Aggregator

A vulnerability, which was classified as problematic, has been found in libcurl up to 7.73.0/7.78.0. Affected by this issue is some unknown functionality of the component MQTT Handler. The manipulation leads to double free. This vulnerability is handled as CVE-2021-22945. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Apple macOS. Affected is an unknown function of the component curl. The manipulation leads to double free. This vulnerability is traded as CVE-2021-22945. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in logrotate up to 3.19.x. It has been classified as critical. This affects an unknown part. The manipulation leads to incorrect permission assignment. This vulnerability is uniquely identified as CVE-2022-1348. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in GNU glibc. This vulnerability affects the function realpath of the file canonicalize.c. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2021-3998. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in libcurl. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Connection Pool Handler. The manipulation leads to improper certificate validation. This vulnerability is known as CVE-2021-22924. The attack can be launched remotely. There is no exploit available.

在逮捕梅泰族（Meithei）领导人引发民众暴力抗议之后，印度 Manipur 邦实行宵禁并切断互联网访问。Netblocks 的网络监测确认了网络接入的中断。警方周日逮捕了梅泰族激进武装组织 Arambai Tenggol 的五名领导人，包括首领 Asem Kanan Singh。自 2023 年以来，Manipur 邦人口占多数的梅泰族和人口占少数的库基族（Kuki）为争夺土地和影响力而发生种族冲突。Arambai Tenggol 有相当大的影响力，获得了梅泰社群的支持。Singh 等人被捕引发了民众抗议，抗议者冲进了一个警察哨所，放火焚烧了一辆公共汽车，并封锁了部分路段。在暴力事件之后，Manipur 邦宣布切断互联网以及移动数据服务五天。

如果提前了解了你所要面对的人生，你是否还会有勇气前来

Untangle: 多层 Web 服务器指纹识别 by ourren

更多最新文章，请访问SecWiki

A vulnerability, which was classified as problematic, has been found in Bagisto 2.2.2. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument Query leads to cross site scripting. This vulnerability is handled as CVE-2025-40675. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Zoho ManageEngine ADAudit Plus up to 8510. This affects an unknown part of the component Service Account Auditing Report. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-27709. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

In a recent research by Proofpoint and Threatray has unveiled the intricate and evolving malware arsenal of the Bitter group, also known as TA397, believed to be a state-backed actor aligned with the interests of the Indian government. Active since 2016, Bitter has transformed its operations from deploying rudimentary downloaders to orchestrating sophisticated Remote Access […]

The post Bitter Malware Employs Custom-Built Tools to Evade Detection in Advanced Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Alleged data breach of IMS Consultores

Vulnerability in PayU CommercePro plugin allows account hijacking on thousands of WordPress sites

Linux 基金会上周宣布了 FAIR 包管理器项目，此举旨在让去年引发混乱的 WordPress 社区稳定下来。WordPress 联合创始人 Matthew Mullenweg 去年对竞争对手 WP Engine 发动了攻击，引发了一场至今尚未解决的诉讼。期间他还通过其控制的 WordPress.org 开源项目劫持了 WP Engine 的插件。用于分发 WordPress 插件的 FAIR 包管理器项目试图解决这一问题，它将确保 WordPress 插件不受任何一方的控制。它是中心化 WordPress.org 插件和主题生态系统的去中心化替代，旨在将控制权交还给 WordPress 托管者和开发商。它采用了联邦式开源架构。

At this year’s RSAC Conference, one theme loomed large: AI isn’t just a tool anymore—it’s a battleground. Industry veteran Anand Oswal discussed how AI is reshaping both sides of the cybersecurity equation: It’s amplifying the speed and scale of attacks while simultaneously offering new ways to fight back. The complexity of securing AI applications is..

The post Security in the Age of AI with Anand Oswal appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in Bunnys Print CSS Plugin up to 0.95 on WordPress. This affects the function pcss_options_subpanel of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-5925. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Real Estate Theme Plugin up to 4.4.0/4.4.1 on WordPress. It has been rated as critical. Affected by this issue is the function inspiry_update_profile. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2025-4601. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. This vulnerability is known as CVE-2025-5935. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Браузер не защитит, если не смотришь на URL.

A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-5934. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.