The Central Bank of Iran has acquired US dollar stablecoins worth at least half a billion dollars

Elliptic analysis reveals that the Central Bank of Iran has acquired at least $507 million in USDT, the US dollar-backed stablecoin. This was likely used to support the value of the Iranian rial, providing a viable alternative for market intervention given that sanctions prevent the regime from deploying its official foreign reserves.

Cisco Security Advisory: Cisco Unified Communications Products Remote Code Execution Vulnerability

A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.  This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

Яндекс

Найдётся всё

Inside a Malicious Push Network: What 57M Logs Taught Us

A DNS misconfiguration allowed us to become an “observer on the side” of a malicious push notification operation. Here’s what we learned.

Minister Jim O’Callaghan strengthens lawful interception powers

CVE-2026-0915: GNU C Library Fixes A Security Issue Present Since 1996

CVE-2026-0915 was published on Friday as a security issue with the GNU C Library 'glibc' for code introduced 30 years ago

Attention Required! | Cloudflare

Resecurity | PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion

Inside China’s Hosting Ecosystem: 18,000+ Malware C2 Servers Mapped Across Major ISPs

Discover how we mapped over 18,000 active malware C2 servers across Chinese ISPs and cloud providers using host-centric telemetry. See which providers are most frequently abused and what it means for global threat monitoring.

X Cancelled | Verifying your request

Vironvenäläiset vaikenivat, syynä näyttävät karkotukset – ”Narvasta tuli hiljentynyt kaupunki”

Viro karkottaa näyttävästi, Suomi vaikenee – näin naapurukset toimivat Venäjä-mielisiä vastaan.

CERT/CC Vulnerability Note VU#650657

A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications. The Livewire Filemanager tool allows for users to upload various files, including PHP files, and host them within the Laravel application. When a user uploads a PHP file to the application, it can be accessed and executed by visiting the web-accessible file hosting directory. This enables an attacker to create a malicious PHP file, upload it to the application, then force the application to execute it, enabling unauthenticated arbitrary code execution on the host device.

CrowdStrike defeats shareholder lawsuit over huge software outage

A federal judge dismissed a lawsuit by CrowdStrike shareholders who said the cybersecurity company defrauded them by concealing its inadequate ​software testing and quality assurance procedures, before a July 2024 outage crashed more ‌than 8 million Microsoft Windows-based computers worldwide. In a decision made public on Tuesday, U.S. District Judge Robert Pitman ‌in Austin, Texas said shareholders failed to plausibly allege that a large number of statements by CrowdStrike and top executives in regulatory filings, on earnings calls and on the company's website were materially false and misleading, or motivated by an intent to defraud. Led by New York State ⁠Comptroller Thomas DiNapoli, the shareholders ‌alleged that CrowdStrike had "no test plans and no quality assurance team," citing former employees, and that executives at the Austin-based company prioritized "speed over ‍everything else" to maximize profit.

Just a moment...

UNO reverse card: stealing cookies from cookie stealers

Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. In the case of StealC, the thin line between attacker and victim turned out to be...