Aggregator

CVE-2022-24990 | TerraMaster NAS up to 4.2.29 webNasIPS PWD information disclosure

Vuldb Updates
3 months 3 weeks ago
A vulnerability described as problematic has been identified in TerraMaster NAS up to 4.2.29. The affected element is an unknown function of the file module/api.php?mobile/webNasIPS. Such manipulation of the argument PWD leads to information disclosure. This vulnerability is listed as CVE-2022-24990. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework

Cyber Security News
3 months 3 weeks ago

The emergence of the AdaptixC2 post-exploitation framework in 2025 marked a significant milestone in the evolution of attacker toolsets targeting open-source supply chains. Positioning itself as a formidable alternative to established tools like Cobalt Strike, AdaptixC2 quickly attracted threat actors seeking agility and stealth in post-exploitation scenarios. This October, researchers uncovered its delivery through the […]

The post Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2025-62577 | Fsas ETERNUS SF AdvancedCopy Manager Standard Edition up to 16.9.1 default permission (EUVD-2025-35035 / CNNVD-202510-2637)

Vuldb Updates
3 months 3 weeks ago
A vulnerability was found in Fsas ETERNUS SF AdvancedCopy Manager Standard Edition, ETERNUS SF Storage Cruiser, ETERNUS SF Expressn, ETERNUS SF Storage Cruisern and ETERNUS SF Express up to 16.9.1 and classified as critical. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to incorrect default permissions. This vulnerability is tracked as CVE-2025-62577. The attack is restricted to local execution. No exploit exists.
vuldb.com

Inside the Synthient Threat Data

Troy Hunt
3 months 3 weeks ago

Where is your data on the internet? I mean, outside the places you've consciously provided it, where has it now flowed to and is being used and abused in ways you've never expected? The truth is that once the bad guys have your data, it often

Troy Hunt

Defakto Raises $30.75M to Lead Non-Human Identity Space

DataBreachToday.com
3 months 3 weeks ago
Silicon Valley Startup Focuses on Discovery and Governance of Non-Human Identities
With $30.75 million in Series B funding, Defakto aims to strengthen non-human identity security across AI workloads and cloud platforms. The Silicon Valley-based startup plans to deepen discovery, governance and enterprise integrations, while expanding its go-to-market strategy.

Russian Disinformation Followed Drone Incursion of Poland

DataBreachToday.com
3 months 3 weeks ago
Active Measures Teams Rapidly Springboarding From Current Events, Find Researchers
After Russian drones violated Polish airspace last month, multiple pro-Kremlin information operations teams sprang into action to advance pro-Moscow narratives that distorted the facts, as part of a hybrid operation designed to destabilize Poland, and NATO support for Ukraine, said experts.

Japanese retailer Muji halted online sales after a ransomware attack on logistics partner

Security Affairs
3 months 3 weeks ago
Muji halted online sales after a ransomware attack on its logistics partner Askul, disrupting orders, app services, and website access. Japanese retailer giant Muji suspended online sales after a ransomware attack hit its logistics partner Askul. The cyber incident disrupted deliveries and online store functions, including orders and app services. “Due to a logistics issue […]
Pierluigi Paganini

CVE-2022-49522 | Linux Kernel up to 5.4.197/5.10.120/5.15.45/5.17.13/5.18.2 host/mmci.c stack-based overflow

Vuldb Updates
3 months 3 weeks ago
A vulnerability was found in Linux Kernel up to 5.4.197/5.10.120/5.15.45/5.17.13/5.18.2 and classified as critical. The impacted element is an unknown function of the file host/mmci.c. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2022-49522. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

Managed ad