Aggregator

A vulnerability labeled as problematic has been found in Deltascripts Php Classifieds 6.0.5. The affected element is an unknown function. The manipulation of the argument URL results in basic cross site scripting. This vulnerability is cataloged as CVE-2002-1702. The attack may be launched remotely. Furthermore, there is an exploit available.

OnionC2 is a command and control (C2) framework with communications over Tor network. It’s packed with privacy &

The post OnionC2: The New C&C Framework for Anonymous Cyber Operations appeared first on Penetration Testing Tools.

A vulnerability was found in Google Android 13.0. It has been classified as critical. This vulnerability affects the function onActivityResult of the file AvatarPickerActivity.java. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2023-20912. Local access is required to approach this attack. No exploit exists. It is suggested to install a patch to address this issue.

A vulnerability was found in Google Android 11.0/12.0/13.0. It has been classified as problematic. The impacted element is the function addPermission of the file PermissionManagerServiceImpl.java. This manipulation causes resource consumption. The identification of this vulnerability is CVE-2023-20911. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 11.0/12.0/13.0 and classified as problematic. The affected element is the function addNetworkSuggestions of the file WifiManager.java. The manipulation results in resource consumption. This vulnerability was named CVE-2023-20910. The attack may be performed from remote. There is no available exploit. It is best practice to apply a patch to resolve this issue.

Multiple critical vulnerabilities in Qualcomm Technologies’ proprietary Data Network Stack and Multi-Mode Call Processor that permit remote attackers to execute arbitrary code.  These flaws, tracked as CVE-2025-21483 and CVE-2025-27034, each carry a CVSS score of 9.8 and exploit buffer-corruption weaknesses to compromise device security. Key Takeaways1. CVE-2025-21483 & CVE-2025-27034 allow remote RCE.2. Affects Snapdragon 8 […]

The post Critical Qualcomm Vulnerabilities Allow Attackers to Execute Arbitrary Code Remotely appeared first on Cyber Security News.

A vulnerability classified as critical has been found in Linux Kernel up to 6.15.9/6.16.0/6.17-rc1. This affects the function nfsd_open_local_fh. This manipulation causes use of expired file descriptor. This vulnerability is handled as CVE-2025-38567. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 18.0.5/18.1.3/18.2.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-7734. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in GitLab Enterprise Edition up to 18.0.5/18.1.3/18.2.1. It has been rated as problematic. The impacted element is an unknown function of the component Merge Request Handler. Performing manipulation results in authorization bypass. This vulnerability is cataloged as CVE-2025-8770. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.15.9/6.16.0 and classified as critical. Impacted is the function lock_vma_under_rcu of the component mm. Performing manipulation results in use after free. This vulnerability is cataloged as CVE-2025-38554. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.15.9/6.16.0. This affects the function ext4_end_io_rsv_work. Performing manipulation results in use after free. This vulnerability is known as CVE-2025-38580. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A critical security vulnerability has emerged in Azure Active Directory (Azure AD) configurations that exposes sensitive application credentials, providing attackers with unprecedented access to cloud environments.  This vulnerability centers around the exposure of appsettings.json files containing ClientId and ClientSecret credentials, effectively handing adversaries the keys to entire Microsoft 365 tenants. The vulnerability was identified during […]

The post Azure Active Directory Vulnerability Exposes Credentials and Enables Attackers to Deploy Malicious Apps appeared first on Cyber Security News.

A vulnerability, which was classified as critical, was found in SonarSource sonarqube-scan-action up to 5.3.0. The impacted element is an unknown function of the component Scan GitHub Action Handler. Such manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-58178. Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.

A vulnerability was found in MobSF Mobile-Security-Framework-MobSF 4.4.0. It has been classified as critical. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is referenced as CVE-2025-58162. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. This vulnerability is traded as CVE-2025-9813. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. This vulnerability is handled as CVE-2025-9815. It is possible to launch the attack on the local host. Additionally, an exploit exists.

OSR 将在中国密码学会2025年密码测评学术会议亮相，带来主题为 “大语言模型驱动的侧信道攻击测试新范式” 的报告。

根据 Institute for Family Studies 的研究报告《The Sex Recession》，美国人性生活频率处于历史最低水平，甚至低于新冠疫情期间。研究人员分析了芝加哥大学全国民意研究中心 (NORC)最新调查报告 General Social Survey 中有关性和亲密关系的数据。调查数据于 2024 年收集，今年五月公布。结果显示，只有 37% 的 18-64 岁人群每周至少有一次性生活，低于 1990 年的 55%。年轻人中间的下降幅度更为惊人：近四分之一或 24% 的 18-29 岁人群表示过去一年没有性生活；这一数字是 2010 年的两倍。研究表明，性生活下降的趋势适用于 64 岁以下所有性取向的人群，无论已婚还是单身。研究人员表示，大于 64 岁的人群性生活次数没有显著变化，主要是因为该群体报告的性生活频率本来就较低。

一、事件概述：网络安全公司ESET近期披露了全球已知首款基于人工智能（AI）技术开发的勒索软件——Prompt

Over the past two years, Fox-IT and NCC Group have tracked a sophisticated Lazarus subgroup targeting financial and cryptocurrency firms. This actor overlaps with AppleJeus, Citrine Sleet, UNC4736 and Gleaming Pisces campaigns and leverages three distinct remote access trojans (RATs)—PondRAT, ThemeForestRAT and RemotePE—to infiltrate and control compromised systems. In a 2024 incident response case, the […]

The post Lazarus Hackers Exploit 0-Day to Deploy Three Remote Access Trojans appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.