Aggregator

A significant global effort to patch a critical zero-day remote code execution (RCE) vulnerability in Citrix NetScaler devices has seen the number of exposed systems drop from approximately 28,200 to 12,400 in just one week. Data from The Shadowserver Foundation, a non-profit dedicated to internet security, reveals a rapid response from administrators worldwide, though thousands […]

The post Citrix Netscaler 0-day RCE Vulnerability Patched – Vulnerable Instances Reduced from 28.2K to 12.4K appeared first on Cyber Security News.

Submit #639209 / VDB-206015

Explore the top automated pentesting tools of 2025. Learn how modern platforms detect business logic flaws, deliver true positives, and scale continuous security testing, so security teams can replace manual pentests with faster, more accurate coverage.

The post Top Automated Pentesting Tools (2025) appeared first on Security Boulevard.

Submit #639171 / VDB-321919

Picture this: Your team rolls out some new code, thinking everything's fine. But hidden in there is a tiny flaw that explodes into a huge problem once it hits the cloud. Next thing you know, hackers are in, and your company is dealing with a mess that costs millions. Scary, right? In 2025, the average data breach hits businesses with a whopping $4.44 million bill globally. And guess what? A big

Loyola College Falls Victim to INTERLOCK Ransomware

Submit #639076 / VDB-179607

A vulnerability, which was classified as problematic, has been found in exiv2 up to 0.28.5. This affects the function jpegBase::readMetadata of the component Image Parser. The manipulation leads to inefficient algorithmic complexity. This vulnerability is uniquely identified as CVE-2025-55304. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. Affected by this issue is some unknown functionality. Executing manipulation of the argument there can lead to incorrect authorization. This vulnerability is handled as CVE-2025-54877. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Related Posts Lite Plugin up to 1.12 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. Performing manipulation results in cross-site request forgery. This vulnerability is known as CVE-2025-9618. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as problematic has been identified in exiv2 up to 0.28.5. Affected is an unknown function of the component Image Parser. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-54080. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

Salt Typhoon собирает сетевое оборудование по всему миру.

“Het is van groot belang dat Europese landen Oekraïne verenigd en daadkrachtig steunen.” Dat benadrukte minister Ruben Brekelmans vandaag in Kopenhagen. Hier kwamen de defensieministers van de Europese Unie bijeen voor de informele Raad Buitenlandse Zaken Defensie.

NodeBB, a popular open-source forum platform, has been found vulnerable to a critical SQL injection flaw in version 4.3.0.  The flaw, tracked as CVE-2025-50979, resides in the search-categories API endpoint, allowing unauthenticated, remote attackers to inject both boolean-based blind and PostgreSQL error-based payloads.  Successful exploitation could lead to unauthorized data access, information disclosure, or further […]

The post NodeBB Vulnerability Let Attackers Inject Boolean-Based Blind and PostgreSQL Error-Based Payloads appeared first on Cyber Security News.

Valve 宣布，为了遵守法律 UK Online Safety Act(OSA)，从 8 月 29 日起对想要访问成人游戏内容的英国 Steam 用户验证年龄。年龄验证要求只针对英国用户，方法是在 Steam 帐户添加有效信用卡。因为英国居民需要年满 18 周岁才能申请信用卡，发卡机构有义务在发卡前验证申请者的年龄，因此如果一名英国用户拥有有效信用卡，那么他们的年龄肯定超过了 18 岁。UK Online Safety Act 于 2025 年 7 月 25 日生效，Valve 不是唯一一家要求英国用户验证年龄的游戏公司，微软上个月对英国 Xbox 用户推出了年龄验证。

Пока вы работали в Office, хакеры тихо взламывали вашу систему.

麒麟软件公司本周宣布发布银河麒麟桌面操作系统 V11。V11 使用 Linux 6.6 内核，支持英特尔和 AMD CPU，支持 8 款国产 CPU 和 7 款国产 GPU。麒麟软件党委书记兼董事长谌志华表示，银河麒麟是使用率最高的国产操作系统，安装量达到了 1600 万。Linux 6.6 是 2023 年发布的 LTS 版本，其支持将于 2026 年 12 月结束；2020 年发布的银河麒麟 V10 使用 Linux 4.19，其支持已于 2024 年 12 月结束。麒麟软件对于使用不再支持的内核版本已经有了经验。

Interpol arrests 1200 cybercrime suspects, UpCrypter spreads via fake voicemails to drop RATs, and Salt Typhoon exploits routers for global espionage.

Creators, Authors and Presenters: Ankur Tyagi, Mayuresh Dani

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Decentralized Communications: Deep-Dive Into APRS And Meshtastic appeared first on Security Boulevard.