Aggregator

A vulnerability classified as problematic has been found in Essential Addons for Elementor Plugin up to 6.2.2 on WordPress. This affects an unknown part. The manipulation of the argument data-gallery-items leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8451. It is possible to initiate the attack remotely. There is no exploit available.

Разработчики получили 30 дней на подготовку документов — или их приложения исчезнут из магазина навсегда.

A vulnerability classified as critical has been found in Cisco Firepower 4100, Firepower 9300 and UCS. This affects an unknown part of the component CLI. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2023-20015. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Quttera Web Malware Scanner Plugin up to 3.5.1.41 on WordPress. This vulnerability affects the function RunExternalScan. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2025-8013. The attack can be initiated remotely. There is no exploit available.

Blue Locker ransomware hits Pakistan’s oil & gas sector, severely impacting Pakistan Petroleum; NCERT warns ministries of severe ongoing risk. This week Pakistan’s National Cyber Emergency Response Team (NCERT – National CERT – Pakistan) has issued an advisory to 39 key ministries and institutions and warned them of a “severe risk” posed by the ongoing […]

A vulnerability classified as critical was found in Cisco Nexus 9300-FX3. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability was named CVE-2023-20012. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

安全合规公司 Secureframe 的最新研究指出，2025 年最严重的五大新兴网络威胁，重点集中在对包括医疗、基础设施以及中小企业等关键行业的风险。

Organizations of all sizes face an unrelenting barrage of sophisticated cyber threats, from highly evolved ransomware strains and stealthy advanced persistent threats (APTs) to cunning social engineering campaigns—challenges that increasingly drive the adoption of MDR Services to enhance detection and response capabilities. The sheer volume and complexity of security alerts, coupled with a severe global […]

The post 10 Best Managed Detection And Response (MDR) Companies in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Critical security flaw CVE-2025-20217 allows unauthenticated attackers to trigger denial-of-service conditions in Cisco’s widely deployed firewall systems Cisco has disclosed a high-severity vulnerability in its Secure Firewall Threat Defense (FTD) Software that could allow remote attackers to cause denial-of-service conditions through the Snort 3 Detection Engine. The vulnerability, tracked as CVE-2025-20217 with a CVSS score […]

The post Cisco Secure Firewall Snort 3 Detection Engine Vulnerability Enables DoS Attacks appeared first on Cyber Security News.

The goal of deception technology, which uses some of the best deception tools, is to trick attackers by dispersing a variety of traps and dummy assets throughout a system’s infrastructure to mimic real assets. There is always a possibility that cybercriminals will breach your network, regardless of how effective your perimeter defenses.  You’ll lure them […]

The post 10 Best Deception Tools in 2025 appeared first on Cyber Security News.

От поддельных приложений до подельников у банкомата — хитроумные схемы удивляют даже исследователей.

根据发表在 PNAS 期刊上的一项研究，马里兰大学医学院研究人员利用来自 Paraburkholderia xenovorans 细菌的天然蛋白 RcoM，该蛋白能感知环境中的微量一氧化碳，研究人员在 RcoM 基础上设计出名为 RcoM-HBD-CCC 的分子海绵，能选择性的与有毒一氧化碳分子结合，忽略氧气 (O2)和调控血压的一氧化氮 (NO)。对小鼠研究显示，RcoM-HBD-CCC 能在几分钟内清除血液中的一氧化碳，通过尿液安全排出体外。这种解毒剂就像海绵一样寻找并吸收附在红细胞上的一氧化碳。在小鼠体内，血液中半数的一氧化碳在不到一分钟内就清除掉了，释放出细胞上的血红蛋白，使其能再次携带氧气。其它现有的基于蛋白质的解毒剂无法选择性靶向一氧化碳分子，也会结合一氧化氮，会引起血压变化。

A vulnerability classified as problematic was found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-9003. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The identification of this vulnerability is CVE-2025-9004. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. This vulnerability is traded as CVE-2025-9005. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Tenda CH22 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2025-9006. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda CH22 1.0.0.1 and classified as critical. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2025-9007. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation of the argument Name leads to sql injection. This vulnerability is traded as CVE-2025-9009. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking_report.php. The manipulation of the argument from_date leads to sql injection. This vulnerability is known as CVE-2025-9010. The attack can be launched remotely. Furthermore, there is an exploit available.

A zero-day vulnerability in WinRAR allows malware to be deployed on unsuspecting users’ systems, highlighting the ongoing threats to popular software. Tracked as CVE-2025-8088, this path traversal flaw affects the Windows version of the widely used file archiving tool, enabling attackers to execute arbitrary code through specially crafted archives. The vulnerability, discovered in mid-July 2025, […]

The post CVE-2025-8088 – WinRAR 0-Day Path Traversal Vulnerability Exploited to Execute Malware appeared first on Cyber Security News.