Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Startup takes personal data stolen by malware and sells it on to other companies

A tech startup is using personal data stolen by infostealer malware that it has found on the dark web, and then selling access to that data.

Malwarebytes
Open in Source
#web#git#intel
New Report Reveals Just 10% of Employees Drive 73% of Cyber Risk

Austin, United States / TX, 22nd July 2025, CyberNewsWire

GHSA-49xw-hw94-fmv2: Dolibarr has Remote Code Execution Vulnerability (Bypass)

# Summary The Dolibarr backend provides the function of adding Menu, and supports setting permissions for the added Menu: ![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228164114688.png) This is the trigger point of the vulnerability. The submitted permission can be php code, and it will be executed when viewing the created Menu: - htdocs/admin/menus/edit.php ![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228164445656.png) As you can see, in edit.php, if the created menu is set to `$menu->perms`, the `dol_eval()` method will be called. Following the `dol_eval()` method, we can see that it will filter the dangerous php functions in `$menu->perms` through the blacklist set in `$forbiddenphpfunctions`: ![](https://raw.githubusercontent.com/wh0amitx/Misc/main/images/image-20240228164725548.png) However, the blacklist here is not comprehensive. For example, the `include_once` and `require_once` functions can easily pass the bla...

Why You Should Use Geolocation in Your React App’s Authentication Process

Improve security in your React app with geolocation-based authentication, adding a strong layer beyond passwords to prevent unauthorised access.

Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents

Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX. Mobile security vendor Lookout said it discovered four samples of a surveillanceware tool it tracks

GameForge AI Hackathon 2025: Building the Bridge Between Natural Language and Game Creation

A 72-hour sprint that produced working solutions for one of game development's hardest problems: making it accessible to non-programmers.

Chinese Groups Launder $580M in India Using Fake Apps and Mule Accounts

CloudSEK’s new report uncovers how Chinese cyber syndicates are laundering over $600 million annually in India. Learn about…

China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as Meiya Pico. It specializes in the

How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus.

Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai

Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald's was exposed after they guessed the password ("123456") for the fast food chain's account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 companies. Paradox.ai said the security oversight was an isolated incident that did not affect its other customers, but recent security breaches involving its employees in Vietnam tell a more nuanced story.