Aggregator

Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim

A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. This vulnerability is handled as CVE-2025-2607. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #518384 / VDB-298555

Submit #518307 / VDB-299872

Submit #518281 / VDB-298815

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/soulwinning_crud.php. The manipulation of the argument photo/photo1 leads to unrestricted upload. This vulnerability is known as CVE-2025-2606. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #518103 / VDB-298814

Submit #518021 / VDB-300590

Valve has removed a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with information stealing malware. [...]

A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_act.php. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2025-2604. It is possible to launch the attack remotely. Furthermore, there is an exploit available.