Aggregator

A vulnerability classified as critical was found in Microhard IPn4Gii and Bullet-LTE up to 1.2.0-r1132. This vulnerability affects unknown code of the component AT+MFRULE Command Handler. The manipulation leads to argument injection. This vulnerability was named CVE-2025-35007. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Microhard IPn4Gii and Bullet-LTE up to 1.2.0-r1132. This issue affects some unknown processing of the component AT+MMNAME Command Handler. The manipulation leads to argument injection. The identification of this vulnerability is CVE-2025-35008. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The identification of this vulnerability is CVE-2025-5862. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #585717 / VDB-311660

A recent investigation by Genians Security Center (GSC) has uncovered a highly sophisticated, multi-channel cyber espionage campaign attributed to the North Korea-aligned advanced persistent threat (APT) group known as Kimsuky. Between March and April 2025, the group leveraged Facebook, email, and Telegram to infiltrate targets primarily within the defense sector, North Korea-related activists, and cryptocurrency […]

The post Kimsuky Strikes Again – Coordinated Attacks Target Facebook, Email, and Telegram appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-5888. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. This vulnerability is traded as CVE-2025-5887. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #582920 / VDB-311659

Submit #582062 / VDB-311659

Submit #580744 / VDB-311658

微软正式宣布和华硕合作推出 Xbox 掌机 ROG Xbox Ally。类似 Steam Deck 的 SteamOS，ROG Xbox Ally 运行的是 Windows 11 操作系统，但为掌机体验进行了优化，微软称之为“Xbox Experience for Handheld”，操作系统最少化后台活动，限制了非必要任务。微软还计划学习 Valve 的掌机认证标签，推出为 Windows 掌机优化的认证程序。ROG Xbox Ally 基础版配备了 AMD Ryzen Z2 A 处理器、16 GB 内存、512 GB 存储空间和 60 Wh 电池；高级版 Xbox Ally X 配备了 AMD Ryzen AI Z2 Extreme 处理器、24 GB 内存、1 TB 存储空间和 80 Wh 电池，还配备了与 Xbox 手柄相同的脉冲扳机。两款掌机配置均采用 7 英寸、1080p@120 Hz IPS 显示屏，支持可变刷新率。Xbox Ally 的重量为 670 克，Xbox Ally X 比它重 45 克。价格等相关信息将在未来几个月公布。

A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The identification of this vulnerability is CVE-2025-5886. The attack may be initiated remotely. Furthermore, there is an exploit available.

С каждым запросом он всё меньше напоминает инструмент и всё больше — соучастника.

Submit #571804 / VDB-311657

喜讯！

三大板块，快来看看都有谁？

In this Help Net Security interview, Renana Friedlich-Barsky, EVP and CISO at LPL Financial, discusses how threat actors are targeting high-net-worth clients and exploiting digital touchpoints in wealth management. She explains why firms must embed security from the start to protect sensitive assets and ensure seamless, secure client experiences. How are threat actors evolving their tactics to target high-net-worth clients or exploit digital touchpoints in wealth management platforms? Threat actors are becoming more targeted and … More →

The post Balancing cybersecurity and client experience for high-net-worth clients appeared first on Help Net Security.

A vulnerability was found in Cisco IOS. It has been declared as problematic. This vulnerability affects unknown code of the component MPLS Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2007-1258. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS and CatOS. It has been classified as problematic. This affects an unknown part of the component NAM SNMP Handler. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2007-1257. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in VMware ESX Server 3.0.0. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2007-1271. Local access is required to approach this attack. There is no exploit available.