Aggregator

A vulnerability has been found in PDF-XChange Editor 10.5.2.395 and classified as critical. Affected by this vulnerability is an unknown functionality of the component U3D File Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-6642. The attack can be launched remotely. There is no exploit available.

Threat actors have learned an old business trick: find what works, and repeat it. Across countless cyberattacks, Bitdefender has observed adversaries consistently applying the same steps—the same techniques, the same security bypass patterns—across different targets. What’s effective in one environment is often just as effective in another, and attackers know it. This isn’t a coincidence. Once an attacker figures out how to evade a specific endpoint protection solution, they replicate the environment in a lab … More →

The post Breaking the cycle of attack playbook reuse appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in PDF-XChange Editor 10.5.2.395. Affected is an unknown function of the component U3D File Parser. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-6641. It is possible to launch the attack remotely. There is no exploit available.

Axiad launched Axiad Confirm, a new, automated identity verification solution. Axiad Confirm, integrated within the Axiad Conductor credential management system (CMS), ensures secure identity verification before issuing robust credentials like smart cards or FIDO passkeys—and anytime when trust must be reaffirmed. By automating trusted identity throughout the entire credential lifecycle, Axiad empowers enterprises to enhance the user experience, prevent credential misuse, mitigate insider threats and maintain regulatory compliance. “Many of today’s traditional authentication solutions do … More →

The post Axiad Confirm validates users before issuing certificates appeared first on Help Net Security.

A vulnerability, which was classified as critical, has been found in Autel MaxiCharger AC Wallbox Commercial 1.36.00. This issue affects some unknown processing. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2025-6678. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in FasterXML jackson-core up to 2.14.x. This vulnerability affects unknown code. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-52999. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in PDF-XChange Editor 10.5.2.395. This affects an unknown part of the component U3D File Parser. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-6646. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PDF-XChange Editor 10.5.2.395. It has been rated as critical. Affected by this issue is some unknown functionality of the component U3D File Parser. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-6645. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in PDF-XChange Editor 10.5.2.395. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component U3D File Parser. The manipulation leads to use after free. This vulnerability is known as CVE-2025-6644. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in PDF-XChange Editor 10.5.2.395. It has been classified as critical. Affected is an unknown function of the component U3D File Parser. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-6640. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Adobe Commerce up to 2.4.4-p13/ 2.4.5-p12/ 2.4.6-p10/ 2.4.7-p5/2.4.8 and classified as problematic. This issue affects some unknown processing of the component Security Feature. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2025-49550. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Commerce up to 2.4.4-p13/ 2.4.5-p12/ 2.4.6-p10/ 2.4.7-p5/2.4.8 and classified as problematic. This vulnerability affects unknown code of the component Security Feature. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-49549. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

PNG第三版规范发布，新增APNG动态图、HDR图像支持及Exif元数据功能。APNG可替代GIF动态图；HDR扩展颜色范围；Exif存储版权、相机型号等信息。

A vulnerability, which was classified as problematic, was found in OpenBao up to 2.2.x. This affects the function disable_unauthed_rekey_endpoints of the component Setting Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-52894. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in IBM WebSphere Application Server 8.5/9.0. Affected by this issue is some unknown functionality of the component Sequence Handler. The manipulation leads to deserialization. This vulnerability is handled as CVE-2025-36038. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

D3CTF 2025 d3kshrm题解

Embed Security unveiled its agentic security platform that autonomously triages and investigates alerts, empowering detection and response teams to focus on what matters most. “Over the last 90 days of using Embed, we’ve saved approximately 155 analyst hours per month. This has enabled our team to tackle more pressing issues, rather than chasing false positives,” said both R. Allen Darrah, Chief Information Officer and Wai Sheng Cheng, Information Security & Risk Manager, of Spencer Fane. … More →

The post Embed’s agentic security platform triages and investigates security alerts appeared first on Help Net Security.

Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts of running these tasks on Kubernetes and gives a consistent way to manage different applications at scale. Kanister is composed of three main components: the Controller and two Custom Resources – ActionSets and Blueprints. Kanister features Built for Kubernetes: Kanister uses Kubernetes Custom Resource Definitions (CRDs), … More →

The post Kanister: Open-source data protection workflow management tool appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Natnael Samson (@NattiSamson)' was reported to the affected vendor on: 2025-06-26, 53 days ago. The vendor is given until 2025-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Natnael Samson (@NattiSamson)' was reported to the affected vendor on: 2025-06-26, 53 days ago. The vendor is given until 2025-10-24 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.