Author: Admin
The new chrome zero day is actively exploited; Google releases the patch on an emergency accident
03 June 2025Red LakshmananThe security / vulnerability of the browser On Monday, Google released fixes outside the range to address three security issues in his Chrome browser, including the one that, he said, was actively operating in the wild. The lack of high speed is tracked as Cve-2025-5419And it was labeled both outside the reading and recording vulnerability in the V8 JavaScript and Webassembly engine. “Read and write on the V8 on Google Chrome to 137.0.7151.68 allowed a remote attacker to potentially use corruption piles through the created HTML page,” – said description Errors in the National Vulnerability Base Nist…
Earn applications on Ulefone’s phones, Krüger & Matz allow any device to reset, steal the pin
02 June 2025Red LakshmananMobile security / vulnerability There were three security vulnerabilities disclosed In pre -downloaded Android apps on smartphones with Ulefone and Krüger & Matz, which could include any app installed on the plant reset and encrypt the application. A brief description of three disadvantages – this is the following – Cve-2024-13915 (CVSS rating: 6.9) – Pre -installed application “Com.Pri.factorytest” to the Ulefone and Krüger & Matz service, exposes “com.factorytest.emmc.factoryrevice”, which allows any installed application to perform the enchanting device. Cve-2014-13916 (CVSS assessment: 6.9)–on-installed “Com.pri.Applock” app on Kruger & Matz smartphones allows the user to encrypt any app using…
Cybersecurity researchers have discovered a new crypto company, which is aimed at publicly available web -servers Devops, such as those associated with Docker, Gitea and Hashicorp Consul and Nomad to identify cryptocurrencies illegally. Cloud Security Chard Wiz, which tracks activity called Jinx-0132He said the attackers use a wide range of well -known mistakes and vulnerabilities to ensure a useful miner load. “In particular, this company means that we consider the first publicly instance of erroneous conditions – Note In a report that shared with Hacker News. The following are these attacks that the bad actors load the necessary tools directly…
02 June 2025Red LakshmananSpy software / vulnerability Qualcomm has sent security updates to address three zero day vulnerabilities, which, he said, were used in limited and focused attacks in the wild. The following are the deficiencies that were responsible for the Google Android Security Security, given below – the given – Cve-2025-21479 and Cve-2025-21480 (CVSS assessment: 8.6) – Two incorrect authorization vulnerabilities in the graphic components that can lead to corruption memory from the nsa Cve-2025-27038 (CVSS assessment: 7.5)-Upline in a graphical component that does not use that can lead to corruption memory while simultaneously providing graphs using GPU Adreno…
Fake Recruit Electronic Letters, Target Directors using legal Netbird tools in 6 global regions
Cybersecurity researchers have warned about a new phishing campaign that uses a legal remote access tool called Netbird to orientation on the main financial directors (financial directors) and financial executives in banks, energy companies, insurers and investment firms across Europe. “In that, it seems, a multi -stage phishing operation, the attackers sought to expand Netbird, legitimate remote access to Vireguard’s based on the victim’s computer,” Trellix Srini Setopathy – Note In the analysis. Activities, first discovered by cybersecurity company in mid -May 2025, was not related to a well -known actor or threat group. The starting point of the attack…
The new flaws of Linux allow password theft through the main landfills in Ubuntu, Rhel, Fedora
May 31, 2025Red LakshmananVulnerability / linux Two disadvantages of information about disclosure were discovered contribution and Systemd-Coredump. The main dump According to the threat study unit (TRU) in Ubuntu, Red Hat Enterprise Linux and Fedora. Tracked as Cve-2025-5054 and Cve-2025-4598Both vulnerabilities are errors that can allow a local attacker to access confidential information. Tools such as Caport and Systemd-Coredump designed to handle reporting and basic debris in Linux Systems. “These racing conditions allow the local attacker to use the Suid program and access read access to the received basic debris,” Said Abasi, the product manager in Quals Tru, – Note.…
May 31, 2025Red LakshmananMalicious software / cybercrime The multinational law enforcement operation led to the removal of the cybercrimination Internet, which offered the threatening subjects to ensure that their malicious software went unnoticed from security software. For this purpose, the US Department of Justice (DOJ) stated that four domains were confiscated, and the related server facilitated the Cross service on May 27, 2025 in partnership with the Dutch and Finnish authorities. These include Avcheck (.) Net, Cryptor (.) Biz and Crypt (.) Guru, all of them now reflect the notification of the attack. Other countries involved in efforts are France,…
The new malicious program is distributed Clickfix Social Engineering tactics initiated by fake CAPTCHA check pages. “This company uses deceptive CAPTCHA check pages that cheat on users in the implementation of the malicious scenario – Note In the analysis. Attack networks begin with threats that harm legal sites with malicious Clickfix. This provides the instructions of the potential victim to open the Windows launch dialog, insert the already copied command into the “check box” (ie launch dialog) and press ENTER. This effectively causes the PowerShell command, which leads to a useful load in the next step from the external server…
Dipping out of the Mosh security pit When Jason Elrod, CISO from the Cartorary Health System, describes outdated IT health care, he does not expose the words: “Health loves to go back to the future. And here’s how we got here because there are many things we could prepare for this because we were so focused on where we were.” This chaotic approach characterized her healthcare for decades. In a sector where life depends on the technologies operating flawlessly 24/7/365, security groups traditionally function as goalkeepers – “Department NO” – focused on protection through innovation and medical care. But since…
May 30, 2025Red LakshmananVulnerability / intelligence threats The Chinese threatening actor, which is behind the recent exploitation of the SAP Netweaver’s critical lack of security, was associated with a broader set of attacks aimed at organizing in Brazil, India and Southeast Asia since 2023. “Acting threats are mainly oriented – Note In an analysis published this week. “The actor will also take advantage of various well -known vulnerabilities for the exploitation of the servers facing the public.” Some of the other known goals of the competition team include Indonesia, Malaysia, Philippines, Thailand and Vietnam. Cybersecurity Company monitors activity under nickname…