Aggregator

Группировка похитила 300 ГБ данных с конфиденциальной информацией директоров.

MediaTek has issued urgent security advisories warning of multiple high-severity vulnerabilities in its system-on-chip (SoC) architectures, including flaws that enable local privilege escalation (LPE) and remote code execution (RCE).  The March 2025 Product Security Bulletin highlights three high severity vulnerabilities CVE-2025-20644, CVE-2025-20645, and CVE-2025-20646—affecting modem firmware, cryptographic key management, and Wi-Fi subsystems.  These vulnerabilities impact […]

The post MediaTek Warns of Multiple Vulnerabilities that let Attackers Escalate Privileges appeared first on Cyber Security News.

In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023.  After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year's total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of active ransomware groups jumped 40%, from 68 in 2023 to 95

解读BlackBasta运作模式和技术细节，点击阅读原文，获取完整分析报告

解读BlackBasta运作模式和技术细节，点击阅读原文，获取完整分析报告

解读BlackBasta运作模式和技术细节，点击阅读原文，获取完整分析报告

解读BlackBasta运作模式和技术细节，点击阅读原文，获取完整分析报告

解读BlackBasta运作模式和技术细节，点击阅读原文，获取完整分析报告

A newly disclosed edge case in Substack’s custom domain implementation allows threat actors to hijack inactive subdomains, potentially enabling content spoofing, phishing campaigns, and brand impersonation.  The researcher identified 1,426 vulnerable domains – representing 8% of all Substack-associated custom domains – that remain exposed due to misconfigured DNS records, including 11 wildcard domains that exponentially […]

The post New Vulnerability in Substack let Attackers Take Over Subdomains appeared first on Cyber Security News.

If a company has effective insurance, prevention becomes even less cost-effective. By failing to “value” privacy alone, the system skews in favor of not protecting privacy.

The post DOGE Access to Personal Information and The Difficulty of Showing Harm in Privacy Litigation appeared first on Security Boulevard.

智能化、SaaS化的重保方案，为两会安全保驾护航！

Tailoring backup strategies to ensure operational resilience, safeguard critical configurations, and mitigate risks in Operational Technology environments.

The post Ensuring Continuity in Industrial Operations: A Guide to OT Backup Strategies appeared first on Sygnia.

A new variant of malware, dubbed “Poco RAT,” has emerged as a potent espionage tool in a campaign targeting Spanish-speaking users in Latin America. Security researchers at Positive Technologies Expert Security Center (PT ESC) have linked this malware to the notorious Dark Caracal group, known for its cyber-mercenary operations. The campaign employs weaponized PDF files […]

The post New Poco RAT Via Weaponized PDF Attacking Users to Capture Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Easybe 1-2-3 music store 1.0. Affected by this issue is some unknown functionality of the file process.php. The manipulation of the argument AlbumID leads to sql injection. This vulnerability is handled as CVE-2005-3855. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Edush Maxim GoogleDrive folder list Plugin up to 2.2.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-49335. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Fahad Mahmood Endless Posts Navigation Plugin up to 2.2.7 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-49629. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Avchat.net AVChat Video Chat Plugin up to 2.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-49605. It is possible to initiate the attack remotely. There is no exploit available.