Aggregator

A vulnerability marked as problematic has been reported in Apache Kafka. The impacted element is the function Arrays.equals of the component Password Handler. Performing manipulation results in information exposure through discrepancy. This vulnerability is identified as CVE-2021-38153. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in MariaDB 10.5/10.6/10.7.0 and classified as problematic. This affects the function get_ref_count of the file dict0dict.cc. This manipulation causes reachable assertion. This vulnerability is handled as CVE-2022-32082. The attack can only be done within the local network. Additionally, an exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as critical has been found in Oracle MySQL Server up to 5.7.30/8.0.20. This vulnerability affects unknown code of the component Optimizer. The manipulation leads to denial of service. This vulnerability is documented as CVE-2020-14547. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in Trustwave ModSecurity 3.0.5/3.0.6/3.0.7/3.0.8. This impacts the function Transaction of the component Configuration Handler. The manipulation leads to denial of service. This vulnerability is documented as CVE-2023-28882. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.

В 56 000 км от ледяного гиганта прятался спутник, который не увидел даже легендарный зонд.

A Chrome extension marketed as FreeVPN.One, boasting over 100,000 installations, a verified badge, and featured placement in the Chrome Web Store, has been exposed as spyware that silently captures screenshots of users’ browsing activities and exfiltrates them to remote servers. Despite its privacy policy explicitly stating that the developer does not collect or use user […]

The post Legitimate Chrome VPN with 100K+ Installs Secretly Captures Screenshots and Exfiltrates Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The release of a new KuppingerCole Leadership Compass is always a significant event for the cybersecurity industry, offering a vendor-neutral view of the market's current state. The 2025 edition, focusing on API Security and Management, is critical as it arrives at a pivotal moment for technology. It clearly presents a fact many organizations are just beginning to understand: the crucial connection between the rise of Artificial Intelligence and the necessity for robust API security.

This is the first part of a three-installment blog series highlighting the main findings of this landmark report. In this post, we will emphasize its core theme: the interconnected and vulnerable relationship between AI and APIs.

In the new KuppingerCole report, analyst Alexei Balaganski explains that APIs have evolved far beyond simple technical tools; they now orchestrate business logic and drive automation across the entire enterprise. The rise of artificial intelligence has supercharged this trend. The analysts present a key finding that establishes the modern relationship between these technologies: "APIs are the backbone of Al: Every LLM integration, agentic Al workflow, or autonomous decision system depends on API calls". This fundamental shift means that APIs no longer just support business operations—they now actively define them.

This deep, API-driven integration introduces a significant and high-stakes attack surface. The report issues a stark warning about this new reality, explaining that any effort to secure an AI model itself is ultimately ineffective if its underlying connections are vulnerable. As the analyst puts it, protecting a model "is futile if the APIs that interface with those models are left unguarded". This vulnerability exposes organizations to a new class of AI-related threats, including prompt injection and data exfiltration, which are often executed through sophisticated business logic attacks that exploit an API's intended functionality to bypass traditional defenses.

This challenge is precisely what Salt Security was created to address. Our platform aims to look beyond common vulnerabilities and understand the specific logic and context of each API. KuppingerCole highlights our “patented AI/ML engine”, which it says “differentiates between benign anomalies and actual attacks with a claimed 92% intent accuracy”. This capability is essential for identifying sophisticated, low and slow attacks targeting business logic, which AI-driven threats often exploit.

The report also supports our strategic approach, noting Salt's early efforts in AI security by providing protections against prompt injection and other threats specific to LLMs. As you develop your AI strategy, securing the APIs that connect these advanced models to your vital data is not just recommended; it’s essential.

With an understanding of the AI-driven threat landscape, our next post will explore what it takes to lead in this challenging area and why KuppingerCole recognized Salt Security as a clear Overall Leader.

The insights from the KuppingerCole report provide a clear roadmap for navigating this new, AI-driven threat landscape. To see the full, independent analysis and understand why Salt Security was named an Overall Leader, download your complimentary copy of the report today. And when you’re ready to move from strategy to action, we invite you to take the next step with our free, personalized API Attack Surface Assessment to discover and prioritize the specific risks within your own environment.

The post The New Frontier: Why You Can’t Secure AI Without Securing APIs appeared first on Security Boulevard.

The new method will be useful in various fields, including nanomedicine, food science, environmental science and advanced manufacturing.

Судьба программы Artemis под вопросом.

A vulnerability categorized as critical has been discovered in Redirection for Contact Form 7 Plugin up to 3.2.4 on WordPress. This impacts the function get_lead_fields. The manipulation results in deserialization. This vulnerability was named CVE-2025-8145. The attack may be performed from a remote location. There is no available exploit.

A vulnerability identified as problematic has been detected in Redirection for Contact Form 7 Plugin up to 3.2.4 on WordPress. Affected is the function delete_associated_files. This manipulation causes denial of service. The identification of this vulnerability is CVE-2025-8141. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in Redirection for Contact Form 7 Plugin up to 3.2.4 on WordPress. Affected by this vulnerability is the function delete_associated_files. Such manipulation leads to deserialization. This vulnerability is referenced as CVE-2025-8289. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, was found in Microsoft Knack 0.12.0. The affected element is an unknown function of the component knack.introspection. The manipulation results in inefficient regular expression complexity. This vulnerability is known as CVE-2025-54364. Attacking locally is a requirement. No exploit is available.

A vulnerability categorized as problematic has been discovered in Fujifilm Healthcare Americas Synapse Mobility 8.0.0/8.0.1/8.0.2/8.1.0/8.1.1. Affected by this issue is some unknown functionality of the component Search. The manipulation results in external control of assumed-immutable web parameter. This vulnerability is identified as CVE-2025-54551. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in Six Apart Movable Type, Movable Type Advanced and Movable Type Premium. This affects an unknown part of the component Password Reset. This manipulation causes use of less trusted source. This vulnerability is tracked as CVE-2025-53522. The attack is possible to be carried out remotely. No exploit exists.

15 суставов, 40 ньютонов, 0 сенсоров.

Recently released Windows 11 24H2 updates are reportedly causing data corruption and failure issues for some SSD and HDD models on up-to-date systems. [...]

A vulnerability, which was classified as critical, has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of the file /goform/RP_doSpecifySiteSurvey. The manipulation of the argument ssidhex leads to stack-based buffer overflow. This vulnerability is listed as CVE-2025-9253. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the file /goform/DisablePasswordAlertRedirect. Executing manipulation of the argument hint can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2025-9252. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function sta_wps_pin of the file /goform/sta_wps_pin. Performing manipulation of the argument Ssid results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-9251. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.