Aggregator

Submit #638592 / VDB-321900

A vulnerability was found in Portabilis i-Educar up to 2.10. It has been rated as critical. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2025-9684. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Oslo University Hospital CSO Torkel Thune on Nordic Threat Landscape
Torkel Thune, head of the department for architecture, operational IT security and chief security officer at Oslo University Hospital, discusses how global shifts are affecting cybersecurity for the Nordic region, and how healthcare is especially vulnerable.

CISO Tammy Klotz Discusses the Value of Peer Support in Advance of ManuSec 2025
Manufacturers face many challenges in securing OT and IT systems, from legacy technology to managing vulnerabilities. Tammy Klotz, CISO at Trinseo and last year's ManuSec Summit event chair, discusses the value of sharing firsthand insights with a cybersecurity community.

Submit #638582 / VDB-321899

A widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive credentials and demonstrating a frighteningly comprehensive approach to future threats. Security researchers have confirmed that malicious versions of Nx—numbered 20.9.0 through 21.8.0—systematically scanned infected machines for a broad range of secrets before exfiltrating them to public […]

The post Popular Nx Packages Compromised by Credential-Stealing Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #638577 / VDB-321898

Submit #638576 / VDB-321897

Submit #638574 / VDB-321896

A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point researchers have warned. The phishing campaign(s) The researchers believe that the campaign has been mounted by financially motivated threat actors. Its goal is to deliver a malicious ZIP archive that contains a PowerShell script that will be executed in … More →

The post Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms appeared first on Help Net Security.

A vulnerability was found in O2OA up to 10.0-410. It has been declared as problematic. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-9683. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

A vulnerability was found in O2OA up to 10.0-410. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-9682. The attack may be initiated remotely. In addition, an exploit is available. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

A vulnerability was found in O2OA up to 10.0-410 and classified as problematic. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-9681. The attack can be launched remotely. Moreover, an exploit is present. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

A vulnerability has been found in O2OA up to 10.0-410 and classified as problematic. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-9680. The attack can be initiated remotely. Additionally, an exploit exists. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

Submit #638555 / VDB-320769

Submit #637241 / VDB-321895

Submit #637240 / VDB-321894

Submit #637239 / VDB-321893

Submit #637238 / VDB-321893

Submit #637237 / VDB-321892