Aggregator

A vulnerability identified as critical has been detected in Google Chrome. The affected element is an unknown function of the component WebRTC. This manipulation causes use after free. This vulnerability is handled as CVE-2025-10501. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

Хакерам достаточно знать обычный пароль чтобы получить абсолютную власть над системой.

A vulnerability described as critical has been identified in Mozilla Bugzilla up to 2.14. This affects an unknown function of the component Security Check. Executing manipulation can lead to improper privilege management. The identification of this vulnerability is CVE-2001-1407. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Cherokee httpd up to 0.2.6. This affects an unknown part of the component Port Binding Handler. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2001-1433. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in ISC INN up to 2.2.3. It has been rated as problematic. This impacts an unknown function of the component innfeed. This manipulation causes memory corruption. This vulnerability is tracked as CVE-2001-1442. The attack is restricted to local execution. Moreover, an exploit is present. Upgrading the affected component is advised.

A vulnerability was found in Novell GroupWise 5.5/6.0. It has been rated as problematic. This vulnerability affects unknown code of the file /servlet/webacc?user.html. Performing manipulation with the input .. results in path traversal. This vulnerability was named CVE-2001-1458. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

 Cisco released an advisory describing a high-severity vulnerability (CVE-2025-20160) in its IOS and IOS XE platforms. The flaw stems from improper validation of the TACACS+ shared secret configuration. When TACACS+ is enabled but no secret is set, remote attackers or machine-in-the-middle adversaries can intercept or manipulate authentication messages. Successful exploitation grants unauthorized access to confidential […]

The post Cisco IOS/XE Vulnerability Allows Unauthorized Access to Confidential Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical path traversal flaw in ZendTo has been assigned CVE-2025-34508 researchers discovered that versions 6.15–7 and prior enable authenticated users to manipulate file paths and retrieve sensitive data from the host system.  This issue underscores the persistent risk in web-based file transfer applications. Path Traversal Vulnerability (CVE-2025-34508) ZendTo is a PHP-driven dropoff or pickup […]

The post ZendTo Vulnerability Let Attackers Bypass Security Controls and Access Sensitive Data appeared first on Cyber Security News.

A vulnerability categorized as critical has been discovered in ZZZCMS zzzphp 1.6.1. Affected by this issue is the function parserIfLabel of the file inc/zzz_template.php. Such manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2019-9041. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in YouPHPTube up to 7.2 and classified as critical. This affects an unknown part of the file plugin/Audit/Objects/AuditTable.php. This manipulation causes sql injection. This vulnerability is registered as CVE-2019-14430. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in SibSoft Xfilesharing up to 2.5.1. It has been classified as critical. Affected is an unknown function. This manipulation of the argument tmpl causes path traversal. This vulnerability is tracked as CVE-2019-18951. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in Django up to 1.11.26/2.2.8/3.0.0. Affected by this issue is some unknown functionality of the component Password Reset. Such manipulation leads to weak password recovery. This vulnerability is referenced as CVE-2019-19844. It is possible to launch the attack remotely. Furthermore, an exploit is available. The affected component should be upgraded.

A vulnerability classified as critical has been found in WPGraphQL Plugin 0.2.3 on WordPress. This issue affects some unknown processing of the component User Registration. This manipulation causes missing authentication. This vulnerability is handled as CVE-2019-9879. The attack can be initiated remotely. Additionally, an exploit exists.

SetupHijack, an open-source research utility, has emerged as a powerful method for red teaming and security research by targeting race conditions and insecure file handling within Windows installer and update mechanisms.  By polling world-writable directories such as %TEMP%, %APPDATA%, and %USERPROFILE%\Downloads, the tool intercepts installer‐dropped payloads before they execute with elevated privileges, enabling full SYSTEM […]

The post SetupHijack Tool Exploits Race Conditions and Insecure File Handling in Windows Installer Processes appeared first on Cyber Security News.

A pair of malicious Rust crates masquerading as the popular fast_log library have been uncovered, harvesting private Solana and Ethereum keys from developers’ environments. The impostor crates include legitimate-looking logging functionality to evade detection, while a hidden routine scans source files for wallet keys and exfiltrates them to a hardcoded command-and-control (C2) endpoint. Between them, […]

The post New Malicious Rust Crates Impersonate fast_log to Steal Solana and Ethereum Wallet Keys appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

用 AI 再一次，「让天下没有难做的生意」。

这个漏洞的思路可以说很顶级了，简直无敌，主要是通过传入 jar 替换数据库驱动，但是 jar 又是我们修改过的 jar，然后导致执行里面的一些方法，导致了 rce

A critical vulnerability in the popular file-sharing tool ZendTo allows authenticated users to traverse system paths and access or modify sensitive files belonging to other users. The flaw, tracked as CVE-2025-34508, affects ZendTo versions 6.15-7 and earlier. An attacker can exploit this issue to read server logs, user data, or even critical application files. ZendTo […]

The post ZendTo Flaw Lets Attackers Bypass Security Controls to Access Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

BRICKSTORM has surfaced as a highly evasive backdoor targeting organizations within the technology and legal industries, exploiting trust relationships to infiltrate critical networks. First detected in mid-2025, this malware leverages multi-stage loaders and covert communication channels to avoid detection. Early victims reported unusual latency in remote desktop sessions, prompting deeper forensic investigations. As the campaign […]

The post New BRICKSTORM Stealthy Backdoor Attacking Tech and Legal Sectors appeared first on Cyber Security News.

Как китайский BRICKSTORM сделал дорогую защиту бессмысленной.