Aggregator

A vulnerability categorized as critical has been discovered in Apache HTTP Server up to 2.0.46. This affects an unknown function of the component IPv6 FTP Proxy. The manipulation results in infinite loop. This vulnerability is reported as CVE-2003-0254. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

Currently trending CVE - Hype Score: 2 - Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger ...

Currently trending CVE - Hype Score: 43 - In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any other string that evaluates to 0.0 (such as the 0e0 string). This occurs in admin/plib/LoginManager.php.

Kidney dialysis firm DaVita confirms ransomware breach exposed personal and health data of nearly 2.7M individuals. Kidney dialysis firm DaVita disclosed a data breach after a ransomware attack, the incident exposed personal and health information of nearly 2.7 million individuals. The number of impacted individuals reported by the Department of Health’s Office for Civil Rights […]

A significant data exposure has revealed hundreds of thousands of private user conversations with Elon Musk’s AI chatbot, Grok, in public search engine results. The incident, stemming from the platform’s “share” feature, has made sensitive user data freely accessible online, seemingly without the knowledge or explicit consent of the users involved. The exposure was discovered […]

The post Hundreds of Thousands of Users’ Grok Chats Exposed in Google Search Results appeared first on Cyber Security News.

Власти жалуются на рост мошенничества.

Name: Sawah Cyber Security CTF 2025 (an Sawah Cyber Security CTF event.)
Date: Aug. 23, 2025, 5 a.m. — 23 Aug. 2025, 09:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Indonesia, Bali
Offical URL: https://ctf.sawahcyber.id/
Rating weight: 0
Event organizers: Sawah Cyber Security

Name: KubanCTF Qualifier 2025 (an HackerLab event.)
Date: Aug. 23, 2025, 7 a.m. — 23 Aug. 2025, 17:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://kubanctf2025.ru/
Rating weight: 0.00
Event organizers: Codeby Games

Microsoft is investigating a significant service incident within Exchange Online, identified as EX1137017, which is preventing some users from sending or receiving emails through the Outlook mobile application. The issue, which remains ongoing, specifically impacts customers utilizing Hybrid Modern Authentication (HMA), a common configuration for organizations that integrate on-premises Exchange servers with Exchange Online. The […]

The post Microsoft 365 Exchange Online Outage Blocks Email on Outlook Mobile App appeared first on Cyber Security News.

Решена главная проблема масштабирования квантовых машин.

A network monitoring tool is software or hardware that helps businesses monitor their computer networks and learn more about their security, health, and performance. These tools record and examine network traffic, monitor network hardware, and give users immediate access to information on bandwidth usage, latency, packet loss, and other crucial network parameters. Network monitoring tools […]

The post 20 Best Network Monitoring Tools in 2025 appeared first on Cyber Security News.

The digital landscape in 2025 is more complex than ever, with organizations relying on intricate hybrid, cloud, and on-premises networks to power their operations. Network monitoring tools have become indispensable for IT teams to maintain network health, security, and performance. These solutions provide real-time visibility into network devices, traffic, and applications, helping administrators proactively identify […]

The post 10 Best Network Monitoring Tools in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Термоядерные реакторы больше не будут плавить себя изнутри — найдено элегантное решение.

检测微服务应用中的污点风格漏洞 by ourren

更多最新文章，请访问SecWiki

A vulnerability labeled as critical has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. This vulnerability is handled as CVE-2025-9394. It is possible to launch the attack on the local host. Additionally, an exploit exists. A patch should be applied to remediate this issue.

Submit #632365 / VDB-321227

Submit #632364 / VDB-321227

A vulnerability identified as critical has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase results in stack-based buffer overflow. This vulnerability is known as CVE-2025-9393. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-9392. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #631538 / VDB-321226