Aggregator

A vulnerability classified as critical was found in dj-extensions DJ-Flyer Component up to 3.2 on Joomla. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-50127. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Imprivata Enterprise Access Management up to 24.2. Affected is an unknown function of the component Login Screen. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2024-12310. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in SUSE openSUSE Tumbleweed 2.5.0-1.1. It has been rated as critical. This issue affects some unknown processing of the component Logrotate Configuration Handler. The manipulation leads to reliance on untrusted inputs in a security decision. The identification of this vulnerability is CVE-2025-53882. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM SmartCloud Analytics Log Analysis up to 1.3.8.2. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper validation of specified type of input. This vulnerability was named CVE-2024-40682. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM SmartCloud Analytics Log Analysis up to 1.3.8.2. It has been classified as critical. This affects an unknown part. The manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. This vulnerability is uniquely identified as CVE-2024-40686. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM SmartCloud Analytics Log Analysis up to 1.3.8.2 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to client-side enforcement of server-side security. This vulnerability is handled as CVE-2024-41751. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM SmartCloud Analytics Log Analysis up to 1.3.8.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to client-side enforcement of server-side security. This vulnerability is known as CVE-2024-41750. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A Silicon Valley engineer with dual U.S.-China citizenship pleaded guilty to stealing critical defense technologies worth hundreds of millions of dollars, including classified systems designed to detect nuclear missile launches and track hypersonic weapons. The case highlights growing concerns about economic espionage and technology transfer to foreign adversaries. Engineer Admits to Massive Data Theft Chenguang […]

The post Silicon Valley Engineer Pleads Guilty in U.S. Missile Detection Data Theft Case appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

npm has taken down all versions of the Stylus library and replaced them with a "security holding" page, breaking pipelines and builds worldwide that rely on the package. [...]

У нас гораздо больше общего, чем мы казалось…

PlexTrac launched enhanced Workflow Automation Engine, a major product update designed to standardize workflows across the vulnerability lifecycle, automate pentest findings delivery, accelerate time to remediation, and increase operational efficiency. By leveraging the unified security data already centralized in PlexTrac, the new automation capabilities drive consistent, end-to-end vulnerability lifecycle management. Organizations spend a lot of time writing pentest reports, only to deliver them as static PDFs. These reports aren’t immediately actionable and stakeholders must manually … More →

The post PlexTrac Workflow Automation Engine enhancements accelerate time to remediation appeared first on Help Net Security.

BforeAI today disclosed the discovery of a phishing campaign that is leveraging the same core infrastructure to spoof multiple domains.

The post BforeAI Identifies Phishing Campaign Using Same Infrastructure Across Multiple Domains appeared first on Security Boulevard.

Germany’s AMEOS Hospital Network has confirmed a sophisticated cyberattack that compromised its IT infrastructure, leading to unauthorized access and potential exposure of sensitive data. Despite robust defenses including multi-factor authentication, intrusion detection systems, and regular vulnerability assessments, attackers managed to infiltrate the network, resulting in a brief but impactful breach. Potential Ramifications The incident involved […]

The post Cyberattack on Germany’s AMEOS Hospital Network Exposes Patient Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Help desk workers from the IT services company Cognizant were directly responsible for an August 2023 cyberattack that disrupted operations at the Clorox Company, the cleaning products giant alleges in a lawsuit.

Several ransomware groups used highly targeted social engineering tactics to create a major impact across several industry sectors in Q2 2025. 

With an industry forward by GSMA Intelligence, “ The application of AI/ML to workflow automation for complex networks” offers communications service providers (CSPs) a window into turning operational data oceans into a competitive differentiator. Recognizing the massive increase in network complexity and growing...

A vulnerability was found in fdkaac. It has been classified as critical. Affected is the function wav_open of the file /src/wav_reader.c. The manipulation leads to incorrect comparison. This vulnerability is traded as CVE-2022-36148. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in fdkaac 1.0.3. This affects the function __interceptor_memcpy.part.46 of the file /sanitizer_common/sanitizer_common_interceptors.inc. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-37781. It is possible to initiate the attack remotely. There is no exploit available.