Aggregator

Currently trending CVE - Hype Score: 25 - A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS ...

Currently trending CVE - Hype Score: 1 - A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory ...

Currently trending CVE - Hype Score: 1 - An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned ...

When the NICT CSRI analysis team presented their three-year investigation into the RapperBot virus at Botconf 1, an international conference on botnets and malware hosted in Angers, France in May 2025, they made a startling discovery. This Mirai variant has evolved into a sophisticated threat specifically targeting Digital Video Recorders (DVRs), devices connected to surveillance […]

The post RapperBot Targets DVRs to Hijack Surveillance Cameras and Record Video appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Citrix is recommending its customers upgrade their appliances to mitigate potential exploitation of the vulnerabilities.

Author/Presenter: Chris Beckman (Principal Security Engineer At Taxbit)

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: Applying The Hybrid Threat Modeling Method appeared first on Security Boulevard.

DUBAI, United Arab Emirates, 23rd June 2025, CyberNewsWire

DUBAI, United Arab Emirates, 23rd June 2025, CyberNewsWire

The post 1inch rolls out expanded bug bounties with rewards up to $500K appeared first on Security Boulevard.

Acronis Threat Research Unit (TRU) has discovered a startling development: a malicious campaign called “Shadow Vector” is actively targeting Colombian users using malicious Scalable Vector Graphics (SVG) files, a novel attack vector. Disguised as urgent court notifications, these SVG files are embedded in spear-phishing emails that impersonate trusted national institutions, exploiting public trust to trick […]

The post Shadow Vector Malware Uses SVG Images to Deliver AsyncRAT and RemcosRAT Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

График, способный изменить фундаментальную физику, наконец дал сбой.

After President's Trump decision to enter the US into the conflict in the Middle East, the Department of Homeland Security expects there to be an uptick in Iranian hacktivists and state-sponsored actors targeting US systems.

Результаты уже сравнимы с коммерческими модулями Зеебека.

A vulnerability, which was classified as critical, has been found in OrangeHRM 3.3.3. This issue affects some unknown processing of the file admin/viewProjects. The manipulation of the argument sortOrder leads to sql injection. The identification of this vulnerability is CVE-2024-36428. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle MySQL up to 8.0.40/8.4.3/9.1.0. It has been classified as critical. This affects an unknown part of the component Enterprise Firewall. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2025-21495. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Oracle Database Server up to 19.25/21.16/23.6. Affected is an unknown function. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-21553. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle JD Edwards EnterpriseOne Orchestrator up to 9.2.9.1 and classified as critical. This issue affects some unknown processing of the component E1 IOT Orchestrator Security. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-21552. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Hyperion Data Relationship Management 11.2.19.0.000 and classified as critical. Affected by this issue is some unknown functionality of the component Web Service. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2025-21569. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle Application Express 23.2/24.1 and classified as critical. This vulnerability affects unknown code of the component General. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-21557. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Hyperion Data Relationship Management 11.2.19.0.000. It has been classified as problematic. This affects an unknown part of the component Access/Security. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2025-21568. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle MySQL Server up to 8.0.41/8.4.4/9.2.0. It has been classified as problematic. This affects an unknown part of the component UDF. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-30721. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.