Aggregator

A vulnerability classified as critical was found in TOTOLINK A6000R 1.0.1-B20201211.2000. Affected by this vulnerability is the function apcli_cancel_wps of the file /usr/lib/lua/luci/controller/mtkwifi.lua. The manipulation leads to command injection. This vulnerability is known as CVE-2025-3249. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #546132 / VDB-303320

«Сделано в Китае» теперь и в мозгах серверов.

A vulnerability classified as problematic has been found in M-Files Admin on Windows. Affected is an unknown function of the component Desktop UI. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-2159. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in M-Files Web 25.1.14445.5/25.2.14524.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-3087. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in M-Files Server. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper isolation or compartmentalization. This vulnerability was named CVE-2025-3086. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in acme.sh 3.0.6. It has been classified as problematic. This affects an unknown part of the file .github/workflows/dockerhub.yml of the component Docker Image Handler. The manipulation leads to password in configuration file. This vulnerability is uniquely identified as CVE-2025-32111. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Maps Plugin up to 1.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-2279. The attack may be launched remotely. There is no exploit available.

Submit #543214 / VDB-303319

Several of Australia’s largest superannuation funds have been targeted in a coordinated cyberattack, leading to unauthorized access to customer accounts and financial losses for some members. Among those affected are major funds such as REST, Hostplus, AustralianSuper, Australian Retirement Trust, and Insignia Financial’s MLC Expand. Scope of the Cyberattack AustralianSuper, the nation’s largest super fund, […]

The post Australian Pension Funds Hacked: Members Face Financial Losses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Vulnerability assessment is a process that identifies security weaknesses of any IT system, network, application, or cloud environment. It is a proactive approach to detect and fix security gaps before...

The post The Ultimate Guide to Vulnerability Assessment appeared first on Strobes Security.

The post The Ultimate Guide to Vulnerability Assessment appeared first on Security Boulevard.

In a significant update to the popular dynamic instrumentation toolkit Frida, developers have introduced powerful new APIs for advanced threat monitoring and software analysis. These enhancements, released on April 4, 2025, offer security researchers and penetration testers unprecedented capabilities in tracking thread activity, module loading, and performance profiling. Thread Observation Made Easy One of the […]

The post Frida Penetration Testing Toolkit Updated with Advanced Threat Monitoring APIs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Этот код старше интернета, а Гейтс до сих пор гордится каждой строчкой.

39 Million Secrets Leaked on GitHub in 2024 GitHub found 39M secrets leaked in 2024 and launched new tools to help developers and organizations secure sensitive data in code. Microsoft-owned code hosting platform GitHub announced the discovery of 39 million secrets leaked in 2024. The exposure of this sensitive information poses a serious risk to […]

Proton66 становится инкубатором для преступников, начинающих с фейковых антивирусов.

Две старые уязвимости вернулись — и с ними удалённый доступ.

A vulnerability has been found in HCL Connections 7.0/8.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Request Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-42208. The attack can be launched remotely. There is no exploit available.

Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure product that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems. "A stack-based buffer overflow in Ivanti

A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations. The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service. The threat intelligence firm said it