Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. "Bearlyfy also known as...

EUVD-2024-46306

Malicious code in bioql PyPI...

AVEVA PI Web API

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disable content security policy protections. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

MicroDicom DICOM Viewer

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

Schneider Electric Modicon Controllers (Update A)

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. https://www.se.com/us/en/download/document/7EN52-0390/ Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install...

Elber Communications Equipment

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker unauthorized administrative access to the affected device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this these vulnerabilities, such as:...

Why Many New AI Tools Aren’t Available In Europe – And How To Access Them

Explore how AI tools like OpenAI’s Sora face restrictions in Europe due to GDPR, with insights on bypassing…...

Siemens Industrial Edge Management

SUMMARY Industrial Edge Management is affected by a reflected cross-site scripting XSS vulnerability that could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. Siemens recommends countermeasures for products where fixes are not, or not yet...

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...

LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions

U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise IoCs and tactics, techniques, and procedures TTPs associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service RaaS...

How much does access to corporate infrastructure cost?

Division of labor Money has been and remains the main motivator for cybercriminals. The most widespread techniques of monetizing cyberattacks include selling stolen databases, extortion using ransomware and carding. However, there is demand on the dark web not only for data obtained through an...

iBall-Baton WRA150N File Disclosure

Exploit Title: iBall-Baton WRA150N Rom-0 Backup - File Disclosure Sensitive Information Date: 07/01/2021 Exploit Author: h4cks1n Vendor Homepage: iball.co.in Version: iBall-Baton WRA150N Tested on : Windows 7/8/8.1/10, Parrot Linux OS The iBall-Baton router version WRA150N is vulnerable to the...

CVE-2020-1843

Huawei HEGE-560 version 1.0.1.20SP2, OSCA-550 version 1.0.0.71SP1, OSCA-550A version 1.0.0.71SP1, OSCA-550AX version 1.0.0.71SP2, and OSCA-550X version 1.0.0.71SP2 have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physica...

Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements (CVE-2019-4259)

Summary A security vulnerability has been identified in IBM Spectrum Scale with CES stack enabled that could allow sensitive data to be included with service snaps. This data could be sent to IBM during service engagements CVE-2019-4259 Vulnerability Details Deployments with protocol access metho...

[Full-Disclosure] Disclosure of local file content in Mozilla Firefox and Opera

Disclosure of local file content in Mozilla Firefox and Opera Note: I don't know if it could be considered really a security problem, anyway i'll try to explain my ideas. Sorry for my bad english. Author: Giovanni Delvecchio Applications affected: - Firefox 1.0 - Mozilla 1.7 - Opera 7.54 maybe al...

JSP pages source code access

There are multiple ways to get a source code of JSP pages...