Aggregator

A vulnerability was found in Adobe Experience Manager up to 6.5.23. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to xml external entity reference. This vulnerability was named CVE-2025-54254. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

You’re on a four-day clock. Following new SEC rules announced on July 26, 2023, U.S. public companies must disclose any cybersecurity incident they determine to be ‘material’ within four business days of that determination. For most companies, this requirement became effective on December 15, 2023. Meanwhile, the average global cost of a data breach jumped […]

The post The Network-Security Compliance Checklist: 25 Controls, Mapped And Audit-Ready appeared first on Cyber Security News.

A vulnerability was found in TwistedWeb 14.0.0. It has been classified as critical. This affects an unknown part. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-50688. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Impresa Eccobook up to 2.81.1 and classified as problematic. Affected by this issue is some unknown functionality of the component PdfHandler. The manipulation of the argument DocumentoId leads to improper control of resource identifiers. This vulnerability is handled as CVE-2025-51628. Access to the local network is required for this attack. There is no exploit available.

A vulnerability has been found in Roche Diagnostics Navify Monitoring up to 1.7.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-7674. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Jointelli 5G CPE 21H01 JY_21H01_A3_v1.36. Affected is an unknown function of the file /ubus/?flag=set_WPS_pin. The manipulation of the argument SSID/WPS/Traceroute/Ping leads to os command injection. This vulnerability is traded as CVE-2025-43978. The attack needs to be done within the local network. There is no exploit available.

A broad range of personal and health data was exposed in an April ransomware attack on dialysis provider DaVita, the company said in notices filed in several states.

A vulnerability, which was classified as problematic, has been found in PDF-XChange Editor 10.6.0.396. This issue affects some unknown processing of the component EMF File Parser. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-47152. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in PDF-XChange Editor 10.5.2.395. This vulnerability affects unknown code of the component EMF File Parser. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-27931. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as very critical has been found in FIRSTNUM JC21A-04 up to 2.01ME-FN. This affects an unknown part of the component SSH Service. The manipulation leads to use of default credentials. This vulnerability is uniquely identified as CVE-2025-43980. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in FIRSTNUM JC21A-04 up to 2.01ME-FN. It has been rated as critical. Affected by this issue is some unknown functionality of the file xml_action.cgi?method. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-43979. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in ICT Innovations ICTBroadcast up to 7.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Session Cookie Handler. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-2611. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Adobe Experience Manager up to 6.5.23. It has been classified as critical. Affected is an unknown function. The manipulation leads to configuration. This vulnerability is traded as CVE-2025-54253. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

SecurityScorecard and the Middle East Institute said in separate reports this week that Iranian hacker operations during the 12-day conflict exhibited clear strategic intent.

The post Iranian hackers were more coordinated, aligned during Israel conflict than it seemed appeared first on CyberScoop.

DC рвется в города. И инженеры только что открыли ему дверь без искр и дыма.

A critical vulnerability in Cursor IDE, the rapidly growing AI-powered development environment, enables persistent remote code execution through manipulation of the Model Context Protocol (MCP) system. The vulnerability, tracked as CVE-2025-54136 and dubbed “MCPoison,” exploits a trust validation flaw that allows attackers to execute arbitrary commands on developer machines without triggering security warnings. Cursor IDE […]

The post New MCPoison Attack Leverages Cursor IDE MCP Validation to Execute Arbitrary System Commands appeared first on Cyber Security News.

Cybersecurity firm CTM360 has uncovered an ongoing malicious operation dubbed “ClickTok,” specifically targeting TikTok Shop users worldwide through a dual-pronged strategy of phishing and malware deployment. This campaign leverages deceptive replicas of TikTok’s official in-app e-commerce platform, impersonating affiliates and legitimate interfaces to ensnare both end-users (buyers) and participants in the TikTok Shop Affiliate Program. […]

The post Over 10,000 Malicious TikTok Shop Domains Target Users with Malware and Credential Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

According to the research published Tuesday, it is possible for an attacker to break into the ControlVault chip used in many laptops owned by security professionals and modify the firmware inside.

SSL certificates are used everywhere from websites and APIs to mobile apps, internal tools and CI/CD pipelines. While most teams know they’re important, they often don’t manage them well. Certificates are usually forgotten until something breaks. If they expire, get misused, or aren’t monitored, they turn into easy targets for attackers. A small mistake in […]

The post How Certificate Mismanagement Opens The Door For Phishing And MITM Attacks appeared first on Cyber Security News.

Scilla: Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration