Plex has notified some of its users on Thursday to urgently update their media servers due to a recently patched security vulnerability. The company has yet to assign a CVE-ID to track the flaw and didn’t provide additional details regarding the patch, only saying that it impacts Plex Media Server versions 1.41.7.x to 1.42.0.x. Yesterday, … Ler mais
Cisco has disclosed a critical vulnerability in its Secure Firewall Management Center (FMC) Software. The remote code execution (RCE) flaw, CVE-2025-20265, has a maximum CVSS severity score of 10.0. Customers have been urged to apply software updates as soon as possible to avoid potential compromise. The vulnerability is contained in the RADIUS system implementation of … Ler mais
Porn sites are hiding code in .svg files: Unpacking the attack took work because much of the JavaScript in the .svg images was heavily obscured using a custom version of “JSFuck,” a technique that uses only a handful of character types to encode JavaScript into a camouflaged wall of text. Once decoded, the script causes … Ler mais
As AI-generated code becomes more mainstream, a new study by Checkmarx reveals that 81% of organizations knowingly ship vulnerable code. According to a study of 1500 CISOs, AppSec managers and developers, half of respondents already use AI security code assistances and 34% admitted that more than 60% of their code is AI generated. This is … Ler mais
Authorized push payment (APP) fraud has grown at such scale and sophistication in the UK that it should be considered a national security risk, according to a new Royal United Services Institute (RUSI) report. This threat has been partly driven by the growth of smaller payment service providers (PSPs) in the UK’s financial system. These … Ler mais
Oracle has released VirtualBox 7.2.0, a major update that significantly expands ARM virtualization capabilities and introduces comprehensive Windows 11/ARM support. Released on August 14, 2025, this update represents a substantial leap forward in cross-platform virtualization technology, addressing long-standing limitations and introducing experimental features that could reshape how users approach virtual machine deployment across different architectures. … Ler mais
A newly disclosed vulnerability in Palo Alto Networks’ GlobalProtect application could allow attackers to escalate privileges and install malicious software on affected systems through improper certificate validation. The security flaw, tracked as CVE-2025-2183, was published on August 13, 2025, and affects multiple versions of the popular VPN client across Windows and Linux platforms. Critical Security … Ler mais
Intezer’s Research Team has uncovered a new, low-detection variant of the FireWood backdoor, a sophisticated Linux-based remote access trojan (RAT) initially discovered by ESET researchers. Linked to the “Project Wood” malware lineage dating back to 2005, FireWood is associated with espionage campaigns like Operation TooHash and shows low-confidence ties to the China-aligned Gelsemium APT group, … Ler mais
The U.S. Department of the Treasury has announced sanctions against Grinex, the successor to Russian cryptocurrency exchange Garantex, which was previously sanctioned for helping ransomware gangs launder their money. A TRM Labs report, released in April, revealed that Grinex has strong ties to Garantex’s previous operations,but stopped short of providing evidence that it was being … Ler mais
A significant security breach has exposed the complete source code of ERMAC V3.0, a sophisticated banking trojan that targets over 700 financial applications worldwide. The leak, discovered by cybersecurity firm Hunt.io in March 2024, was made possible by a surprisingly weak default password: “changemeplease.” The discovery occurred when Hunt.io researchers identified an open directory containing … Ler mais
