Aggregator

Submit #589354 / VDB-311713

RipperSec Targeted the Website of Vice President of India

Submit #588258 / VDB-311712

The statement said the Rhode Island-based company identified unauthorized activity on its systems on Thursday, prompting officials to take systems offline. The action “has temporarily impacted the Company’s ability to fulfill and distribute customer orders.”

The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. "The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors," SentinelOne security researchers Aleksandar

Skitnet malware, also referred to as Bossnet, has emerged as a critical tool for ransomware gangs in 2025, showcasing a marked increase in operational efficiency for cybercriminals. First advertised on underground forums like RAMP on April 19, 2024, by a threat actor known as LARVA-306, Skitnet was initially positioned as a compact, user-friendly post-exploitation package […]

The post Skitnet Malware Actively Adopted by Ransomware Gangs to Enhance Operational Efficiency appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in wasp-lang wasp up to 0.16.5. It has been rated as critical. This issue affects some unknown processing of the component OAuth. The manipulation leads to incorrect default permissions. The identification of this vulnerability is CVE-2025-49006. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Discourse up to 3.4.3/3.5.0.beta4/3.5.0.beta5-dev. Affected is the function allowed_iframes of the component Setting Handler. The manipulation leads to insecure automated optimizations. This vulnerability is traded as CVE-2025-48877. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in GIMP. Affected is the function ani_load_image of the component ANI File Parser. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-48796. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5879. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.15.0. Affected by this issue is some unknown functionality of the component net_sched. The manipulation of the argument cl_nactive leads to infinite loop. This vulnerability is handled as CVE-2025-38001. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

450 млн параметров и ни одного GPU в обмороке.

Alleged admin access sale to multiple FinTech Companies in South America

A vulnerability classified as problematic was found in WPWeb WooCommerce Social Login Plugin up to 2.8.2 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-39472. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Discourse up to 3.4.3/3.5.0.beta4/3.5.0.beta5-dev. Affected is the function topic_title of the component Email Body Handler. The manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2025-48062. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in labring FastGPT up to 4.9.10. It has been declared as critical. This vulnerability affects unknown code of the component Python Module. The manipulation leads to incorrect permission assignment. This vulnerability was named CVE-2025-49131. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Tenda CP3 11.10.00.2311090948 and classified as critical. Affected by this vulnerability is the function sub_F3C8C of the file apollo. The manipulation leads to command injection. This vulnerability is known as CVE-2025-5763. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Red Hat Keycloak and Single Sign-On and classified as critical. This vulnerability affects unknown code of the component Verification Policy. The manipulation leads to certificate with host mismatch. This vulnerability was named CVE-2025-3501. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Discourse up to 3.4.3/3.5.0.beta4/3.5.0.beta5-dev. This issue affects some unknown processing. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2025-48053. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.