Aggregator

Submit #546223 / VDB-303261

A vulnerability has been found in element-hq element-x-ios up to 25.03.7 and classified as problematic. This vulnerability affects unknown code of the file element.json. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-31126. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in vitejs vite up to 4.5.11/5.4.16/6.0.13/6.1.3/6.2.4. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-31486. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in element-hq element-x-android up to 25.03.3. Affected by this issue is some unknown functionality of the file element.json. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-31127. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in api-platform core up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component JSON Handler. The manipulation leads to information exposure through error message. This vulnerability is known as CVE-2023-47639. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in OpenEMR 7.0.2. Affected is an unknown function of the file \openemr\library\classes\Pharmacy.class.php. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-22611. It is possible to launch the attack remotely. There is no exploit available.

Discover how Kaseya 365 User enhances end-user protection and prevents threats before they cause damage.

The post Protecting Users: Prevent and Stop Cyberthreats Before They Start With Kaseya 365 User appeared first on Kaseya.

The post Protecting Users: Prevent and Stop Cyberthreats Before They Start With Kaseya 365 User appeared first on Security Boulevard.

Technology Giant Accused of Using 'Wordplay' to Previously Deny Breach Reports
Cybersecurity experts have slammed Oracle's handling of a large data breach that it's reportedly confirming to 140,000 affected cloud infrastructure clients - but only verbally, and not in writing - following nearly two weeks of it having denied that any such breach occurred.

Also: SEC Drops Kraken, Consensys and Cumberland DRW Lawsuits
This week, hack stats, Hamas crypto funds seizure, conclusion of Kraken, Consensys and Cumberland DRW lawsuits, Kentucky dropped its Coinbase suit, Trump pardoned BitMex co-founders, Lazarus's new tactics, and Crocodilus malware's crypto targets.

Enthusiasm for AI Development Is Outpacing Discussions on Safety
Google DeepMind executives outlined an approach to artificial general intelligence safety, warning of "severe harm" that can "permanently destroy humanity" if safeguards are not put in place before advanced artificial intelligence systems emerge. AGI could arrive by 2030, they predict.

Фосфид ниобия может заменить медь, обеспечивая лучшую производительность в электронике.

A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability was patched by Ivanti in ICS 22.7R2.6, released on February 11, 2025. But, apparently, the threat actor studied the patch and “uncovered through a complicated process, [that] it was possible to exploit 22.7R2.5 and earlier … More →

The post Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) appeared first on Help Net Security.

Гибкий сенсор за секунды определит: в организме что-то пошло не по плану.

Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. [...]

Dark Storm Team Targeted the Website of LastPass

Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. "These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection," Microsoft said in a report shared with The

Een Chinook-transporthelikopter is zojuist opgestegen voor het blussen van een grote natuurbrand. Die is eerder vandaag uitgebroken ten noorden van Ede, niet ver van de Ginkelse Heide. Het vuur verspreidt zich snel. De brandweer heeft het vuur nog niet onder controle. Defensie schiet daarom te hulp. Inmiddels is duidelijk dat de brand is ontstaan door een oefenende eenheid van de Koninklijke Landmacht. De Koninklijke Marechaussee doet nader onderzoek.

Почему девочки страдают сильнее и как искоренить проблему?

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Rock Identification’ appeared first on Security Boulevard.