Aggregator

A vulnerability, which was classified as problematic, was found in Directus up to 11.4.x. Affected is an unknown function of the component HEAD Request Handler. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-30350. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Directus up to 11.4.x. This issue affects some unknown processing. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2025-30225. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Icinga icingaweb2 up to 2.11.4/2.12.2. This vulnerability affects unknown code of the component Command-Line Interface. The manipulation leads to open redirect. This vulnerability was named CVE-2025-30164. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Frappe up to 14.93.1/15.54.x. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-30217. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Icinga icingaweb2 up to 2.11.4/2.12.2. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-27609. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Track, measure, and prove your AppSec impact with the Mend.io Value Dashboard.

The post Introducing the Mend.io Value Dashboard: Measure and Showcase Your Security Impact appeared first on Security Boulevard.

Benchmark Results From Google Show Gemini 2.5 Outperforming Rivals
Google introduced on Tuesday its "most intelligent" AI reasoning model yet, designed to pause and "think" before responding. The model ships with a 1 million-token context window, capable of processing about 750,000 words in a single input - more than the entire Lord of the Rings series.

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé!

Permalink

The post Comic Agilé – Luxshan Ratnaravi, Mikkel Noe-Nygaard – #330 — AI For Job Hunting appeared first on Security Boulevard.

A new malware strain called IOCONTROL has emerged, posing a significant threat to Internet of Things (IoT) devices and operational technology (OT) systems, particularly those in critical infrastructure. First observed in December 2024, IOCONTROL is allegedly created by the anti-Israeli and pro-Iranian hacktivist group “Cyber Av3ngers.” Technical Analysis Reveals Sophisticated Capabilities IOCONTROL employs advanced techniques […]

The post New IOCONTROL Malware Let Attackers Control Critical Infrastructure & Gain Remote Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors. "FamousSparrow

A sophisticated new malware strain dubbed SectopRAT has emerged, leveraging Cloudflare’s Turnstile challenge system as part of its attack methodology. This Remote Access Trojan specifically targets Windows users through a multi-staged infection process that begins with seemingly legitimate CAPTCHA verification prompts. The malware exploits the trust users place in Cloudflare’s security mechanisms to deliver its […]

The post SectopRAT as Weaponized Cloudflare Turnstile Challenge Attacks Windows Users appeared first on Cyber Security News.

Что порождает хаос в скоплении людей и как его избежать.

In its 2025 Global Third-Party Breach Report, SecurityScorecard has found that 35.5% of all cyber breaches in 2024 were third-party related, up from 29% in 2023

A vulnerability was found in Exim up to 4.98.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is known as CVE-2025-30232. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Driving Directions Plugin up to 1.4.4 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-28903. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Omnify Plugin up to 2.0.3 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-28882. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Fiverr Official Search Box Plugin up to 1.0.8 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-28885. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in gravity2pdf Gravity 2 PDF Plugin up to 3.1.3 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-28911. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Lightview Plus Plugin up to 3.1.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-28890. The attack may be launched remotely. There is no exploit available.