Aggregator

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. This vulnerability was named CVE-2025-8752. The attack can be initiated remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A vulnerability was found in VMware ESXi, Workstation, Fusion and Cloud Foundation. It has been declared as problematic. This vulnerability affects unknown code of the component GuestInfo. The manipulation leads to denial of service. This vulnerability was named CVE-2020-3999. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This vulnerability affects unknown code of the file /WEAS_HomePage/GetAreaTrendChartData of the component Environmental Real-Time Data Module. The manipulation of the argument energyId leads to sql injection. This vulnerability was named CVE-2025-8703. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEAS_AlarmResult/GetAlarmResultProcessList of the component Analysis Conclusion Query Module. The manipulation of the argument resultId leads to sql injection. The identification of this vulnerability is CVE-2025-8704. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetTargetConfig of the component Energy Overview Module. The manipulation of the argument BP_ProID leads to sql injection. This vulnerability is traded as CVE-2025-8705. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /CommonSolution/CreateFunctionLog of the component Energy Overview Module. The manipulation of the argument MM_MenID leads to sql injection. This vulnerability is known as CVE-2025-8706. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Huuge Box App 1.0.3 on Android. It has been classified as problematic. This affects an unknown part of the file AndroidManifest.xml of the component com.huuge.game.zjbox. The manipulation leads to improper export of android application components. This vulnerability is uniquely identified as CVE-2025-8707. Local access is required to approach this attack. Furthermore, there is an exploit available.

Submit #623679 / VDB-319246

A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. It has been classified as problematic. This affects an unknown part of the component Block Page. The manipulation of the argument Category leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8751. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

半年融资 3 个亿，前地平线、理想高管做了一只机器狗。

U.S. authorities have announced the successful dismantling of the BlackSuit ransomware operation, a notorious group linked to attacks on more than 450 organizations worldwide. The operation, led by Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI), involved seizing servers, domains, and digital assets used for deploying ransomware, extorting victims, and laundering illicit profits. BlackSuit, […]

The post US Confirms Shutdown of BlackSuit Ransomware That Hacked Over 450 Organizations appeared first on Cyber Security News.

A vulnerability was found in ggml-org llama.cpp. It has been declared as critical. This vulnerability affects the function gguf_init_from_file_impl of the file ggml/src/gguf.cpp. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-53630. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Submit #623677 / VDB-319245

Радио с шифром — а враг уже в эфире.

The threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over $1 million in cryptocurrency from victims. This coordinated assault, uncovered by Koi Security researchers, leverages a staggering 650 hacking tools comprising 150 weaponized Firefox extensions and nearly 500 malicious Windows executables demonstrating […]

The post Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from Victims appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new, coordinated cybercrime campaign called "GreedyBear" has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security.

A vulnerability was found in Mobile Industrial Robots MiR Robots and MiR Fleet up to 2.x and classified as critical. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-8748. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Cisco Talos’ Vulnerability Discovery & Research team has disclosed a total of 12 critical security vulnerabilities across three popular software platforms, highlighting significant security risks that could potentially impact millions of users worldwide. The disclosure includes seven vulnerabilities in WWBN AVideo, four in MedDream PACS Premium, and one in Eclipse ThreadX FileX, all of which […]

The post Multiple Security Vulnerabilities Found in WWBN AVideo, MedDream, and Eclipse ThreadX appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in macrozheng mall up to 1.0.3 and classified as problematic. Affected by this vulnerability is the function Upload of the file /minio/upload of the component Add Product Page. The manipulation of the argument File leads to cross site scripting. This vulnerability is known as CVE-2025-8750. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

In recent months, security researchers have uncovered a novel attack vector targeting Python package installers through ambiguities in the ZIP archive format. By exploiting discrepancies between local file headers and the central directory, malicious actors can craft seemingly benign wheel distributions that, when unpacked by vulnerable installers, silently smuggle unauthorized files into the target environment. […]

The post PyPI Released Advisory to Prevent ZIP Parser Confusion Attacks on Python Package Installers appeared first on Cyber Security News.