Aggregator

UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools

The Hackers News
3 months ago
Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim
The Hacker News

CVE-2025-2607 | phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4 HTTP POST Request upimage.html File unrestricted upload

VulDB Recent Entries
3 months ago
A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. This vulnerability is handled as CVE-2025-2607. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-2606 | SourceCodester Best Church Management Software 1.0 soulwinning_crud.php photo/photo1 unrestricted upload

VulDB Recent Entries
3 months ago
A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/soulwinning_crud.php. The manipulation of the argument photo/photo1 leads to unrestricted upload. This vulnerability is known as CVE-2025-2606. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad