machines to Hinder Recovery appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The alleged Chinese state-sponsored hacker faces multiple charges, including wire fraud, aggravated identity theft, and unauthorized access to protected computers.

A North Korean man was the focus of Tuesday’s announcement, which also included a Russian man, his companies and North Korean firms.

The post Treasury slaps sanctions on people, companies tied to North Korean IT worker schemes appeared first on CyberScoop.

The Justice Department confirmed the arrest in a statement, unsealing a nine-count indictment on Tuesday accusing Xu and co-defendant Zhang Yu of being involved in “computer intrusions between February 2020 and June 2021, including the indiscriminate HAFNIUM computer intrusion campaign that compromised thousands of computers worldwide, including in the United States.”

Arctic Wolf has uncovered a cunning cybersecurity threat that exploits search engine optimization (SEO) poisoning and malvertising tactics to distribute Trojanized versions of widely used IT tools such as PuTTY and WinSCP. This campaign cunningly targets IT professionals and system administrators, individuals who frequently rely on these tools for secure file transfers and remote system […]

The post Hackers Manipulate Search Results to Target IT Pros with Trojanized PuTTY and WinSCP appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.