Aggregator

Hacking Group UNC6148 Steals Credentials With New OVERSTEP Rootkit, Google Says
A cybercrime group used a backdoor in a fully patched SonicWall appliance to steal credentials and may have sold the stolen data to ransomware groups as part of an ongoing campaign, Google Threat Intelligence Group found. The firm attributed the campaign to a cybercrime group it tracks as UNC6148.

Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned. The analysts say UNC6148 – as they dubbed the threat group – is likely financially motivated. “An organization targeted by UNC6148 in May 2025 was posted to the ‘World Leaks’ data leak site (DLS) in June 2025, and UNC6148 activity overlaps with publicly … More →

The post SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit appeared first on Help Net Security.

To quash speculation of a cyberattack or BGP hijack incident causing the recent 1.1.1.1 Resolver service outage, Cloudflare explains in a post mortem that the incident was caused by an internal misconfiguration. [...]

A prominent Cambodian tycoon was the subject of multiple raids conducted Tuesday by Thai police, who accused him of being involved in cyber scams.

Ношение медицинских гаджетов скоро перестанет быть пыткой.

How do you lead a security team when threats evolve faster than your tools? It’s a challenge many CISOs face daily. Detection gaps, constant alert noise, and slow incident response make it harder to protect the organization and support the team.  The real issue often comes down to visibility. Without seeing how a threat actually […]

The post Top 3 CISO Challenges And How To Solve Them  appeared first on Cyber Security News.

BCH vs. SDR, AAR vs. CISA: Railroad industry first warned about this nasty vulnerability in 2005.

The post ‘FRED’ Security FAIL — Ignored by US Rail for 20 YEARS appeared first on Security Boulevard.

天文学家通过韦伯望远镜发现一个罕见天体，命名为「无限星系」（Infinity Galaxy）。这个系统是由两个盘状星系碰撞所形成，结构呈现两个紧密的核心，各自被环状结构包围，外观酷似数学符号「∞」，因此得名。无限星系距离地球约 83 亿光年，位于宇宙的中早期阶段。而在这个星系中，天文学家可能首次捕捉到一颗超大质量黑洞正在形成的过程，并指出这颗黑洞并非来自恒星坍缩，而是直接由气体云塌缩而成。这项发现支持「重种子」理论，有助解释为何在宇宙形成后不到十亿年内，已经出现质量庞大的黑洞。传统的「轻种子」（light seeds）理论认为，黑洞起初来自恒星核心坍缩所形成的小黑洞，质量约为数十到数千个太阳质量，需经由长期合并才能演化为超大质量黑洞。然而，这样的成长过程所需时间过长，无法解释宇宙早期即出现的巨大黑洞。因此，也有「重种子」（heavy seeds）理论提出，在特殊条件下，大质量气体云可直接塌缩为黑洞，省略中间合并的过程，但这一机制尚缺乏观测证据。无限星系可能提供了这种极端条件的实例。当两个星系碰撞时，产生的气体震波与压缩作用可能足以触发塌缩。这类情况虽在现今宇宙中极为罕见，但在早期宇宙中可能相当常见，有助解释韦伯望远镜所观测到的早期巨大黑洞来源。

Currently trending CVE - Hype Score: 20 - Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 ...

The lawmakers say the potential is high for such a system to return false positives, blocking citizens from voting.

The post Senate Democrats seek answers on Trump overhaul of immigrant database to find noncitizen voters appeared first on CyberScoop.

DNSlog-GO：一款开箱即用的 DNS 解析监控神器

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability classified as problematic was found in Emlog Pro up to 2.5.17. This vulnerability affects unknown code of the component POST Request Handler. The manipulation of the argument comname leads to cross site scripting. This vulnerability was named CVE-2025-53926. The attack can be initiated remotely. There is no exploit available.

Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation. The attacks are linked to a critical vulnerability, tracked as CVE-2025-25257, for which public proof-of-concept (PoC) exploits were released just days ago. Key Takeaways1. A critical flaw in Fortinet FortiWeb is […]

The post Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA up to 3.4.4. This affects an unknown part of the file adicionar_raca.php. The manipulation of the argument raca leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-53931. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file adicionar_especie.php. The manipulation of the argument especie leads to cross site scripting. This vulnerability is handled as CVE-2025-53930. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file adicionar_cor.php. The manipulation of the argument cor leads to cross site scripting. This vulnerability is known as CVE-2025-53929. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Over a dozen law enforcement agencies took action earlier this week, resulting in multiple arrests.

The post Pro-Russian DDoS group NoName057(16) disrupted by international law enforcement operation appeared first on CyberScoop.

A sophisticated MacOS malware campaign dubbed NimDoor has emerged, targeting Web3 and cryptocurrency organizations through weaponized Zoom SDK updates. The malware, attributed to North Korea-linked threat actors likely associated with Stardust Chollima, represents a significant evolution in offensive capabilities against MacOS systems, having been active since at least April 2025. The attack orchestration begins with […]

The post MacOS Malware NimDoor Weaponizing Zoom SDK Update to Steal Keychain Credentials appeared first on Cyber Security News.

乌克兰黑客与情报部门合作，成功破坏了俄罗斯最大无人机制造商之一的 Gaskar Integration 的 IT 基础设施，导致该公司的生产陷入瘫痪。黑客在此次攻击中窃取了 47 TB 数据，之后将包括备份在内的所有数据全部从服务器上抹掉。窃取的数据转交给了乌克兰国防部。