DDoS как услуга. И как сервис. Обнаружен новый ботнет ShadowV2, который превращает облачные контейнеры в узлы для атак.
ShadowV2 действует по принципам, которые ставят в тупик даже опытных аналитиков.
Aggregator
VDB-325686 | Amazon AWS Bedrock Model access control
4 months 2 weeks ago
A vulnerability has been found in Amazon AWS and classified as critical. This affects an unknown function of the component Bedrock Model Handler. The manipulation leads to improper access controls.
Remote exploitation of the attack is possible. No exploit is available.
This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves.
vuldb.com
Lynx
4 months 2 weeks ago
You must login to view this content
cohenido
Building a stronger SOC through AI augmentation
4 months 2 weeks ago
In this Help Net Security interview, Tim Bramble, Director of Threat Detection and Response at OpenText, discusses how SOC teams are gaining value from AI in detecting and prioritizing threats. By learning what “normal” looks like across users and systems, AI helps surface anomalies that rules-based methods often miss. Bramble explains that the greatest value comes from human-AI collaboration, with automation providing insights and analysts applying the judgment and context needed for action. Where exactly … More →
The post Building a stronger SOC through AI augmentation appeared first on Help Net Security.
Mirko Zorz
CVE-2025-10894 | nx devkit backdoor
4 months 2 weeks ago
A vulnerability, which was classified as critical, was found in nx. The impacted element is an unknown function of the component devkit. Executing manipulation can lead to backdoor.
The identification of this vulnerability is CVE-2025-10894. The attack may be launched remotely. There is no exploit available.
vuldb.com
GEEKCON 2025 赛程议题公布!
4 months 2 weeks ago
种下一颗不让世界变坏的念头,10月24日上海见
新型Rowhammer攻击变种可绕过SK Hynix DDR5内存最新防护机制
4 months 2 weeks ago
目前,Phoenix攻击所利用的漏洞已被标记为CVE-2025-6202,危险等级为“高”。
新型Rowhammer攻击变种可绕过SK Hynix DDR5内存最新防护机制
4 months 2 weeks ago
当前环境出现异常,需完成验证后方可继续访问。
GEEKCON 2025 赛程议题公布!
4 months 2 weeks ago
当前环境出现异常,需完成验证后才能继续访问。
CVE-2025-9353 | Themify Builder Plugin up to 7.6.9 on WordPress several cross site scripting
4 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in Themify Builder Plugin up to 7.6.9 on WordPress. The affected element is an unknown function. Performing manipulation of the argument several results in cross site scripting.
This vulnerability was named CVE-2025-9353. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-9054 | MultiLoca Plugin up to 4.2.8 on WordPress Setting wcmlim_settings_ajax_handler authorization
4 months 2 weeks ago
A vulnerability classified as critical was found in MultiLoca Plugin up to 4.2.8 on WordPress. Impacted is the function wcmlim_settings_ajax_handler of the component Setting Handler. Such manipulation leads to missing authorization.
This vulnerability is uniquely identified as CVE-2025-9054. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2025-56146 | Indian Bank IndSMART Android App 3.8.1 on Android NuWebViewActivity certificate validation
4 months 2 weeks ago
A vulnerability classified as critical has been found in Indian Bank IndSMART Android App 3.8.1 on Android. This issue affects some unknown processing of the component NuWebViewActivity. This manipulation causes improper certificate validation.
This vulnerability is handled as CVE-2025-56146. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2025-8410 | RTI Connext Professional 7.5.x Security Plugins use after free
4 months 2 weeks ago
A vulnerability described as critical has been identified in RTI Connext Professional 7.5.x. This vulnerability affects unknown code of the component Security Plugins. The manipulation results in use after free.
This vulnerability is known as CVE-2025-8410. Attacking locally is a requirement. No exploit is available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2025-57636 | D-Link C1 2020-02-21 jHTTPd sub_47F028 Time os command injection
4 months 2 weeks ago
A vulnerability marked as critical has been reported in D-Link C1 2020-02-21. This affects the function sub_47F028 of the component jHTTPd. The manipulation of the argument Time leads to os command injection.
This vulnerability is traded as CVE-2025-57636. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-57638 | Tenda AC9 1.0 Configuration sys.vendor buffer overflow
4 months 2 weeks ago
A vulnerability labeled as critical has been found in Tenda AC9 1.0. Affected by this issue is some unknown functionality of the component Configuration Handler. Executing manipulation of the argument sys.vendor can lead to buffer overflow.
This vulnerability appears as CVE-2025-57638. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2025-52905 | TOTOLINK X6000R up to V9.4.0cu.1360_B20241207 denial of service
4 months 2 weeks ago
A vulnerability identified as problematic has been detected in TOTOLINK X6000R up to V9.4.0cu.1360_B20241207. Affected by this vulnerability is an unknown functionality. Performing manipulation results in denial of service.
This vulnerability is reported as CVE-2025-52905. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-43779 | Liferay Portal/DXP cross site scripting (EUVD-2025-30939 / WID-SEC-2025-2118)
4 months 2 weeks ago
A vulnerability categorized as problematic has been discovered in Liferay Portal and DXP. Affected is an unknown function. Such manipulation of the argument _com_liferay_commerce_product_definitions_web_internal_portlet_CPDefinitionsPortlet_productTypeName leads to cross site scripting.
This vulnerability is documented as CVE-2025-43779. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2025-56311 | Shenzhen C-Data Technology FD602GW-DX-R410 2.2.14 Web Management Interface formReboot cross-site request forgery
4 months 2 weeks ago
A vulnerability was found in Shenzhen C-Data Technology FD602GW-DX-R410 2.2.14. It has been rated as problematic. This impacts an unknown function of the file /boaform/admin/formReboot of the component Web Management Interface. This manipulation causes cross-site request forgery.
This vulnerability is registered as CVE-2025-56311. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-29083 | CSZ-CMS 1.3.0 Plugin_Manager.php execSqlFile sql injection
4 months 2 weeks ago
A vulnerability was found in CSZ-CMS 1.3.0. It has been declared as critical. This affects the function execSqlFile of the file Plugin_Manager.php. The manipulation results in sql injection.
This vulnerability is cataloged as CVE-2025-29083. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-21935 | AMD Instinct MI300X BKC 24.08 Satellite Management Controller unexpected data type
4 months 2 weeks ago
A vulnerability was found in AMD Instinct MI300X BKC 24.08. It has been classified as problematic. The impacted element is an unknown function of the component Satellite Management Controller. The manipulation leads to improper handling of unexpected data type.
This vulnerability is listed as CVE-2024-21935. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com