Author: Admin
03 June 2025Red LakshmananIntelligence threatens / cyber -defeat Microsoft and Crowdstrike have announced that they are united to align their individual taxonomy of the actors threatening by publishing a new cartographic actor of a joint threat. “Having reflected where our knowledge of these actors is aligned, we will provide security specialists to connect and make decisions with greater confidence faster,” – Vas Jacob, Vice President of Microsoft Security, Vice President – Note. The initiative is considered as a way to unleash the nicknames that private suppliers of cybersecurity are prescribed by various hacking groups that are widely classified as a…
Google Chrome to not check the two certificates about fulfilling issues and conduct problems
03 June 2025Red LakshmananWeb -Security / Digital Identity Google has shown that it would no longer trust the digital certificate issued by Chungwa Telecom and NetLock, citing “the behaviors observed in the last year”. Expected that changes will be made to Chrome 139, which is planned For public release in early August 2025. The current main version is 137. The update will affect server authentication certificates (TLS) issued by two certification bodies (CAS) after July 31, 2025, 11:59:59 PM UTC. Certificates issued before this date will not affect. Chungwa Telecom is the largest in Taiwan integrated telecommunications service provider, and…
The new chrome zero day is actively exploited; Google releases the patch on an emergency accident
03 June 2025Red LakshmananThe security / vulnerability of the browser On Monday, Google released fixes outside the range to address three security issues in his Chrome browser, including the one that, he said, was actively operating in the wild. The lack of high speed is tracked as Cve-2025-5419And it was labeled both outside the reading and recording vulnerability in the V8 JavaScript and Webassembly engine. “Read and write on the V8 on Google Chrome to 137.0.7151.68 allowed a remote attacker to potentially use corruption piles through the created HTML page,” – said description Errors in the National Vulnerability Base Nist…
Earn applications on Ulefone’s phones, Krüger & Matz allow any device to reset, steal the pin
02 June 2025Red LakshmananMobile security / vulnerability There were three security vulnerabilities disclosed In pre -downloaded Android apps on smartphones with Ulefone and Krüger & Matz, which could include any app installed on the plant reset and encrypt the application. A brief description of three disadvantages – this is the following – Cve-2024-13915 (CVSS rating: 6.9) – Pre -installed application “Com.Pri.factorytest” to the Ulefone and Krüger & Matz service, exposes “com.factorytest.emmc.factoryrevice”, which allows any installed application to perform the enchanting device. Cve-2014-13916 (CVSS assessment: 6.9)–on-installed “Com.pri.Applock” app on Kruger & Matz smartphones allows the user to encrypt any app using…
Cybersecurity researchers have discovered a new crypto company, which is aimed at publicly available web -servers Devops, such as those associated with Docker, Gitea and Hashicorp Consul and Nomad to identify cryptocurrencies illegally. Cloud Security Chard Wiz, which tracks activity called Jinx-0132He said the attackers use a wide range of well -known mistakes and vulnerabilities to ensure a useful miner load. “In particular, this company means that we consider the first publicly instance of erroneous conditions – Note In a report that shared with Hacker News. The following are these attacks that the bad actors load the necessary tools directly…
02 June 2025Red LakshmananSpy software / vulnerability Qualcomm has sent security updates to address three zero day vulnerabilities, which, he said, were used in limited and focused attacks in the wild. The following are the deficiencies that were responsible for the Google Android Security Security, given below – the given – Cve-2025-21479 and Cve-2025-21480 (CVSS assessment: 8.6) – Two incorrect authorization vulnerabilities in the graphic components that can lead to corruption memory from the nsa Cve-2025-27038 (CVSS assessment: 7.5)-Upline in a graphical component that does not use that can lead to corruption memory while simultaneously providing graphs using GPU Adreno…
Fake Recruit Electronic Letters, Target Directors using legal Netbird tools in 6 global regions
Cybersecurity researchers have warned about a new phishing campaign that uses a legal remote access tool called Netbird to orientation on the main financial directors (financial directors) and financial executives in banks, energy companies, insurers and investment firms across Europe. “In that, it seems, a multi -stage phishing operation, the attackers sought to expand Netbird, legitimate remote access to Vireguard’s based on the victim’s computer,” Trellix Srini Setopathy – Note In the analysis. Activities, first discovered by cybersecurity company in mid -May 2025, was not related to a well -known actor or threat group. The starting point of the attack…
The new flaws of Linux allow password theft through the main landfills in Ubuntu, Rhel, Fedora
May 31, 2025Red LakshmananVulnerability / linux Two disadvantages of information about disclosure were discovered contribution and Systemd-Coredump. The main dump According to the threat study unit (TRU) in Ubuntu, Red Hat Enterprise Linux and Fedora. Tracked as Cve-2025-5054 and Cve-2025-4598Both vulnerabilities are errors that can allow a local attacker to access confidential information. Tools such as Caport and Systemd-Coredump designed to handle reporting and basic debris in Linux Systems. “These racing conditions allow the local attacker to use the Suid program and access read access to the received basic debris,” Said Abasi, the product manager in Quals Tru, – Note.…
May 31, 2025Red LakshmananMalicious software / cybercrime The multinational law enforcement operation led to the removal of the cybercrimination Internet, which offered the threatening subjects to ensure that their malicious software went unnoticed from security software. For this purpose, the US Department of Justice (DOJ) stated that four domains were confiscated, and the related server facilitated the Cross service on May 27, 2025 in partnership with the Dutch and Finnish authorities. These include Avcheck (.) Net, Cryptor (.) Biz and Crypt (.) Guru, all of them now reflect the notification of the attack. Other countries involved in efforts are France,…
The new malicious program is distributed Clickfix Social Engineering tactics initiated by fake CAPTCHA check pages. “This company uses deceptive CAPTCHA check pages that cheat on users in the implementation of the malicious scenario – Note In the analysis. Attack networks begin with threats that harm legal sites with malicious Clickfix. This provides the instructions of the potential victim to open the Windows launch dialog, insert the already copied command into the “check box” (ie launch dialog) and press ENTER. This effectively causes the PowerShell command, which leads to a useful load in the next step from the external server…