Aggregator

cervantes: open-source collaborative platform for pentesters or red teams

Penetration Testing Tools - Metepreter.org
1 week 4 days ago

Cervantes is an open-source, collaborative platform designed specifically for pentesters and red teams. It serves as a comprehensive management tool, streamlining the organization of projects, clients, vulnerabilities, and reports in a single, centralized location....

The post cervantes: open-source collaborative platform for pentesters or red teams appeared first on Penetration Testing Tools.

ddos

Arizona Woman Sentenced for Aiding North Korean IT Workers in Cyber Operations

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 week 4 days ago

Christina Marie Chapman, a 50-year-old Arizona woman, has been sentenced to 102 months in prison for her role in an elaborate fraud scheme that helped North Korean IT workers pose as U.S. citizens to obtain remote positions at over 300 American companies. The scheme generated more than $17 million in illicit revenue for both Chapman […]

The post Arizona Woman Sentenced for Aiding North Korean IT Workers in Cyber Operations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kaaviya

CVE-2025-8220 | Engeman Web up to 12.0.0.1 Password Recovery Page /Login/RecoveryPass LanguageCombobox sql injection (EUVD-2025-22808)

VulDB Recent Entries
1 week 4 days ago
A vulnerability classified as critical has been found in Engeman Web up to 12.0.0.1. Affected is an unknown function of the file /Login/RecoveryPass of the component Password Recovery Page. The manipulation of the argument LanguageCombobox leads to sql injection. This vulnerability is traded as CVE-2025-8220. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-8219 | Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7 HTTP POST Request tabdetail_moduleSave_dxkp.php getvaluestring sql injection (EUVD-2025-22807)

VulDB Recent Entries
1 week 4 days ago
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknown processing of the file /crm/crmapi/erp/tabdetail_moduleSave_dxkp.php of the component HTTP POST Request Handler. The manipulation of the argument getvaluestring leads to sql injection. The identification of this vulnerability is CVE-2025-8219. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+. We strongly advise all customers to upgrade to the current version (v8.6.5.2), which includes this fix and additional security enhancements."
vuldb.com

Lynx

Dark Feed IO
1 week 4 days ago

You must login to view this content

cohenido

Microsoft Probes Leak in Early Alert System as Chinese Hackers Exploit SharePoint Vulnerabilities

Cyber Security News
1 week 4 days ago

Microsoft Corp. is investigating whether a leak from its Microsoft Active Protections Program (MAPP) enabled Chinese state-sponsored hackers to exploit critical SharePoint vulnerabilities before patches were fully deployed. The investigation comes as cyber espionage attacks have compromised more than 400 organizations worldwide, including the U.S. National Nuclear Security Administration. The timing of the attacks has […]

The post Microsoft Probes Leak in Early Alert System as Chinese Hackers Exploit SharePoint Vulnerabilities appeared first on Cyber Security News.

Guru Baran

CVE-2025-2777

CVE Trends
1 week 4 days ago
Currently trending CVE - Hype Score: 3 - SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.

Managed ad