Aggregator

The Netherlands' National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach "critical organizations" in the country. [...]

A vulnerability classified as critical was found in Apache HTTP Server up to 2.4.52. This vulnerability affects unknown code of the component Request Body Handler. The manipulation leads to integer overflow. This vulnerability was named CVE-2022-22721. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apache HTTP Server up to 2.4.52. This issue affects some unknown processing of the component Request Body Handler. The manipulation leads to improper initialization. The identification of this vulnerability is CVE-2022-22719. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple macOS up to 12.3. This vulnerability affects unknown code of the component Apache. The manipulation leads to improper initialization. This vulnerability was named CVE-2022-22719. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache HTTP Server up to 2.4.46 and classified as critical. This vulnerability affects unknown code of the component mod_auth_digest. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2020-35452. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache HTTP Server up to 2.4.46. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component mod_session. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2021-26690. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Outlook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper input validation. This vulnerability was named CVE-2025-47171. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

DataDome’s server-side behavioral detection blocked over 214 million malicious requests from a single IP targeting a global travel platform without downtime or disruption.

The post How DataDome Blocked 214M+ Malicious Requests With Server-Side Behavioral Detection appeared first on Security Boulevard.

Name: WHY2025 CTF (an WHY2025 CTF event.)
Date: Aug. 8, 2025, 4 p.m. — 11 Aug. 2025, 16:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.why2025.org/
Rating weight: 0.00
Event organizers: Eindbazen

Creator/Author/Presenter: Vlad Iliushin

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Netsec Is Dead(?): Modern Network Fingerprinting For Real-World Defense appeared first on Security Boulevard.

A vulnerability was found in Microsoft Windows up to Server 2003. It has been rated as critical. Affected by this issue is some unknown functionality of the component Authenticode. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2003-0660. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

REvil affiliate Yaroslav Vasinskyi, who was convicted last year for his role in the 2021 Kaseya ransomware supply chain attack, said the Russian government was instrumental to the attack's execution.

A vulnerability was found in code-projects eBlog Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-8859. The attack can be launched remotely. Furthermore, there is an exploit available.

Corelight's James Pope gives Dark Reading an inside look at this year's Black Hat Network Operations Center, detailing security challenges and rising trends — many related to increased AI use.

Threat actors have begun a geographically focused campaign against Israeli infrastructure and corporate entities in a sophisticated cyber incursion discovered by Fortinet’s FortiGuard Labs. Delivered exclusively through Windows systems via PowerShell scripts, the attack chain enables remote access, facilitating data exfiltration, persistent surveillance, and lateral movement within compromised networks. Classified as high severity, this operation […]

The post Hackers Exploit ClickFix Technique to Compromise Windows and Run PowerShell Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Китай бросает в бой Unitree, США отвечают железным нокаутом от Booster T1.

Three Ghanaian men face charges in the U.S. related to a multimillion-dollar operation that defrauded individuals online and ran business email compromise scams.

A vulnerability was found in GPAC up to 2.3.x. It has been classified as problematic. This affects an unknown part. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2023-1654. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Omnissa Workspace ONE UEM. This issue affects some unknown processing of the component API Endpoint. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-25231. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Elementor Plugin up to 3.30.2 on WordPress. This vulnerability affects the function Import_Images::import. The manipulation leads to path traversal. This vulnerability was named CVE-2025-8081. The attack can be initiated remotely. There is no exploit available.