Aggregator

A vulnerability was found in Phicomm K2 22.6.534.263. It has been classified as critical. Affected is an unknown function of the component Automatic Upgrade Handler. The manipulation of the argument autoUpTime leads to command injection. This vulnerability is traded as CVE-2022-48070. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Phicomm K2G 22.6.3.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Automatic Upgrade Handler. The manipulation of the argument autoUpTime leads to command injection. This vulnerability is known as CVE-2022-48072. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Opencats 0.9.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component Import viewerrors Handler. The manipulation of the argument importID leads to sql injection. This vulnerability is handled as CVE-2022-48011. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as critical has been found in TOTOLINK A830R 4.1.2cu.5182. This affects an unknown part in the library global.so of the component Cookie Handler. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2022-48066. The attack needs to be done within the local network. There is no exploit available.

Based on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens.

Alleged Data Breach of Dealer Funnel Car Sales Platform (5.2 Million Records)

SYLHET GANG-SG Targeted the Website of U.S. Department of Education

​Sam's Club, an American warehouse supermarket chain owned by U.S. retail giant Walmart, is investigating claims of a Clop ransomware breach. [...]

OCI dokey then: Larry Ellison’s PR pukes desperately follow the script.

The post Oracle Hack PR Drama: Deny, Deny, Deny — Despite Damning Data appeared first on Security Boulevard.

Authors/Presenters: Raymond Sheh

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – IATC – Cybersec And Ai Risk Management Challenges For The Next Generation Of Public Safety Systems appeared first on Security Boulevard.

A vulnerability was found in xfig fig2dev 3.2.9a. It has been rated as critical. This issue affects the function create_line_with_spline. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-31164. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in xfig fig2dev 3.2.9a. It has been declared as problematic. This vulnerability affects the function via put_patternarc. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-31163. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in xfig fig2dev 3.2.9a. It has been classified as problematic. This affects the function via get_slope. The manipulation leads to divide by zero. This vulnerability is uniquely identified as CVE-2025-31162. The attack needs to be approached locally. There is no exploit available.

Russian authorities arrested three suspects for developing Mamont, a newly identified Android banking trojan. Russian authorities arrested three suspects in Saratov for developing Mamont (Russian for mammoth), a recently discovered Android banking trojan. “Three Saratov residents are suspected of fraud and unauthorized access to computer information. Officers from the fraud prevention department of PJSC Sberbank […]

Evidence suggests an attacker gained access to the company's cloud infrastructure environment, but Oracle insists that didn't happen.

This week’s cybersecurity landscape underscores the increasing complexity of today’s threats and the critical importance of maintaining a proactive, layered […]

The post Weekly Threat Landscape Digest – Week 13 appeared first on HawkEye.

Name: StealthCup (an Stealth-Cup event.)
Date: March 28, 2025, 7 a.m. — 28 March 2025, 15:00 UTC  [add to calendar]
Format: Hack quest
On-site
Location: Vienna, Austria / Hybrid (Online)
Offical URL: https://stealth.ait.ac.at/
Rating weight: 0
Event organizers: 0x01DA

How much do scraper bots affect your industry?