U.S. seizes $2.8 million in crypto from Zeppelin ransomware operator
The U.S. Department of Justice (DoJ) announced the seizure of over $2,800,000 in cryptocurrency from alleged ransomware operator Ianis Aleksandrovich Antropenko. [...]
Aggregator
Weekly Cybersecurity News Recap : Microsoft, Cisco, Fortinet Security Updates and Cyber Attacks
3 weeks 6 days ago
In the week of August 11-17, 2025, the cybersecurity landscape was marked by critical updates from major vendors and a surge in sophisticated threats, underscoring the ongoing battle against digital vulnerabilities. Microsoft rolled out its Patch Tuesday updates on August 12, addressing over 90 vulnerabilities, including several zero-day exploits in Windows and Office suites that […]
The post Weekly Cybersecurity News Recap : Microsoft, Cisco, Fortinet Security Updates and Cyber Attacks appeared first on Cyber Security News.
Guru Baran
Вы думали, что «горячий» кошелек — это удобно. А это самая большая уязвимость, через которую крадут миллионы.
3 weeks 6 days ago
Турецкие власти требуют объяснений, индустрия замерла в ожидании.
CVE-2025-9103 | ZenCart 2.1.0 CKEditor cross site scripting
3 weeks 6 days ago
A vulnerability was found in ZenCart 2.1.0. It has been declared as problematic. Impacted is an unknown function of the component CKEditor. The manipulation results in cross site scripting.
This vulnerability is cataloged as CVE-2025-9103. The attack may be launched remotely. Furthermore, there is an exploit available.
The real existence of this vulnerability is still doubted at the moment.
The vendor declares this as "intended behavior, allowed for authorized administrators".
vuldb.com
Anthropic: Claude can now end conversations to prevent harmful uses
3 weeks 6 days ago
OpenAI rival Anthropic says Claude has been updated with a rare new feature that allows the AI model to end conversations when it feels it poses harm or is being abused. [...]
Mayank Parmar
CVE-2025-9102 | 1&1 Mail & Media mail.com App 8.8.0 on Android com.mail.mobile.android.mail AndroidManifest.xml improper export of android application components (EUVD-2025-25112)
3 weeks 6 days ago
A vulnerability was found in 1&1 Mail & Media mail.com App 8.8.0 on Android. It has been classified as problematic. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components.
This vulnerability is listed as CVE-2025-9102. The attack must be carried out locally. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #628298: Zen Ventures, LLC Zen-Cart 2.1.0 Cross Site Scripting [Accepted]
3 weeks 6 days ago
Submit #628298 / VDB-320425
0xHamy
Submit #628264: 1&1 Mail & Media Inc mail.com(com.mail.mobile.android.mail) 8.8.0 Task Hijacking [Accepted]
3 weeks 6 days ago
Submit #628264 / VDB-320424
fxizenta
CVE-2025-9101 | zhenfeng13 My-Blog up to 1.0.0 Tag /admin/tags/save cross site scripting (Issue 147)
3 weeks 6 days ago
A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/tags/save of the component Tag Handler. Executing manipulation can lead to cross site scripting.
This vulnerability is tracked as CVE-2025-9101. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com
CVE-2025-9100 | zhenfeng13 My-Blog 1.0.0 Frontend Blog Article Comment /blog/comment authentication replay (Issue 149 / EUVD-2025-25111)
3 weeks 6 days ago
A vulnerability has been found in zhenfeng13 My-Blog 1.0.0 and classified as problematic. This affects an unknown part of the file /blog/comment of the component Frontend Blog Article Comment Handler. Performing manipulation results in authentication bypass by capture-replay.
This vulnerability is identified as CVE-2025-9100. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com
Submit #628095: ZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 Stored XSS [Accepted]
3 weeks 6 days ago
Submit #628095 / VDB-320423
ZAST.AI
Submit #628097: ZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 CAPTCHA reuse vulerability [Accepted]
3 weeks 6 days ago
Submit #628097 / VDB-320422
ZAST.AI
CVE-2025-9099 | Acrel Environmental Monitoring Cloud Platform up to 20250804 UploadNewsImg File unrestricted upload
3 weeks 6 days ago
A vulnerability, which was classified as critical, was found in Acrel Environmental Monitoring Cloud Platform up to 20250804. Affected by this issue is some unknown functionality of the file /NewsManage/UploadNewsImg. Such manipulation of the argument File leads to unrestricted upload.
This vulnerability is referenced as CVE-2025-9099. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #628096: ZHENFENG13 https://github.com/ZHENFENG13/My-Blog <=1.0.0 Stored XSS [Duplicate]
3 weeks 6 days ago
Submit #628096 / VDB-227812
ZAST.AI
Submit #628090: https://ems.acrel.cn/ Environmental Monitoring Cloud Platform 1 Unrestricted Upload [Accepted]
3 weeks 6 days ago
Submit #628090 / VDB-320421
CTFZone 2025 Quals
3 weeks 6 days ago
Name: CTFZone 2025 Quals (an CTFZone event.)
Date: Aug. 16, 2025, 10 a.m. — 17 Aug. 2025, 10:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://board.ctfz.zone/
Rating weight: 92.45
Event organizers: BIZone
Date: Aug. 16, 2025, 10 a.m. — 17 Aug. 2025, 10:00 UTC [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://board.ctfz.zone/
Rating weight: 92.45
Event organizers: BIZone
Elastic EDR 0-Day Flaw Lets Hackers Evade Detection, Run Malware, and Trigger BSOD
3 weeks 6 days ago
AshES Cybersecurity has disclosed a severe zero-day vulnerability in Elastic’s Endpoint Detection and Response (EDR) software that transforms the security tool into a weapon against the systems it’s designed to protect. The flaw, found in the Microsoft-signed kernel driver “elastic-endpoint-driver.sys,” enables attackers to bypass security measures, execute malicious code, and crash protected systems repeatedly. Despite […]
The post Elastic EDR 0-Day Flaw Lets Hackers Evade Detection, Run Malware, and Trigger BSOD appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Kaaviya
Data Breach Exposes Authentic Israel Travel Database on Darknet
3 weeks 6 days ago
You must login to view this content
cohenido
2025 年雨果奖宣布
3 weeks 6 days ago
在西雅图举办的第 83 届世界科幻大会宣布了 2025 年雨果奖获奖名单:
最佳长篇小说:Robert Jackson Bennett 的《The Tainted Cup》,《Shadow of the Leviathan》系列第一部,故事发生在一个被海墙环绕的帝国 Khanum,每逢雨季巨兽利维坦会出现,然后被击退,帝国公民需要时刻关注海墙的缺口,故事始于调查一起谋杀案;
最佳中长篇小说:Ray Nayle 的《The Tusks of Extinction》;
最佳中短篇小说:Naomi Kritzer 的《The Four Sisters Overlooking the Sea》;
最佳短篇小说:Nghi Vo 的《Stitched to Skin Like Family Is》:
最佳系列小说:Rebecca Roanhorse 的《Between Earth and Sky》系列;
最佳科幻电视剧:《星际迷航:下层舰员》第五季第 10 集《The New Next Generation》;
最佳电影:《沙丘:第二部》:
最佳游戏:《卡德洞窟(Caves of Qud)》(龙腾世纪4、塞尔达传说和 1000xRESIST 等入围)。
最佳中长篇小说:Ray Nayle 的《The Tusks of Extinction》;
最佳中短篇小说:Naomi Kritzer 的《The Four Sisters Overlooking the Sea》;
最佳短篇小说:Nghi Vo 的《Stitched to Skin Like Family Is》:
最佳系列小说:Rebecca Roanhorse 的《Between Earth and Sky》系列;
最佳科幻电视剧:《星际迷航:下层舰员》第五季第 10 集《The New Next Generation》;
最佳电影:《沙丘:第二部》:
最佳游戏:《卡德洞窟(Caves of Qud)》(龙腾世纪4、塞尔达传说和 1000xRESIST 等入围)。
CVE-2025-9098 | Elseplus File Recovery App 4.4.21 on Android AndroidManifest.xml improper export of android application components
3 weeks 6 days ago
A vulnerability, which was classified as problematic, has been found in Elseplus File Recovery App 4.4.21 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml. This manipulation causes improper export of android application components.
The identification of this vulnerability is CVE-2025-9098. The attack can only be executed locally. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com