Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Flowable’s Summer 2025 Update Introduces Groundbreaking Agentic AI Capabilities

Flowable’s 2025.1 update brings powerful Agentic AI features to automate workflows, boost efficiency, and scale intelligent business operations.

HackRead
Open in Source
#ios#git#intel#aws#ssl
Microsoft Reveals Chinese State Hackers Exploiting SharePoint Flaws

Microsoft reveals Chinese state-backed hacker groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, are exploiting SharePoint flaws, breaching over 100 organisations. Discover threat actors, their tactics and Microsoft's urgent security guidance.

Startup takes personal data stolen by malware and sells it on to other companies

A tech startup is using personal data stolen by infostealer malware that it has found on the dark web, and then selling access to that data.

New Report Reveals Just 10% of Employees Drive 73% of Cyber Risk

Austin, United States / TX, 22nd July 2025, CyberNewsWire

GHSA-49xw-hw94-fmv2: Dolibarr has Remote Code Execution Vulnerability (Bypass)

# Summary The Dolibarr backend provides the function of adding Menu, and supports setting permissions for the added Menu: ![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228164114688.png) This is the trigger point of the vulnerability. The submitted permission can be php code, and it will be executed when viewing the created Menu: - htdocs/admin/menus/edit.php ![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228164445656.png) As you can see, in edit.php, if the created menu is set to `$menu->perms`, the `dol_eval()` method will be called. Following the `dol_eval()` method, we can see that it will filter the dangerous php functions in `$menu->perms` through the blacklist set in `$forbiddenphpfunctions`: ![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228164725548.png) However, the blacklist here is not comprehensive. For example, the `include_once` and `require_once` functions can easily pass the bla...

Why You Should Use Geolocation in Your React App’s Authentication Process

Improve security in your React app with geolocation-based authentication, adding a strong layer beyond passwords to prevent unauthorised access.

Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents

Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX. Mobile security vendor Lookout said it discovered four samples of a surveillanceware tool it tracks

GameForge AI Hackathon 2025: Building the Bridge Between Natural Language and Game Creation

A 72-hour sprint that produced working solutions for one of game development's hardest problems: making it accessible to non-programmers.

Chinese Groups Launder $580M in India Using Fake Apps and Mule Accounts

CloudSEK’s new report uncovers how Chinese cyber syndicates are laundering over $600 million annually in India. Learn about…

China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as Meiya Pico. It specializes in the