Aggregator

A vulnerability was found in OpenID Connect up to 1.0 errata set 2. It has been declared as problematic. This vulnerability affects unknown code of the component private_key_jwt. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-27370. The attack can be initiated remotely. There is no exploit available.

Submit #505525 / VDB-276807

A vulnerability was found in tsup 8.3.4. It has been classified as problematic. This affects the function document.currentScript of the file cjs_shims.js. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-53384. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in RustCrypto AEADs up to 0.4.2 and classified as problematic. Affected by this issue is some unknown functionality of the component aes-gcm. The manipulation leads to improper verification of cryptographic signature. This vulnerability is handled as CVE-2025-27498. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in ttop32 MouseTooltipTranslator up to 0.1.127 and classified as critical. Affected by this vulnerability is an unknown functionality of the file viewer.html of the component URL Parameter Handler. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2025-25303. The attack can be launched remotely. There is no exploit available.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Giants’ appeared first on Security Boulevard.

Новые метаповерхности смогут не только передавать данные, но и наблюдать за изменениями в пространстве.

Cybersecurity researchers have uncovered a surge in the use of Advanced Encryption Standard (AES) encryption by threat actors to shield malicious payloads from detection. This technique, combined with code virtualization and staged payload delivery, is being employed by malware families such as Agent Tesla, XWorm, and FormBook/XLoader to evade static analysis tools and sandbox environments. […]

The post Threat Actors Exploiting AES Encryption for Stealthy Payload Protection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kaspersky’s latest report on mobile malware evolution in 2024 reveals a significant increase in cyber threats targeting mobile devices. The security firm’s products blocked a staggering 33.3 million attacks involving malware, adware, or unwanted mobile software throughout the year. Mobile Malware Landscape Evolves with New Distribution Schemes Adware continued to dominate the mobile threat landscape, […]

The post 33.3 Million Cyber Attacks Targeted Mobile Devices in 2024 as Threats Surge appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. [...]

In a concerning trend, the frequency of scanning attacks targeting Internet of Things (IoT) devices and network routers has surged dramatically, reaching unprecedented levels. According to recent data from F5 Labs, the total number of scanning events increased by 91% in 2024 compared to the previous year, with a staggering 8.7 million events recorded. This […]

The post Routers Under Attack as Scanning Attacks on IoT and Networks Surge to Record Highs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Как им удалось сжать время до квадриллионной доли секунды?

The Trump Administration's orders to the DoD and CISA to halt cyber operations and investigations against Russia is a gift to the United States' longtime foreign adversary and makes the country less safe, according to cybersecurity professionals.

The post Security Pros Push Back as Trump Orders Halt to Cyber Ops vs. Russia appeared first on Security Boulevard.

A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. [...]

Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity company is tracking the activity cluster under the name TGR-UNK-0011 (short for a threat group with unknown motivation), which it said overlaps with a group known as JavaGhost. TGR-UNK-0011 is known to

Мир стоит на пороге Q-day, и мы, похоже, к нему не готовы.

Utsunomiya Central Clinic Has Fallen Victim to Qilin Ransomware

The growth of AI-based technology has introduced new challenges, making remote identity verification systems more vulnerable to attacks, according to iProov. Innovative and easily accessible tools have allowed threat actors to become more sophisticated overnight, powering an increasing number of threat vectors due to new methodologies. While much attention has focused on consumer identity fraud, the most significant and costly attacks of 2024 targeted workforce remote identity verification systems. This shift toward corporate targets reveals … More →

The post Online crime-as-a-service skyrockets with 24,000 users selling attack tools appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in F5 NGINX Unit up to 1.34.1. Affected is an unknown function of the component Java Language Module. The manipulation leads to infinite loop. This vulnerability is traded as CVE-2025-1695. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apryse WebViewer up to 11.1. This issue affects some unknown processing of the component Rendering Engine. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-57240. The attack may be initiated remotely. There is no exploit available.