Aggregator

Submit #628786 / VDB-320526

A vulnerability categorized as problematic has been discovered in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The identification of this vulnerability is CVE-2025-9146. The attack may be launched remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Уязвимости «РЕД Базы Данных» будут искать на Standoff Bug Bounty.

A sophisticated new threat campaign has emerged targeting cryptocurrency developers through malicious npm packages designed to steal sensitive credentials and wallet information. The attack, dubbed “Solana-Scan” by researchers, specifically targets the Solana cryptocurrency ecosystem by masquerading as legitimate software development kits and scanning tools. The campaign centers around multiple malicious npm packages, including “solana-pump-test” and […]

The post Crypto Developers Attacked With Malicious npm Packages to Steal Login Details appeared first on Cyber Security News.

A vulnerability was found in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. It has been rated as problematic. Impacted is the function netem_enqueue. Performing manipulation results in uncontrolled recursion. This vulnerability was named CVE-2025-38553. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Scada-LTS 2.7.8.1. It has been declared as problematic. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-9145. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Scada-LTS 2.7.8.1. It has been classified as problematic. This vulnerability affects unknown code of the file publisher_edit.shtm. This manipulation of the argument Name causes cross site scripting. This vulnerability is handled as CVE-2025-9144. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Scada-LTS 2.7.8.1 and classified as problematic. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. This vulnerability is known as CVE-2025-9143. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #628642 / VDB-320525

A vulnerability labeled as problematic has been found in Brother Industries/Toshiba Tec Driver Installer on Windows. The impacted element is an unknown function. The manipulation results in files or directories accessible. This vulnerability was named CVE-2025-49797. The attack needs to be approached locally. There is no available exploit.

Submit #628448 / VDB-320523

Submit #628445 / VDB-320522

Submit #628437 / VDB-320521

A sophisticated threat campaign dubbed “Solana-Scan” has emerged, deploying malicious npm packages aimed at infiltrating the Solana cryptocurrency ecosystem. Identified by the Safety research team through advanced malicious package detection technology, this operation involves a threat actor operating under the handle “cryptohan” and associated with the email [email protected]. The actor has published packages masquerading as […]

The post Malicious npm Packages Target Crypto Developers to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz Life in July. [...]

作者：Yuhan Zhi,Longtian Wang,Xiaofei Xie,Chao Shen,Qiang Hu,Xiaohong Guan 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2508.05681v1 摘要 主动学习（AL）作为一种代表性的标签高效学习范式，已在资源受限场景中得到广泛应用。AL的成功归功于获取函数，这些函数旨在识别出最...

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Trend Micro Apex One flaw, tracked as CVE-2025-54948, to its Known Exploited Vulnerabilities (KEV) catalog. Early this month, Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025-54948 and […]

Маск хотел сделать умного ассистента, а получил чат-бота, заражённого безумием 4chan.

Разведка поддоменов теперь занимает минуты вместо часов.

A vulnerability, which was classified as critical, has been found in Taxi Booking Manager for Woocommerce Plugin up to 1.3.0 on WordPress. This issue affects some unknown processing. This manipulation causes missing authorization. This vulnerability is registered as CVE-2025-8898. Remote exploitation of the attack is possible. No exploit is available.