Aggregator

六国政府疑似使用以色列Paragon的Graphite间谍软件，窃取即时通讯数据。

Currently trending CVE - Hype Score: 1 - Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

The Chinese Advanced Persistent Threat (APT) group known as Salt Typhoon, also referred to as FamousSparrow, GhostEmperor, Earth Estries, and UNC2286, has been actively targeting critical sectors worldwide. This group has been particularly focused on telecommunications and government entities across the United States, the Asia-Pacific region, the Middle East, and South Africa since at least […]

The post Chinese “Salt Typhoon” Hackers Exploit Exchange Vulnerabilities to Target Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity Relies on Visualization Raw data often tells a story that’s hidden in plain sight. No matter how accurate or comprehensive, numbers on a spreadsheet can easily blur into an incomprehensible haze when patterns and anomalies are buried deep within thousands or millions of rows.  The human brain processes visuals 60,000 times faster than text, […]

The post How Data Visualization Helps Prevent Cyber Attacks appeared first on Centraleyes.

The post How Data Visualization Helps Prevent Cyber Attacks appeared first on Security Boulevard.

Каждое второе зараженное устройство под контролем одного инфостилера.

A vulnerability has been found in Keware Technologies Homeseer 1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2001-0037. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in BoldGrid Post and Page Builder Plugin up to 1.27.6 on WordPress. Affected by this issue is the function template_via_url. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-0859. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in RealMag777 Bear Plugin up to 1.1.4.4 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-26775. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Bosscomm IF740 11001.7078/11001.0000. This issue affects some unknown processing. The manipulation leads to channel accessible by non-endpoint. The identification of this vulnerability is CVE-2025-25728. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Bosscomm IF740 11001.7078/11001.0000. Affected by this issue is some unknown functionality. The manipulation leads to missing encryption of sensitive data. This vulnerability is handled as CVE-2025-25727. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability has been found in NAKIVO Backup & Replication Director and classified as problematic. This vulnerability affects unknown code of the file /c/router. The manipulation leads to absolute path traversal. This vulnerability was named CVE-2024-48248. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in eteubert Podlove Podcast Publisher Plugin up to 4.2.2 on WordPress. It has been rated as problematic. Affected by this issue is the function ajax_transcript_delete. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-1383. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Django up to 4.2.19/5.0.12/5.1.6. Affected by this vulnerability is the function django.utils.text.wrap of the component Template Filter Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-26699. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in realmag777 HUSKY Plugin up to 1.3.6.5 on WordPress and classified as critical. Affected by this issue is the function woof_text_search. The manipulation of the argument template leads to path traversal. This vulnerability is handled as CVE-2025-1661. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in GL-iNet Beryl AX GL-MT3000 4.7.0. This vulnerability affects unknown code of the file /download of the component POST Request Handler. The manipulation of the argument path leads to information disclosure. This vulnerability was named CVE-2025-25684. The attack can only be done within the local network. There is no exploit available.

A vulnerability has been found in Fortinet FortiOS and FortiProxy and classified as critical. Affected by this vulnerability is an unknown functionality of the component CSF Proxy Request Handler. The manipulation leads to authentication bypass using alternate channel. This vulnerability is known as CVE-2025-24472. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in Edimax IC-7100 IP Camera. This affects an unknown part of the component Requests Handler. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-1316. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

AI不会取代人类，而是作为渗透测试工程师的效能倍增器

AI不会取代人类，而是作为渗透测试工程师的效能倍增器

Why the key milestones for PQC migration are part of building and maintaining good cyber security practice.