Author: Admin
January 31, 2025Red LakshmananVulnerability / data safety Broadcom has liberated Security updates to pay five security deficiencies that affect VMware ARIA operations and ARIA operations, alerting customers that attackers can use them to receive increased access or receiving secret information. The list of identified deficiencies affecting versions 8.x software below – Cve-2025-2218 (CVSS Assessment: 8.5) – Actor’s Surface ONLY ONLY ONLY ORDERS CAN READ ACCOUNTS VMWAR Cve-2025-2219 (CVSS assessment: 6.8)-Conducted actor with non-administrative privileges, perhaps be able to make a malicious scenario that can lead to arbitrary operations as an administrator using the script scenario (XSS) Cve-2025-22220 (CVSS assessment: 4.3)…
More than 57 different threats associated with China, Iran, North Korea and Russia were observed using artificial intelligence technology (AI), which works on Google to even more malicious cyber -information operations. “The actors threatening experiment with Gemini to provide their activity by finding performance but not yet developing new opportunities,” Google Intelligence Group (Gtig) Google Intelligence (Gtig) – Note In a new report. “Currently, they primarily use AI for research, troubleshooting, and creating and localization of contents.” The attackers supported by the government, otherwise known as advanced sustainable threats (APT) sought to use their tools to strengthen several stages of…
January 30, 2025Red LakshmananVulnerability / cloud security Cybersecurity researchers revealed a critical security lack of Lightning AI Studio The development platform that, if successfully used, can allow the removed code to execute. Vulnerability that evaluates CVSS’s mark in 9.4 – Note In a report that shared with Hacker News. “This level of access can be hypothetically used for a number of malicious activities, including the extraction of sensitive keys from the target accounts,” said Sasi Levi researchers, Alon Tron and Gal Moyal. The problem is laid into a piece of JavaScript code, which can facilitate unobstructed access to the victim…
January 30, 2025Red LakshmananInternet Magiration / Cybercrime International law enforcement operation has dismantled domains related to various internet platforms related to cybercrime, such as crack, noise, Sellix and Starkrdp. These efforts are aimed at the following domains – www.curacked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.io Visitors to these sites now meet a banner of a seizure, which states that they were confiscated as part of the operating talents in which the authorities from Australia, France, Greece, Italy, Romania, Spain and the USA, as well as Europol. “This web -resite, as well as information about customers and victims of the web -sa, was…
January 30, 2025Red LakshmananPrivacy of artificial intelligence / data Startup artificial artificial intelligence of Chinese artificial intelligence (AI) DepthWhich in recent days has had a meteorite growth in popularity, left one of its databases that could allow malicious actors to access sensitive data. The Clickhouse Database “Allow Database Controls, including the ability to access internal data,” Wiz Security Gal Nagli researcher – Note. The exposition also includes more than a million lines of magazine streams containing chat history, secret keys, details and other very sensitive information, such as API secrets and operating metadata. Since then, Deepseek has connected the security…
SOC analyst’s work has never been easy. Faced with the predominant flood of daily alerts, analysts (and sometimes IT, which will double as a second), should try to overcome thousands of safety announcements – often false positives – only to detect a handful of real threats. This tireless, 24/7 work leads to fatigue prevention, desensitization and increased risk of critical security incidents. Studies show that 70% SOC analysts feel serious stress, and 65% believe left work for a year. This makes the main task for security teams, especially in light Existing lack of qualified security analysts. On the operational side,…
January 30, 2025Red LakshmananVulnerability / security IoT A Mirai botnet the option that is named Aquatato An active attempt to use medium -speed security deficiency has been noted that Mitel’s phones to go into the network capable of installing common service refusal attacks (DDOS). Vulnerability in question Cve-2024-41710 (CVSS assessment: 6.8), the case of team introduction during the download process, which can allow malicious actors to perform arbitrary commands in the context of the phone. This affects the Mitel 6800 series, the 6900 series, the 6900 W SIP series and the Mitel 6970 conference. It was address In mid -July…
January 30, 2025Red LakshmananWeb -safety / vulnerability In the PHP packet with open source were open three disadvantages Voyager This can be used by an attacker to achieve the remote code in one click in the affected specimens. “If an authentified Voyager user clicks on a malicious link, attackers can execute an arbitrary code on the server,” – Researcher Sonar Yaniv Nizry – Note in a record published earlier this week. Defined issues that remain unauthorized to date, despite the responsible disclosure of September 11, 2024, shown below – below – CVE-2024-55417-CONTACT FILE VILY IN “/Administrator/Mass Media”/Download “final point CVE-2024-55416-adjusted…
January 29, 2025Red LakshmananIntelligence threats / malicious software North Korean actor threats known as Group Lazarus The use of the “Internet administrative platform” was noted to control the infrastructure of the teams and control (C2), giving the enemy the possibility of centralized control over all aspects of their companies. “Each C2 server conducted a web administrative platform built with the React and API Node.js,” the Securityscard’s Strikes said in the new team report Share with Hacker News. “This administrative layer was consistent for all analyzed C2 servers, even when the attackers changed their useful loads and methods of aggravation for…
January 29, 2025Red LakshmananVulnerability / intelligence threats Within the framework of the open source network monitoring, the CACTI malfunction and malfunction management was disclosed by a critical lack of safety, which can allow the assailant check to achieve remote code in sensitive instances. The disadvantage, which is tracked as the CVE-2025-22604, carries the CVSS 9.1 with a maximum of 10.0. “Due to the lack of many SNMP analysis, authentified users can enter the wrong OID in return,”-supports the project – Note In an advisory issue released this week. “When processing ss_net_snmp_disk_io () or ss_net_snmp_disk_bytes () part of each OID will…