Aggregator

A vulnerability, which was classified as problematic, was found in DEK-1705 up to 34.23.1. The affected element is an unknown function. Such manipulation leads to command injection. This vulnerability is listed as CVE-2023-23149. The attack must be carried out from within the local network. There is no available exploit.

[Darknetlive Archive] UK Woman Attempted to Hire a Hitman on the Dark Web

你平时防手机麦克风窃听，是不是从没在意过手里的鼠标？最近看到个研究才惊到 —— 现在那些性能好点的鼠标，居然能被改成 “窃听器”，你说的话可能全被记下来了。

LinkedIn has filed a lawsuit against Delaware company ProAPIs Inc. and its founder and CTO, Rehmat Alam, for allegedly scraping legitimate data through more than a million fake accounts. [...]

A vulnerability categorized as critical has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid results in sql injection. This vulnerability is identified as CVE-2025-11334. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. It has been rated as problematic. This impacts an unknown function of the file /customer_add_action.php of the component Add Customer Page. The manipulation of the argument First Name leads to cross site scripting. This vulnerability is referenced as CVE-2025-11333. Remote exploitation of the attack is possible. Furthermore, an exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

A vulnerability described as problematic has been identified in SICK Enterprise Analytics. This impacts an unknown function of the component API Endpoint. Such manipulation leads to allocation of resources. This vulnerability is listed as CVE-2025-58578. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in SICK Enterprise Analytics. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation leads to improper output neutralization for logs. This vulnerability is documented as CVE-2025-58580. The attack can be initiated remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, was found in SICK Enterprise Analytics. This affects an unknown part. The manipulation results in information exposure through error message. This vulnerability is reported as CVE-2025-58581. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in SICK Enterprise Analytics and classified as problematic. This vulnerability affects unknown code of the component POST Request Handler. This manipulation causes allocation of resources. This vulnerability appears as CVE-2025-58582. The attack may be initiated remotely. There is no available exploit.

A threat actor has claimed responsibility for a significant data breach at Huawei Technologies, a multinational technology corporation based in China. The actor is reportedly attempting to sell what they allege is the company’s internal source code and development tools on a dark web forum. The post, which appeared in early October 2025, asserts that […]

The post Threat Actors Claim Breach Of Huawei Technologies Source Code and Internal Tools appeared first on Cyber Security News.

Jamie Levy, director of adversary tactics at Huntress, highlights a rare and revealing incident: a cybercriminal downloaded Huntress’ software, inadvertently giving defenders a front-row seat into how attackers are experimenting with artificial intelligence. For years, the industry has speculated that threat actors were using AI—but speculation is not proof. This time, there was evidence. By..

The post Inside the Hacker’s Playbook—Adversarial AI Up Close appeared first on Security Boulevard.

Kecy Metal Technologies Falls Victim to Qilin Ransomware

Прощай, iOS, здравствуй, свобода.

Alleged Sale of Access to UU Slots Website

Alleged Data Leak of Gujarat Bank

H2O-3≤V3.46.0.8中ImportSQLTable因正则校验不严，导致JDBC URL绕过引发反序列化漏洞。

A misconfigured database belonging to a pet insurance company, "Rainwalk Pet Insurance," exposed sensitive PII and veterinary claim data. The data exposure reveals new fraud tactics, including microchip and reimbursement scams.

钓鱼样本分析、免杀思路分享