Author: Admin
The right to use the root certificate can disable Firefox supplement, security features and play DRM
March 13, 2025Red LakshmananSecurity / encryption of the browser Mozilla browser manufacturer is Calling on users To update your Firefox instances to the latest version, to avoid problems using the additions due to the rapid root certificate. “March 14, 2025 Root Certificate used to verify the signed content and additions for various Mozilla projects, including Firefox – Note. ‘Not updated to the Firefox version 128 or above (either juice 115.13+ For ESR users, including Windows 7/8/8.1 and MacOS 10.12-10.14), this ending can cause significant problems with the supply, signing content and the media protected from DRM. ” Mozilla said the…
March 13, 2025Red LakshmananWith open source / vulnerability Meta warned that safety vulnerability affects FreeType The open source font library may have been used in the wild. The vulnerability has been assigned to CVE ID Cve-2025-27363And it carries the CVSS 8.1, which indicates high severity. Described as disadvantages of record outside, it can be used to achieve the remote code when parsing some font files. “Write down what goes out of the restriction, exists in the FreeType 2.13.0 versions and below when trying to deal with the structures of sublips associated with the Trenetype GX and the models of the…
March 12, 2025Red LakshmananCyber -Spying / vulnerability Chinese-NEXUS Cyber Spionage Group is monitored as UNC3886, focusing on MX router from the end of life with Juniper Networks as part of the company deployment, emphasizing their ability to focus on the internal network infrastructure. ‘In the rear rooms there were different custom opportunities, including active and passive features – Note In a report that shared with Hacker News. The threatening firm described the development as the evolution of the enemy shopping center, which has historically used devices with zero day in Fortinet, Ivanti and VMware to break interesting networks and establish…
March 12, 2025Red LakshmananCloud security / vulnerability The Greynoise Intelligence Company warns of “coordinated overstress” when operating fake vulnerability on the server side (SSRF) covering several platforms. “At least 400 IPS has been noticed that actively exploits multiple SSRF Cves at the same time, with a noticeable overlapping between the attack attempts,” the company – NoteAdding it to the activity of the activities of March 9, 2025. Countries that came out as the goal of operating SSRF include the US, Germany, Singapore, India, Lithuania and Japan. Another notable country is Israel, which witnessed the growth of March 11, 2025. SSRF’s…
We have heard the same story over the years: AI is coming to your work. In fact, in 2017, McKise printed the report, Problems of lost jobs received jobs: Labor transitions during automationPredicting that by 2030 375 million employees should find new jobs or risk that will be moved by AI and automation. The turn of anxiety. The whispers were ongoing what roles would be affected and recently questioned. With AI now capable of automate tasks as vulnerability scan and network scan – and other things – and platforms like Plextrac adds AI opportunities To disable handmade efforts, will there…
March 12, 2025Red LakshmananPatch on Tuesday / vulnerability Microsoft on Tuesday liberated Security updates to solve 57 safety vulnerabilities in its software, including a tremendous six zero days, which, he said, are actively exploited in the wild. Of the 56 deficiencies, six are estimated critical, 50 are important and one is low in severity. Twenty-three of the addressed vulnerabilities are the remote code errors and 22 refer to the escalation of privileges. Updates in addition to 17 vulnerability Microsoft addressed to its browser based on Chromium since the exit Update Patch last month on Tuesdayone of which is a disadvantage…
March 12, 2025Red LakshmananSecurity / vulnerability of the final points Apple on Tuesday liberated The security update to solve the lack of zero day, which, he said, was used in “extremely complex” attacks. The vulnerability was assigned to CVE-2025-24201 and is introduced into the Webkit Web Browser component. This has been described as a recording problem that can allow an attacker to produce a malicious web content so it can escape from the web content. Apple said she resolved the issue of improving the check to prevent unauthorized actions. He also noted that this is an additional correction for the…
Colombian Blind Eagle Hacks facilities using NTLM deficiencies, rats and attacks based on GitHub
Actor threats known as Room Since November 2024, he has been connected with a number of current companies aimed at Colombian institutions and state structures. “Monitoring companies are oriented – Note In a new analysis. “More than 1,600 victims were injured during one of these companies, which took place approximately December 19, 2024. This infection level is significant, given the purposeful approach to APT.” The room, active with at least 2018, is also monitored as Aguilaciega, Apt-C-36 and Apt-Q-98. It know For its hyper-specific targets for legal entities in South America, in particular Colombia and Ecuador. The attacks of the…
Ballista Botnet exploits an unprocessed vulnerability TP-Link, infects more than 6000 devices
March 11, 2025Red LakshmananNetwork security / vulnerability According to the new results of the Cto Ctrl team, which were inflicted on non-professional TP-Link Larher routers, the new Botnet company, dubbed Ballista. “BotNet uses the Vulnerability of the Remote Code (RCE) in the TP-Link Archer routers (CVE-2013-1389) to automatically distribute on the Internet,” said the security researchers and Mattlman in technical technical technical report Share with Hacker News. Cve-2013-1389 This is a high-speed security disadvantage affecting the TP-Link Archer Ax-21 routers that can lead to team introduction, which can then pave the way for remote code. A the earliest evidence Active…
March 11, 2025Hacker NewsChecking Modeling / penetration Cybersecurity is a bilateral sword. Organizations often work under a false sense of securityAssuming that the vulnerabilities, modern tools, polished dashboards and luminous risk results guarantee safety. The reality is a slightly different story. In the real world, checking the right boxes is not equal. As the Sun Tsu, “Strategy without tactics is the slowest path to winning. Strategy tactics are noise before defeat.” Two and a half millennium concept is still preserved: Protecting cybersecurity of your organization must be strategically confirmed under real conditions To make sure your business is very survival.…