Aggregator

A vulnerability marked as critical has been reported in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2025-9688. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #638609 / VDB-321901

A vulnerability labeled as critical has been found in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. This vulnerability appears as CVE-2025-9687. The attack may be performed from a remote location. In addition, an exploit is available.

A vulnerability identified as critical has been detected in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /module/AreaConhecimento/edit of the component Listagem de áreas de conhecimento Page. Performing manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2025-9686. The attack is possible to be carried out remotely. Moreover, an exploit is present.

关键词数据泄露根据网络安全公司 Cybernews 的个人数据泄露监测工具显示，2025年上半年全球共有约15

关键词数据泄露美国三大信用报告机构之一的 TransUnion 近日披露，其一家第三方服务供应商遭到黑客攻击，

关键词腾讯云在昨天的文章中，提到网络安全公司 CYBERNEWS 发布的一份报告称，腾讯云平台出现重大安全事件

关键词数据泄露近期有研究揭示出社交媒体应用在收集用户位置数据方面存在明显差异。

Каждый 50-й американец мог быть ненастоящим...

A vulnerability categorized as critical has been discovered in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. This vulnerability is documented as CVE-2025-9685. The attack can be executed remotely. Additionally, an exploit exists.

Submit #638592 / VDB-321900

A vulnerability was found in Portabilis i-Educar up to 2.10. It has been rated as critical. This affects an unknown part of the file /module/FormulaMedia/edit of the component Formula de Cálculo de Média Page. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2025-9684. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Oslo University Hospital CSO Torkel Thune on Nordic Threat Landscape
Torkel Thune, head of the department for architecture, operational IT security and chief security officer at Oslo University Hospital, discusses how global shifts are affecting cybersecurity for the Nordic region, and how healthcare is especially vulnerable.

CISO Tammy Klotz Discusses the Value of Peer Support in Advance of ManuSec 2025
Manufacturers face many challenges in securing OT and IT systems, from legacy technology to managing vulnerabilities. Tammy Klotz, CISO at Trinseo and last year's ManuSec Summit event chair, discusses the value of sharing firsthand insights with a cybersecurity community.

Submit #638582 / VDB-321899

A widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive credentials and demonstrating a frighteningly comprehensive approach to future threats. Security researchers have confirmed that malicious versions of Nx—numbered 20.9.0 through 21.8.0—systematically scanned infected machines for a broad range of secrets before exfiltrating them to public […]

The post Popular Nx Packages Compromised by Credential-Stealing Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #638577 / VDB-321898

Submit #638576 / VDB-321897

Submit #638574 / VDB-321896

A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point researchers have warned. The phishing campaign(s) The researchers believe that the campaign has been mounted by financially motivated threat actors. Its goal is to deliver a malicious ZIP archive that contains a PowerShell script that will be executed in … More →

The post Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms appeared first on Help Net Security.