Aggregator

CVE-2025-58584 | SICK Baggage Analytics HTTP Request get request method with sensitive query strings

1 day 2 hours ago

A vulnerability classified as problematic has been found in SICK Baggage Analytics, Tire Analytics, Package Analytics, Logistic Diagnostic Analytics and Enterprise Analytics. Affected is an unknown function of the component HTTP Request Handler. Performing manipulation results in use of get request method with sensitive query strings. This vulnerability is cataloged as CVE-2025-58584. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2025-58578 | SICK Enterprise Analytics API Endpoint allocation of resources (EUVD-2025-32501)

VulDB Recent Entries

1 day 2 hours ago

A vulnerability described as problematic has been identified in SICK Enterprise Analytics. This impacts an unknown function of the component API Endpoint. Such manipulation leads to allocation of resources. This vulnerability is listed as CVE-2025-58578. The attack may be performed from remote. There is no available exploit.

vuldb.com

CVE-2025-58591 | SICK Baggage Analytics path traversal

VulDB Recent Entries

1 day 2 hours ago

A vulnerability marked as critical has been reported in SICK Baggage Analytics, Tire Analytics, Package Analytics and Logistic Diagnostic Analytics. This affects an unknown function. This manipulation causes path traversal. This vulnerability is tracked as CVE-2025-58591. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

From Deception to Defense: Understanding and Combating Phishing

不安全

1 day 2 hours ago

Phishing is a cyberattack targeting sensitive info or harmful actions, evolving with AI and deepfakes. Research spans six areas: empirical, technical, psychological, policy, emerging tech, and ethical/legal. Studies highlight the need for adaptive defenses and global collaboration to counter persistent threats.

CodeQL中Source点的实现逻辑与Spring框架污点源分析

先知技术社区

1 day 2 hours ago

该文章主要介绍了CodeQL中关于污点跟踪源点（source）的实现逻辑，特别是针对Java扫描套件中的实现。

Хакеры слили эксплойт Oracle в Telegram — и он работает. Clop украла данные десятков компаний через уязвимость нулевого дня

Securitylab.ru

1 day 2 hours ago

Когда две группировки встречаются - в сети появляется новый эксплойт Oracle.

AI & IAM: Where Security Gets Superhuman (Or Supremely Stuck) - Matt Immler, Heather Ceylan, Alexander Makarov, Nitin Raina, Dor Fledel, Aaron Parecki - ESW #427

不安全

1 day 2 hours ago

Oktane 2025会议上讨论了身份在保护AI驱动企业中的重要性。随着SaaS和AI代理的普及，组织面临大量人类和非人类身份带来的风险。专家们分享了如何通过管理AI代理、统一身份、开放标准和嵌入式AI来增强数据保护，并探讨了加强防御的方法以应对社会工程攻击等威胁。

Take action: Combat modern social engineering techniques

Red Carnary: YouTube Channel

1 day 2 hours ago

Red Canary, a Zscaler company

WorldLeaks

Dark Feed IO

1 day 2 hours ago

You must login to view this content

cohenido

Hackers Exploit WordPress Sites by Silently Injecting Malicious PHP Code

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

1 day 2 hours ago

Cybercriminals have ramped up attacks on WordPress websites by stealthily modifying theme files to serve unauthorized third-party scripts. This campaign leverages subtle PHP injections in the active theme’s functions.php to fetch external code, effectively turning compromised sites into silent distributors of malicious ads and malware. The breach came to light when the site owner noticed […]

The post Hackers Exploit WordPress Sites by Silently Injecting Malicious PHP Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Земля постепенно погружается во мрак. Может ли асимметрия альбедо изменить нашу жизнь навсегда?

Securitylab.ru

1 day 2 hours ago

То, что происходит с облаками над Арктикой, заставляет пересмотреть все прогнозы о будущем планеты.

Renault Informs Customers of Supply Chain Data Breach

Information Security Magazine

1 day 2 hours ago

Renault and Dacia have become the latest big-name brands to suffer a supply chain breach

Gemini CLI to Your Kali Linux Terminal To Automate Penetration Testing Tasks

Cyber Security News

1 day 3 hours ago

With the release of Kali Linux 2025.3, a major update introduces an innovative tool that combines artificial intelligence and cybersecurity: the Gemini Command-Line Interface (CLI). This new open-source package integrates Google’s powerful Gemini AI directly into the terminal, offering penetration testers and security professionals an intelligent assistant designed to streamline and automate complex security workflows. […]

The post Gemini CLI to Your Kali Linux Terminal To Automate Penetration Testing Tasks appeared first on Cyber Security News.

Guru Baran

Detecting DLL hijacking with machine learning: real-world cases

不安全

1 day 3 hours ago

Kaspersky SIEM集成了一种机器学习模型，用于检测DLL劫持攻击。该模型通过检查系统中加载的所有DLL库，并结合Kaspersky安全网络的全球知识库进行验证，以提高检测准确性并减少误报。模型支持两种运行模式：在correlator上处理已触发规则的事件，在collector上处理所有相关事件。在试点测试中，该模型成功识别了多个真实攻击案例，包括利用DLL侧载技术的恶意活动。