Aggregator

Currently trending CVE - Hype Score: 12 - The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and ...

Currently trending CVE - Hype Score: 14 - In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket ...

Currently trending CVE - Hype Score: 1 - Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ...

Currently trending CVE - Hype Score: 21 - Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.

Currently trending CVE - Hype Score: 19 - An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Processing a maliciously crafted file may lead to unexpected app termination.

Law enforcement dismantled a 20-year botnet behind Anyproxy and 5socks cybercriminals services and arrested four suspects. Authorities dismantled a 20-year-old botnet tied to Anyproxy and 5socks as part of an international operation codenamed “Operation Moonlander”; four men, including three Russians, were indicted for running the illegal proxy networks. The U.S. Justice Department charged Russian nationals, […]

Собрали установку из восьми лазеров и двух дешёвых телескопов — получилось круче, чем у НАСА.

In the era of remote and hybrid work, Chief Information Security Officers (CISOs) are now tasked with cultivating a strong cybersecurity culture in remote work, extending far beyond traditional responsibilities like managing firewalls and monitoring networks. The shift to distributed teams has dissolved the traditional office perimeter, exposing organizations to new vulnerabilities and threats. Employees […]

The post Why CISOs Must Prioritize Cybersecurity Culture in Remote Work appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fake AI-powered video generation tools are being used to distribute a new information-stealing malware family called 'Noodlophile,' under the guise of generated media content. [...]

Google has integrated artificial intelligence into its cybersecurity toolkit to shield users from financial and data theft scams. On Friday, May 09, 2025, the company unveiled a comprehensive report detailing its latest AI-driven initiatives across Search, Chrome, and Android, marking a significant leap in preemptive threat detection and user protection. These advancements aim to counteract […]

The post Google Chrome Uses Advanced AI to Combat Sophisticated Online Scams appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, was found in LyLme Spage 2.1. This affects an unknown part of the file lylme_spage/blob/master/admin/ajax_link.php. The manipulation of the argument sort leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4543. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #567290 / VDB-308289

NASA 发布三则最新声音化作品，将哈勃太空望远镜（Hubble）、詹姆斯・韦伯太空望远镜（James Webb）、钱德拉 X 射线天文台（Chandra）、X 光偏振成像卫星（IXPE）等太空望远镜所搜集的观测资料，转译为音乐形式，带领听众用耳朵探索宇宙中最极端的天体：黑洞。这三段声音化作品分别呈现黑洞形成前的恒星状态、黑洞与伴星的动态交互作用，以及黑洞巨大能量喷流的壮观景象。

A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Affected by this issue is some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is handled as CVE-2025-4542. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in run-llama llama_index up to 0.3.5. Affected by this vulnerability is the function get_article_urls of the component KnowledgeBaseWebReader. The manipulation of the argument max_depth leads to resource consumption. This vulnerability is known as CVE-2025-1752. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file c\admin\ZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to sql injection. This vulnerability is traded as CVE-2025-4541. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #567214 / VDB-308288

Introduction In the world of identity and access management (IAM), two protocols often come up during system design or vendor selection: SAML 2.0 and OAuth 2.0. While both serve to secure access, they solve fundamentally different problems and are optimized for different environments. Yet many developers confuse the two — or worse, implement one where...

The post SAML vs OAuth 2.0 – What’s the Difference? A Practical Guide for Developers appeared first on Security Boulevard.

Submit #567191 / VDB-308286

美国咖啡店正采取措施限制客户长时间占据座位，将咖啡店当作远程办公场所使用的行为。纽约 Devocion 连锁店将 WiFi 开放限制在工作日两小时时段，周末则完全关闭。底特律 Alba 咖啡店自 2023年 开业以来一直没有提供 WiFi。部分咖啡店甚至用胶带封住了电源插座。华盛顿 DC 咖啡馆 Elle 一开始没有提供 WiFi，因网上的差评而改为 WiFi 开放时间限制在周一至周四上午 8 点至下午 3 点，使用时间上限为 90 分钟。当然也有咖啡店认识到部分客户有远程办公的需求。它们特地为远程办公的客户提供了单独的房间，按小时收费，如果额外消费的话可获得积分。