Aggregator

A vulnerability classified as problematic was found in Cisco Common Services Platform Collector Software 2.11/2.11.0.1/2.11.0.2/2.11.0.3/30.1.1-0. Affected by this vulnerability is an unknown functionality of the component Interface. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-20166. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Common Services Platform Collector Software 2.11/2.11.0.1/2.11.0.2/2.11.0.3. It has been declared as problematic. This vulnerability affects unknown code of the component Interface. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-20167. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Common Services Platform Collector Software 2.11/2.11.0.1/2.11.0.2/2.11.0.3. It has been rated as problematic. This issue affects some unknown processing of the component Interface. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-20168. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Cisco Crosswork Network Change Automation. Affected is an unknown function of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-20123. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Cisco ClamAV 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component HTML Parser. The manipulation leads to undefined behavior for input to api. This vulnerability is known as CVE-2024-20380. The attack can be launched remotely. There is no exploit available.

Даже одно фишинговое письмо способно обрушить безопасность целой экосистемы.

French authorities announced the arrest in Ukraine of an alleged administrator of the long-running cybercrime forum XSS.is. A joint investigation conducted by French police, Ukrainian authorities, and Europol led to the arrest of the suspected administrator of the major Russian-speaking cybercrime forum xss.is. “The Paris prosecutor’s office announced on Wednesday, July 23, that an individual […]

As crawlers and bots bog down websites in the era of AI, some researchers say that the solution for the Internet's most vulnerable websites is already here.

A vulnerability was found in Cisco DNA Center. It has been classified as critical. Affected is an unknown function of the component Diagnostic Handler. The manipulation leads to incorrect privilege assignment. This vulnerability is traded as CVE-2021-1303. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Identity Services Engine. It has been declared as critical. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2021-1134. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Cisco DNA Center. Affected by this vulnerability is an unknown functionality of the component API Endpoint Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2021-34782. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

An investigation led by the French Police and Paris Prosecutor, in close cooperation with their Ukrainian counterparts and Europol, has resulted in the arrest of the suspected administrator of xss[.]is, one of the world’s most influential Russian-speaking cybercrime platforms. The forum, which had more than 50,000 registered users, served as a key marketplace for stolen […]

The post Key Administrator of World’s Most Popular XSS Dark Web Cybercrime Platform Arrested appeared first on Cyber Security News.

Proton has launched a new tool called Lumo, offering a privacy-first AI assistant that does not log user conversations and doesn't use their prompts for training. [...]

Amazzon Beee Buzzzz: It records everything you say (and what people around you say, too).

The post Amazon AI Privacy Panic — Bee Brings Bezos Panopticon appeared first on Security Boulevard.

It also builds on previous efforts to promote “secure by design” principles in AI systems and tools.

The post Trump AI plan pushes critical infrastructure to use AI for cyber defense appeared first on CyberScoop.

A fresh strain of the long-running macOS.ZuRu family has surfaced, hiding inside a doctored of the popular Termius SSH client and quietly turning developer workstations into remote footholds. First seen in late May 2025, the 248 MB rogue disk image looks and behaves like the genuine installer but stealthily inserts a 25 MB Mach-O binary […]

The post New ZuRu Malware Variant Weaponizes Termius SSH Client to Attack macOS Users appeared first on Cyber Security News.