Aggregator

A vulnerability was found in parisneo lollms-webui 13. It has been declared as critical. Affected by this vulnerability is the function forbid_remote_access of the file /api/proxy of the component REST API. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-12766. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in bentoml up to 1.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Request Handler. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2024-12759. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in berriai litellm up to 1.52.1 and classified as problematic. This issue affects some unknown processing of the file proxy_server.py of the component Langfuse API Key Handler. The manipulation leads to exposure of sensitive information through metadata. The identification of this vulnerability is CVE-2025-0330. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in ollama up to 0.3.14 and classified as problematic. This vulnerability affects the function ggufPadding of the component GGUF Model File Handler. The manipulation leads to divide by zero. This vulnerability was named CVE-2025-0317. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in gaizhenbiao ChuanhuChatGPT up to 20240914. This affects an unknown part. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2025-0191. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in aimhubio aim up to 3.25.0. Affected by this issue is some unknown functionality of the component Websocket Message Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2025-0189. The attack may be launched remotely. There is no exploit available.

Минцифры обсуждает послабления для сайтов объявлений.

尼安德特人被认为是食物链顶端的超级食肉动物，吃的肉和鬣狗和洞狮一样多。但根据一项新研究，人类的近亲可能吃了很多蛆虫。研究人员在 1991 年首次发现尼安德特人骨骼化石中氮 15 比例高于氮 14——这通常是高肉食饮食的标志。这表明尼安德特人比食肉的鬣狗和狮子更爱吃肉。但普渡大学的生物人类学家 Melanie Beasle 对此解释提出了异议。人类是不能像狮子那样吃太多肉的，人类主要吃素食，消化系统和代谢系统也是据此演化的。太多的蛋白质会使肝脏中充满氨，氨可能是有毒的，甚至是致命的。所以尼安德特人怎么可能比人类更擅长食肉？另一种解释是他们吃了含有蛆虫的腐肉。腐肉比鲜肉中的氮含量更高，因此可能提高了尼安德特人骨骼中的氮含量。

Third-party cybersecurity incidents are on the rise, but organizations face challenges in mitigating risks arising for the software supply chain, a survey of 200 chief information security officers (CISOs) has found.

The post CISO survey: 6 lessons to boost third-party cyber-risk management appeared first on Security Boulevard.

Annual pentests can leave security gaps that attackers can exploit for months. Learn more from Outpost24 about why continuous penetration testing (PTaaS) offers real-time detection, remediation, and stronger protection. [...]

Rooted devices are 250 times more vulnerable to security incidents, Zimperium warned

Forrester Research has recognized Cloudflare as a Leader in its The Forrester Wave™: Web Application Firewall Solutions, Q1 2025 report.

Answer: Nope. But let's look at the trends — because they matter for security.

Researchers have detected active exploitation attempts targeting two critical vulnerabilities in Cisco’s Smart Licensing Utility that were patched approximately six months ago.  Threat actors leverage these flaws, which could potentially grant unauthorized access to sensitive licensing data and administrative functions. The attacks target two critical vulnerabilities in Cisco Smart Licensing Utility that were disclosed in […]

The post Hackers Exploiting Multiple Cisco Smart Licensing Utility Vulnerabilities appeared first on Cyber Security News.

Critical security vulnerabilities in IBM AIX operating systems could allow unauthorized remote attackers to execute arbitrary commands, potentially compromising the entire system.  IBM has released security patches to address these high-severity flaws affecting multiple Unix-based operating system versions. Security researchers have identified two serious vulnerabilities in IBM AIX systems that pose significant threats to enterprise environments.  […]

The post IBM AIX Vulnerability Let Attackers Execute Arbitrary Commands appeared first on Cyber Security News.

Swiss global solutions provider Ascom has confirmed a cyberattack on its IT infrastructure as a hacker group known as Hellcat targets Jira servers worldwide using compromised credentials. [...]

HP's 8000 Series enterprise and commercial printers, which include Color LaserJet Enterprise MFP 8801, Mono MFP 8601, and LaserJet Pro Mono SFP 8501, will feature new quantum ASICs and endpoint controllers to protect them from future quantum attacks.

Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds. "A vulnerability allowing remote code execution (RCE) by authenticated domain users," the

Госдума рассматривает новые меры защиты.

Dragon RaaS, a ransomware group known for its blend of hacktivism and cybercrime, has emerged as a significant player in the “Five Families” crimeware syndicate. This group, which includes ThreatSec, GhostSec, Blackforums, and SiegedSec, has been making waves since its inception in July 2024 as an offshoot of the Stormous group. Dragon RaaS markets itself […]

The post Dragon RaaS Leading “Five Families” Crimeware with New Initial Access & Exploitation Tactics appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.