Aggregator

Submit #628445 / VDB-320522

Submit #628437 / VDB-320521

A sophisticated threat campaign dubbed “Solana-Scan” has emerged, deploying malicious npm packages aimed at infiltrating the Solana cryptocurrency ecosystem. Identified by the Safety research team through advanced malicious package detection technology, this operation involves a threat actor operating under the handle “cryptohan” and associated with the email [email protected]. The actor has published packages masquerading as […]

The post Malicious npm Packages Target Crypto Developers to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz Life in July. [...]

作者：Yuhan Zhi,Longtian Wang,Xiaofei Xie,Chao Shen,Qiang Hu,Xiaohong Guan 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2508.05681v1 摘要 主动学习（AL）作为一种代表性的标签高效学习范式，已在资源受限场景中得到广泛应用。AL的成功归功于获取函数，这些函数旨在识别出最...

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Trend Micro Apex One flaw, tracked as CVE-2025-54948, to its Known Exploited Vulnerabilities (KEV) catalog. Early this month, Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025-54948 and […]

Маск хотел сделать умного ассистента, а получил чат-бота, заражённого безумием 4chan.

Разведка поддоменов теперь занимает минуты вместо часов.

A vulnerability, which was classified as critical, has been found in Taxi Booking Manager for Woocommerce Plugin up to 1.3.0 on WordPress. This issue affects some unknown processing. This manipulation causes missing authorization. This vulnerability is registered as CVE-2025-8898. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in User Profile Builder Plugin up to 3.14.3 on WordPress. It has been classified as problematic. This affects the function gdpr_communication_preferences of the component GDPR Communication Preferences Module. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-8896. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Advanced iFrame Plugin up to 2025.6 on WordPress. It has been declared as problematic. This impacts an unknown function. The manipulation of the argument additional results in cross site scripting. This vulnerability is known as CVE-2025-8089. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as critical, was found in Drag and Drop Multiple File Upload for Contact Form 7 Plugin up to 1.3.9.0 on WordPress. Impacted is an unknown function of the component Cookie Handler. Such manipulation of the argument wpcf7_guest_user_id leads to path traversal. This vulnerability is documented as CVE-2025-8464. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in BetterDocs Plugin up to 4.1.1 on WordPress and classified as problematic. The affected element is the function get_response. Performing manipulation results in missing authorization. This vulnerability is reported as CVE-2025-7499. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Translate This gTranslate Shortcode Plugin up to 1.0 on WordPress and classified as problematic. The impacted element is an unknown function of the component Shortcode Handler. Executing manipulation of the argument base_lang can lead to cross site scripting. This vulnerability appears as CVE-2025-8719. The attack may be performed from a remote location. There is no available exploit.

A vulnerability was found in Portabilis i-Educar 2.9.0/2.10.0. It has been classified as problematic. This vulnerability affects unknown code of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo/novo_descricao leads to cross site scripting. This vulnerability is traded as CVE-2025-7867. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

漏洞简介Sudo 1.9.14+ 版本存在漏洞：它在切换环境（chroot）后过早解析路径，导致攻击者能通过伪造/etc/nsswitch.conf等文件，诱骗Sudo加载恶意库（如libnss_xxx.so）。无需特殊权限即可获得root权限，危害极大。（核心：路径解析顺序错误 + 恶意库劫持 = 直接提权）漏洞描述该漏洞的严重性被评为“重要”，因为攻击者必须能够访问系统上的有效帐户，并且即使帐

JetBrains 发布了第八次年度 Python 开发者调查报告。调查由 JetBrains 和 Python 软件基金会合作完成。结果显示，86% 的受访者表示 Python 是他们的主要语言，用于写程序、构建应用和创建 API 等；50% 受访者只有不到两年的专业编程经验，39% 的受访者只有不到两年的 Python 经验；83% 的 Python 开发者使用旧版本（v 3.12 或以下版本），主要理由是当前使用版本已能满足所有需求，报告指出从 Python 3.11 升级到 Python 3.13 能将代码速度提高 11% 内存占用减少 10-15%；51% 的受访者将 Python 用于数据探索和处理，最常用的工具是 Pandas 和 NumPy。

京东卡上线通知KB拓展新姿势TIME 2025.08.20 10:00各位白帽子请注意！

CISA has issued a critical warning regarding a high-severity OS command injection vulnerability in Trend Micro Apex One Management Console that threat actors are actively exploiting in the wild.  The vulnerability, tracked as CVE-2025-54948 and classified under CWE-78, poses significant risks to organizations running on-premise installations of the enterprise security platform. Key Takeaways1. CISA confirms […]

The post CISA Warns of Trend Micro Apex One OS Command Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.