Aggregator

Paris, France, 13th June 2025, CyberNewsWire

Paris, France, 13th June 2025, CyberNewsWire

The post Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale appeared first on Security Boulevard.

A vulnerability was found in TOTOLINK N600R 4.3.0cu.7866_B2022506. It has been classified as critical. This affects an unknown part of the component UPLOAD_FILENAME Component. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-46060. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Via BL-WR9000, BL-AC2100_AZ3, BL-X10_AC8, BL-LTE300, BL-F1200_AT1, BL-X26_AC8, BLAC450M_AE4 and BL-X26_DA3 and classified as critical. Affected by this issue is the function bs_SetCmd. The manipulation of the argument cmd leads to command injection. This vulnerability is handled as CVE-2025-45988. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Blink BL-WR9000, BL-AC2100_AZ3, BL-X10_AC8, BL-LTE300, BL-F1200_AT1, BL-X26_AC8, BLAC450M_AE4 and BL-X26_DA3 and classified as critical. Affected by this vulnerability is the function bs_SetDNSInfo. The manipulation of the argument dns1/dns2 leads to command injection. This vulnerability is known as CVE-2025-45987. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Blink BL-WR9000, BL-AC2100_AZ3, BL-X10_AC8, BL-LTE300, BL-F1200_AT1, BL-X26_AC8, BLAC450M_AE4 and BL-X26_DA3. Affected is the function bs_SetMacBlack. The manipulation of the argument mac leads to command injection. This vulnerability is traded as CVE-2025-45986. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Blink BL-WR9000, BL-AC2100_AZ3, BL-X10_AC8, BL-LTE300, BL-F1200_AT1, BL-X26_AC8, BLAC450M_AE4 and BL-X26_DA3. This issue affects the function bs_SetSSIDHide. The manipulation leads to command injection. The identification of this vulnerability is CVE-2025-45985. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Blink BL-WR9000, BL-AC1900, BL-AC2100_AZ3, BL-X10_AC8, BL-LTE300, BL-F1200_AT1, BL-X26_AC8, BLAC450M_AE4 and BL-X26_DA3. This vulnerability affects the function sub_45B238. The manipulation of the argument routepwd leads to command injection. This vulnerability was named CVE-2025-45984. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical has been found in nobossextensions No Boss Calendar Component up to 5.0.6 on Joomla. This affects an unknown part. The manipulation of the argument id_module leads to sql injection. This vulnerability is uniquely identified as CVE-2025-49468. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help organizations implement Zero Trust Architectures (ZTAs) using commercially available technologies. Implementing a Zero Trust Architecture (NIST SP 1800-35) provides 19 real-world implementation models, technical configurations, and best practices developed through a four-year collaboration with 24 industry partners. This marks a significant […]

The post NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Despite sustained international pressure, sanctions, and public exposures over the past two years, the sophisticated Predator mobile spyware has demonstrated remarkable resilience, continuing to evolve and adapt its infrastructure to evade detection while maintaining operations across multiple continents. The mercenary spyware, originally developed by Cytrox and now operated under the Intellexa alliance, has been active […]

The post Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection appeared first on Cyber Security News.

A vulnerability was found in solon 3.1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component solon-faas-luffy. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-46096. The attack may be launched remotely. There is no exploit available.

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware’s Spring Framework has been patched, affecting multiple versions of the widely used Java framework. The flaw enables attackers to execute malicious code by exploiting improperly configured Content-Disposition headers in a web application. Technical Breakdown The vulnerability arises when applications use Spring’s org.springframework.http.ContentDisposition class to set […]

The post Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Microsoft is investigating a known issue that triggers Secure Boot errors and prevents Surface Hub v1 devices from starting up. [...]

Medewerkers van bouwbedrijf Heijmans kunnen reservist worden bij Defensie. Het bedrijf en het ministerie legden vandaag vast hoe ze werknemers kunnen delen. Dat draagt bij aan de waardevolle inzet van reservisten voor de veiligheid van Nederland.

本节课介绍如何用一条“竖线”让AI写出顶级行程攻略，并附上实操模板。

Microsoft 365 users across Asia Pacific, Europe, the Middle East, and Africa are experiencing significant authentication disruptions that are preventing administrators from adding multifactor authentication (MFA) sign-in methods to user accounts. The service degradation, which began affecting users on Friday, June 13, 2025, has highlighted the critical dependency on Microsoft’s authentication infrastructure for millions of […]

The post Microsoft 365 Authentication Issues Disrupt User Access Across Multiple Regions appeared first on Cyber Security News.

Interpol disrupts major infostealer operation, Fog ransomware abuses pentesting tools, and zero-click AI flaw in MS 365 Copilot exposes data.

The post The Good, the Bad and the Ugly in Cybersecurity – Week 24 appeared first on SentinelOne.

Identiverse 2025 exposed the urgent need for NHI governance. From AI agents to orphaned credentials, NHIs and their sprawling secrets are today’s most overlooked risks.

The post Identiverse 2025: Trust, Delegation, and the Era of Continuous Identity appeared first on Security Boulevard.

Introduction to Third-Party Cyber Risk Management Platforms

Third-party cyber risk management (TPRM) represents the systematic approach organizations use to assess, monitor, and mitigate cybersecurity risks posed by external vendors, suppliers, and service providers. As enterprise ecosystems expand, TPRM has evolved from a compliance checkbox to a critical business function integral to organizational resilience.

The post Third-Party Cyber Risk Management Platforms: The Definitive Guide appeared first on Security Boulevard.