Aggregator

CVE-2025-52997 | filebrowser up to 2.34.0 excessive authentication (GHSA-cm2r-rg7r-p7gg)

Vuldb Updates
1 month 2 weeks ago
A vulnerability classified as problematic has been found in filebrowser up to 2.34.0. This affects an unknown part. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is uniquely identified as CVE-2025-52997. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-49493 | Akamai CloudTest 58.30 xml external entity reference (EUVD-2025-19583)

Vuldb Updates
1 month 2 weeks ago
A vulnerability was found in Akamai CloudTest 58.30. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to xml external entity reference. This vulnerability is known as CVE-2025-49493. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-36593 | Dell OpenManage Network Integration up to 3.7 RADIUS Protocol authentication replay (dsa-2025-257 / EUVD-2025-19568)

Vuldb Updates
1 month 2 weeks ago
A vulnerability, which was classified as critical, has been found in Dell OpenManage Network Integration up to 3.7. Affected by this issue is some unknown functionality of the component RADIUS Protocol. The manipulation leads to authentication bypass by capture-replay. This vulnerability is handled as CVE-2025-36593. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-29850 | Veeam Backup & Replication 11.0.1.1261/11.0.1.1261 P20240304/12.0.0.1420 authentication replay

Vuldb Updates
1 month 2 weeks ago
A vulnerability, which was classified as critical, has been found in Veeam Backup & Replication 11.0.1.1261/11.0.1.1261 P20240304/12.0.0.1420. This issue affects some unknown processing. The manipulation leads to authentication bypass by capture-replay. The identification of this vulnerability is CVE-2024-29850. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 month 2 weeks ago

NSFOCUS Fuying Lab’s Global Threat Hunting System has discovered a new botnet family called “hpingbot” that has been quickly expanding since June 2025, marking a significant shift in the cybersecurity scene. This cross-platform botnet, built from scratch using the Go programming language, targets both Windows and Linux/IoT environments and supports multiple processor architectures including amd64, […]

The post New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CHAOS

Dark Feed IO
1 month 2 weeks ago

You must login to view this content

cohenido

CVE-2025-26634 | Microsoft Windows up to Server 2025 Core Messaging heap-based overflow

Vuldb Updates
1 month 2 weeks ago
A vulnerability has been found in Microsoft Windows and classified as critical. This vulnerability affects unknown code of the component Core Messaging. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-26634. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-21222 | Microsoft Windows up to Server 2025 Telephony Service heap-based overflow

Vuldb Updates
1 month 2 weeks ago
A vulnerability was found in Microsoft Windows. It has been classified as critical. Affected is an unknown function of the component Telephony Service. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-21222. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Big Tech’s Mixed Response to U.S. Treasury Sanctions

Krebs on Security
1 month 2 weeks ago
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But more than a month later, the accused continues to openly operate accounts at a slew of American tech companies, including Facebook, Github, LinkedIn, PayPal and Twitter/X.
BrianKrebs

Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild

Cyber Security News
1 month 2 weeks ago

Critical vulnerabilities in Apache Tomcat and Apache Camel are being actively exploited by cybercriminals worldwide, with security researchers documenting over 125,000 attack attempts across more than 70 countries since their disclosure in March 2025. The three vulnerabilities—CVE-2025-24813 affecting Apache Tomcat and CVE-2025-27636 and CVE-2025-29891 impacting Apache Camel—enable remote code execution and pose significant risks to […]

The post Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild appeared first on Cyber Security News.

Tushar Subhra Dutta

Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams

The Hackers News
1 month 2 weeks ago
A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the company's Satori Threat Intelligence and Research Team. The apps have
The Hacker News

Phishing Scammers Push for Callbacks in Latest Innovation

Ransomware DataBreachToday.com
1 month 2 weeks ago
Telephone-Oriented Attack Delivery Social Engineering Tactic Thrives
The phishing industry is a never ending font of innovation. Cyber fraudsters are determined to worm their way into your inbox. Recent attacks involve callback phishing, a social engineering tactic designed to break down victims' defenses by spurring them into calling the scammers themselves.

基因组测序揭示古埃及人祖先

Solidot
1 month 2 weeks ago
在一项研究中,科学家对埃及一座墓葬中的一名古埃及人进行了全基因组测序。测序对象为男性,其放射性碳测年为公元前 2855 年-公元前 2570 年左右。他被发现埋葬于古埃及 Nuwayrat 地区的一个密封陶罐中,说明他的社会地位较高,活到了他那个时代的高龄——44-64 岁之间。 在提取的 7 个DNA样本中,有两个保存足够完好,能用于测序,并与 3233 个现代个体和 805 个古代个体的数据库进行了对比分析。通过遗传模拟,该 Nuwayrat 遗体基因组的绝大部分可以追溯到北非新石器时代的祖先。该基因组约 20% 与东新月沃土人群有关,补充了这两个地区有贸易往来和相互影响的考古学证据。

Managed ad