Aggregator

A vulnerability, which was classified as critical, was found in Dreame Dreamehome App and MOVAhome App. This affects an unknown part. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2025-8393. It is possible to initiate the attack remotely. There is no exploit available.

SentinelOne's AI-powered FORGE evolves detection rules to stop modern cyber threats with speed, precision, and minimal false positives.

A vulnerability, which was classified as problematic, has been found in EG4 12kPV, 18kPV, Flex 21, Flex 18, 6000XP, 12000XP and GridBoss. Affected by this issue is some unknown functionality of the component PIN Handler. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is handled as CVE-2025-46414. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in EG4 12kPV, 18kPV, Flex 21, Flex 18, 6000XP, 12000XP and GridBoss. Affected by this vulnerability is an unknown functionality of the component Product Registration Endpoint. The manipulation leads to information exposure through discrepancy. This vulnerability is known as CVE-2025-47872. The attack can be launched remotely. There is no exploit available.

In an era where data is the lifeblood of every enterprise, safeguarding the core of your digital operations—the data center—is absolutely non-negotiable. With cyber threats evolving, regulations tightening, and infrastructure growing more complex, data center security is the pillar of business continuity, trust, and reputation. At Seceon, we understand this better than anyone, which is

The post Data Center Security appeared first on Seceon Inc.

The post Data Center Security appeared first on Security Boulevard.

A vulnerability classified as critical has been found in EG4 12kPV, 18kPV, Flex 21, Flex 18, 6000XP, 12000XP and GridBoss. Affected is an unknown function of the component Firmware Update Handler. The manipulation leads to download of code without integrity check. This vulnerability is traded as CVE-2025-53520. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in EG4 12kPV, 18kPV, Flex 21, Flex 18, 6000XP, 12000XP and GridBoss. It has been rated as problematic. This issue affects some unknown processing of the component MOD3 Command Handler. The manipulation leads to cleartext transmission of sensitive information. The identification of this vulnerability is CVE-2025-52586. The attack may be initiated remotely. There is no exploit available.

A software developer discovered a way to abuse an undocumented protocol in Amazon's Elastic Container Service to escalate privileges, cross boundaries, and gain access to other cloud resources.

A vulnerability was found in Google Go up to 1.23.11/1.24.5. It has been declared as problematic. This vulnerability affects the function LookPath of the component os-exec. The manipulation of the argument PATH leads to an unknown weakness. This vulnerability was named CVE-2025-47906. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GStreamer up to 1.26.1. It has been classified as problematic. This affects the function tmplayer_parse_line of the component Subtitle File Parser. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-47808. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in GStreamer up to 1.26.1 and classified as problematic. Affected by this issue is the function subrip_unescape_formatting of the component Subtitle File Parser. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-47807. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in GStreamer up to 1.26.1 and classified as critical. Affected by this vulnerability is the function parse_subrip_time. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-47806. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in GStreamer up to 1.26.1. Affected is the function qtdemux_parse_tree of the component MP4 File Parser. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-47183. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in GStreamer up to 1.26.1. This issue affects the function qtdemux_parse_trak of the component MP4 File Parser. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-47219. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in BMC Control-M 9.0.21.300. This vulnerability affects unknown code of the file DBUStatus.exe. The manipulation of the argument username/password/database hostname/port leads to sensitive information in log files. This vulnerability was named CVE-2025-48709. The attack needs to be approached within the local network. There is no exploit available.

Meet Max and Kasey, two interns at Kasada who tackled real-world challenges from two very different angles—machine learning and sales operations—and came away with sharper skills, meaningful impact, and a clear sense of where they’re headed next.

The post Inside Kasada: An Intern’s Dive into Bots, Data, and Company Culture appeared first on Security Boulevard.

Two malicious npm packages have emerged as sophisticated weapons targeting WhatsApp developers through a remote-controlled destruction mechanism that can completely wipe development systems. The packages, identified as naya-flore and nvlore-hsc, masquerade as legitimate WhatsApp socket libraries while harboring a devastating kill switch capable of executing system-wide file deletion through a single command. Published by npm […]

The post WhatsApp Developers Under Attack From Weaponized npm Packages with Remote Kill Switch appeared first on Cyber Security News.

Currently trending CVE - Hype Score: 1 - Claude Code is an agentic coding tool. In versions below 0.2.111, a path validation flaw using prefix matching instead of canonical path comparison, makes it possible to bypass directory restrictions and access files outside the CWD. Successful exploitation depends on the ...

CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday morning at 9:00 AM ET. [...]

The NSA’s CAPT program, launched in 2024 with Horizon3.ai, now benefits 1000 of the 300,000 US Defense Industrial Base companies