Aggregator

Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)

ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)

信息化系统功能的可靠、稳定已成为医院管理的核心议题。

信息化系统功能的可靠、稳定已成为医院管理的核心议题。

信息化系统功能的可靠、稳定已成为医院管理的核心议题。

截至2025年3月31日，网络安全上市公司的整体现金和现金等价物与2024年9月30日基本持平，“无现金流入可维持月份”的中位数从5.2个月下降至4.5个月。不过，仍有61.9%的公司现金状况实现了边际改善。

截至2025年3月31日，网络安全上市公司的整体现金和现金等价物与2024年9月30日基本持平，“无现金流入可维持月份”的中位数从5.2个月下降至4.5个月。不过，仍有61.9%的公司现金状况实现了边际改善。

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

domainim Domainim is a Blazing fast domain reconnaissance tool for bounty hunters written in Nim. Features Virtual hostname enumeration Reverse DNS lookup Subdomains as input Verbose output TCP port scanning with full user control...

The post domainim: A fast and comprehensive tool for organizational network scanning appeared first on Penetration Testing Tools.

PeCoReT PeCoReT (Pentest Collaboration and Reporting Tool) is an open-source application to manage your pentest projects. PeCoReT allows pentesters to focus on testing instead of writing the report. It can be customized and once...

The post pecoret: A Pentest Collaboration and Reporting Tool appeared first on Penetration Testing Tools.

Threat Attack Daily - 5th of May 2025

Ransomware Attack Update for the 5th of May 2025

At RSAC 2025, the cybersecurity landscape underwent a seismic shift. This analysis reveals how autonomous AI agents, deepfake technologies, and quantum threats are forcing enterprises to fundamentally rethink security frameworks—and why yesterday's models won't protect tomorrow's assets.

The post RSAC 2025: The Unprecedented Evolution of Cybersecurity appeared first on Security Boulevard.

The data-theft extortion group known as Luna Moth, aka Silent Ransom Group, has ramped up callback phishing campaigns in attacks on legal and financial institutions in the United States. [...]

A vulnerability has been found in ntp up to 4.2.8p13/4.3.99 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component ntpd. The manipulation as part of Timestamp leads to authentication bypass by spoofing. This vulnerability is known as CVE-2020-13817. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Pulse Secure Client up to 9.1.5. This affects an unknown part of the file PulseSecureService.exe. The manipulation leads to time-of-check time-of-use. This vulnerability is uniquely identified as CVE-2020-13162. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Adobe Bridge up to 10.0.1. Affected is an unknown function. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2020-9554. It is possible to launch the attack remotely. There is no exploit available.