Aggregator

A vulnerability described as problematic has been identified in HCL Connections 8.0. This affects an unknown part. The manipulation leads to insufficient granularity of access control. This vulnerability is uniquely identified as CVE-2025-31961. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in HCL Connections Docs 2.0.2. Affected by this issue is some unknown functionality. The manipulation leads to asymmetric resource consumption. This vulnerability is handled as CVE-2025-31987. The attack may be launched remotely. There is no exploit available.

A vulnerability labeled as critical has been found in Lotus Cars App 1.2.8 on Android. Affected by this vulnerability is an unknown functionality of the component com.lotus.carsdomestic.intl. The manipulation leads to improper authentication. This vulnerability is known as CVE-2025-50861. The attack needs to be approached locally. There is no exploit available.

A vulnerability identified as problematic has been detected in Lotus Cars App 1.2.8 on Android. Affected is an unknown function of the component com.lotus.carsdomestic.intl. The manipulation leads to storage of sensitive data in a mechanism without access control. This vulnerability is traded as CVE-2025-50862. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability categorized as problematic has been discovered in OURPHP up to 8.6.1. This issue affects some unknown processing of the component My User Center Page. The manipulation of the argument Name leads to cross site scripting. The identification of this vulnerability is CVE-2025-51965. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in IBM DB2 and DB2 Connect Server up to 10.5.0.11/11.1.4.7/11.5.9/12.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Query Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-51473. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The Trustwave SpiderLabs research team has documented a fresh wave of EncryptHub attacks, in which the human element and the exploitation of a Microsoft Management Console (MMC) vulnerability converge into a single, cohesive campaign....

The post A New Wave of EncryptHub Attacks: How a Microsoft Vulnerability and Social Engineering Collide appeared first on Penetration Testing Tools.

A newly discovered attack on the HTTP/2 protocol, dubbed MadeYouReset, has been unveiled by researchers from Tel Aviv University and disclosed following coordinated reporting through Akamai’s bug bounty program. Although Akamai’s own HTTP/2 implementation...

The post “MadeYouReset”: A New HTTP/2 DDoS Attack Bypasses Rapid Reset Defenses appeared first on Penetration Testing Tools.

The Muddled Libra network—also known as Scattered Spider or Octo Tempest—lacks the rigid hierarchy and centralized control typical of many cybercriminal organizations. Instead, it resembles a loosely connected community of individual threat actors, bound...

The post Muddled Libra: The Evolving Cybercrime Collective That is a “Fool’s Errand” to Predict appeared first on Penetration Testing Tools.

Researchers from University College London and the University of the Mediterranean in Reggio Calabria, Italy, have conducted the first large-scale investigation into privacy practices among generative AI assistants for web browsers, revealing that even...

The post AI Browser Assistants Secretly Harvest Your Data, Study Finds appeared first on Penetration Testing Tools.

1.Qilin勒索团伙公布了新的受害者 2.Play勒索团伙公布新的受害公司 3.Dire Wolf勒索团伙公布新的受害公司

Israel’s military intelligence unit, Unit 8200—specializing in cyber-espionage and electronic surveillance—has been using Microsoft’s cloud servers to store a vast archive of data on residents of Gaza and the West Bank. This trove, leveraged...

The post Microsoft Azure Used to Store Vast Trove of Palestinian Surveillance Data, Investigation Reveals appeared first on Penetration Testing Tools.

Google has announced that the protected KVM (pKVM) hypervisor, used within the Android Virtualization Framework, has become the world’s first software component for mass-market consumer electronics to achieve the SESIP Level 5 security certification....

The post Google’s Android Hypervisor Achieves Highest Security Certification for Consumer Electronics appeared first on Penetration Testing Tools.

Компьютер слышит мозг напрямую — и начинает говорить вместо человека.

The latest Netskope findings show a 50% increase in GenAI platform usage among enterprise end-users, driven by growing employee demand for tools to develop custom AI applications and agents. Top LLM interfaces by percentage in organizations (source: Netskope) Despite an ongoing shift toward safe enablement of SaaS GenAI apps and AI agents, the growth of shadow AI, unsanctioned AI applications in use by employees, continues to compound potential security risks, with over 50% of all … More →

The post Employees race to build custom AI apps despite security risks appeared first on Help Net Security.

Microsoft has alerted Windows 11 users to a new false notification that appears after installing the July 2025 preview update and subsequent 24H2 releases. The issue is linked to the CertificateServicesClient (CertEnroll) component and...

The post Microsoft Confirms Harmless Bug in Windows 11 Update That Generates Misleading Error Logs appeared first on Penetration Testing Tools.

Microsoft has released a new video interview with Pavan Davuluri, head of Windows, in which he outlined the company’s vision for the platform’s evolution and the transformative role artificial intelligence will play. When asked...

The post Ambient and Multi-modal”: Windows Head Outlines a Radical AI-Powered Future for the OS appeared first on Penetration Testing Tools.

Fortinet has disclosed a critical vulnerability in its FortiSIEM system, already accompanied by a working exploit circulating publicly. The flaw enables a remote, unauthenticated attacker to execute arbitrary commands on the targeted system, making...

The post Critical FortiSIEM Flaw: Fortinet Urges Immediate Patching as Public Exploit Circulates appeared first on Penetration Testing Tools.

随手记录，毫无意义

The Matrix Foundation, the organization behind the eponymous federated communication protocol, has announced the release of an unscheduled update addressing two high-severity vulnerabilities which, if successfully exploited, could have had critical consequences. According to...

The post High-Severity Flaws Found in Matrix Protocol, Posing Risk to Government Communications appeared first on Penetration Testing Tools.