Aggregator

Silver Spring, USA / Maryland, 26th August 2025, CyberNewsWire

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2025-7775 Citrix NetScaler Memory Overflow Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA released three Industrial Control Systems (ICS) advisories on August 26, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-238-01 INVT VT-Designer and HMITool
• ICSA-25-238-03 Schneider Electric Modicon M340 Controller and Communication Modules
• ICSA-25-140-03 Danfoss AK-SM 8xxA Series (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Cybersecurity researchers have identified a resurgence of SpyNote malware campaigns targeting Android users through sophisticated fake Google Play Store websites. The malicious actor behind these attacks has implemented new anti-analysis techniques and expanded their deceptive tactics since previous reports, demonstrating a persistent threat to mobile device security. Deceptive Campaign Hits Popular Apps The threat actor […]

The post Beware! Fake Google Play Store Sites Used to Spread Android Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

马斯克(Elon Musk')旗下 AI 初创公司 xAI 起诉苹果和 OpenAI，指控两家公司非法合谋阻碍 AI 领域的竞争。由于 xAI 的 AI 聊天机器人 Grok 在苹果 App Store 应用排行榜中排名低于 OpenAI 的 ChatGPT，马斯克此前通过社交媒体公开抨击了苹果和 OpenAI。xAI 在德州联邦法庭起诉苹果和 OpenAI 合谋打压 AI 领域的竞争对手。OpenAI 发言人表示此举符合马斯克一贯的骚扰模式。

马斯克旗下xAI起诉苹果和OpenAI非法合谋阻碍AI竞争。因Grok在App Store排名低于ChatGPT引发公开批评后，在德州联邦法庭提起诉讼。OpenAI称此举符合马斯克一贯的骚扰模式。

A vulnerability was found in 1000projects Online Project Report Submission and Evaluation System 1.0. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the file /rse/admin/edit_faculty.php?id=2. This manipulation of the argument Name causes cross site scripting. This vulnerability is tracked as CVE-2025-9439. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in 1000projects Online Project Report Submission and Evaluation System 1.0. It has been declared as problematic. Affected by this issue is some unknown functionality of the file /admin/add_title.php. Such manipulation of the argument Title leads to cross site scripting. This vulnerability is listed as CVE-2025-9440. The attack may be performed from a remote location. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account can lead to buffer overflow. This vulnerability is registered as CVE-2025-9443. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability identified as critical has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/delete_group_student.php. The manipulation of the argument batch_id leads to sql injection. This vulnerability is documented as CVE-2025-9444. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in itsourcecode Apartment Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /bill/add_bill.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-9468. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been classified as critical. Affected by this issue is some unknown functionality of the file /fund/add_fund.php. Performing manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2025-9469. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been declared as critical. This affects an unknown part of the file /management/add_m_committee.php. Executing manipulation of the argument ID can lead to sql injection. The identification of this vulnerability is CVE-2025-9470. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been rated as critical. This vulnerability affects unknown code of the file /maintenance/add_maintenance_cost.php. The manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2025-9471. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in Vibes Plugin up to 2.2.0 on WordPress. This affects an unknown function. Executing manipulation of the argument resource can lead to sql injection. This vulnerability is registered as CVE-2025-9172. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as critical has been reported in Dokan Pro Plugin up to 4.0.5 on WordPress. This affects an unknown part. This manipulation causes weak password recovery. This vulnerability is tracked as CVE-2025-5931. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2025-9472. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of the argument msg leads to sql injection. This vulnerability is documented as CVE-2025-9473. The attack can be initiated remotely. Additionally, an exploit exists.

Новая брешь в Gemini — это наш «нулевой день», но только для изображений.

A vulnerability labeled as critical has been found in Eaton Network M2 up to 3.0.3. This vulnerability affects unknown code of the component NTP Server Configuration Handler. Such manipulation leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-22495. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.