Aggregator

Microsoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities. [...]

The KNP breach shows how one weak password led to the collapse of a 158-year-old company, and why SaaS security is essential to every organization.

The post KNP Breach: What Went Wrong with Identity and SaaS Controls appeared first on Security Boulevard.

A CISA official said they’re looking at the potential impact and what to do about Chinese hackers penetrating U.S. critical infrastructure.

The post Feds still trying to crack Volt Typhoon hackers’ intentions, goals appeared first on CyberScoop.

A vulnerability, which was classified as problematic, has been found in Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI Plugin up to 26.1.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-7725. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in IDonate Plugin up to 2.0.0/2.1.9 on WordPress. This vulnerability affects the function admin_donor_profile_view. The manipulation of the argument donor leads to missing authorization. This vulnerability was named CVE-2025-4523. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Stratum Plugin up to 1.6.0 on WordPress. This affects an unknown part of the component Google Maps Widget/Image Hotspot Widgets. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-7845. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in CloudClassroom-PHP-Project 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component postquerypublic. The manipulation of the argument email leads to cross site scripting. This vulnerability is known as CVE-2025-50866. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in BerqWP Plugin up to 2.2.42 on WordPress. It has been rated as critical. Affected by this issue is the function store_javascript_cache of the file store_javascript_cache.php. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-7443. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in CS Cart 4.18.3. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-50847. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in CS Cart 4.18.3 and classified as problematic. This issue affects some unknown processing of the component File Upload. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-50848. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Sielox AnyWare 2.1.2 and classified as critical. This vulnerability affects unknown code of the component Password Reset Handler. The manipulation of the argument email address leads to sql injection. This vulnerability was named CVE-2024-34327. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in ExaGrid EX10 up to 7.0.1.P08. This affects an unknown part of the component API. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-29556. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in CloudClassroom-PHP-Project 1.0/2.php. Affected by this issue is some unknown functionality of the file takeassessment2.php of the component POST Parameter Handler. The manipulation of the argument Q5 leads to sql injection. This vulnerability is handled as CVE-2025-50867. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in CS Cart 4.18.3. Affected by this vulnerability is an unknown functionality of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2025-50850. The attack can be launched remotely. There is no exploit available.

The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow. "ApolloShadow has the capability to install a trusted root certificate to

Компьютеры будущего больше не испугаются атомного шума.

作者基于个人需求开发了基于 Rust 和 TUI 的 SSH 管理工具 MSSH，支持直观界面、配置管理、快速连接、端口转发等功能，并提供跨平台安装指南及命令行操作说明。

To reposition cybersecurity as a strategic, business-critical investment, CFOs and CISOs play a critical role in articulating the significant ROI that robust security measures can deliver.

netspionage: Network Forensics CLI utility that performs Network Scanning, OSINT, and Attack Detection