Aggregator

Telephone-Oriented Attack Delivery Social Engineering Tactic Thrives
The phishing industry is a never ending source of innovation. Cyber fraudsters are determined to sneak their way into your inbox. Recent attacks involve callback phishing, a social engineering tactic designed to break down victims' defenses by spurring them into calling the scammers themselves.

Also: Dismantling a 460 Million Euro Crypto Fraud Network
This week, a peek into Iran's largest crypto exchange blending privacy, scale and sanctions evasion, Europol and Spanish police dismantled a crypto fraud network, $9.5M Resupply hack, sentencing in a $40M ponzi scheme and a North Korean crypto theft and employment fraud ring.

Cybercrime Experts Greet Announcement With Skepticism
Hunters International said Thursday it closed shop, provoking skepticism among cybercrime experts who said it's more likely the Russian-speaking hackers behind the ransomware group will start up again under a new brand name. "Ransomware groups often rebrand themselves."

Latest Medical Device Vendor to Disclose a Recent Cyber Incident
A Minnesota maker of catheters notified federal regulators it is recovering from a cyberattack discovered in early June that rendered a portion of its IT systems and data inaccessible. Threat actors gained unauthorized access to some IT systems making certain systems and data unavailable.

A vulnerability classified as problematic has been found in Mitsubishi Electric FX5U-32MT-ES, FX5U-32MT-DS, FX5U-32MT-ESS, FX5U-32MT-DSS, FX5U-32MR-ES, FX5U-32MR-DS, FX5U-64MT-ES, FX5U-64MT-DS, FX5U-64MT-ESS, FX5U-64MT-DSS, FX5U-64MR-ES, FX5U-64MR-DS, FX5U-80MT-ES, FX5U-80MT-DS, FX5U-80MT-ESS, FX5U-80MT-DSS, FX5U-80MR-ES, FX5U-80MR-DS, FX5UC-32MT-D, FX5UC-32MT-DSS, FX5UC-64MT-D, FX5UC-64MT-DSS, FX5UC-96MT-D, FX5UC-96MT-DSS, FX5UC-32MT-DS-TS, FX5UC-32MT-DSS-TS, FX5UC-32MR-DS-TS, FX5UJ-24MT-ES, FX5UJ-24MT-DS, FX5UJ-24MT-ESS, FX5UJ-24MT-DSS, FX5UJ-24MR-ES, FX5UJ-24MR-DS, FX5UJ-40MT-ES, FX5UJ-40MT-DS, FX5UJ-40MT-ESS, FX5UJ-40MT-DSS, FX5UJ-40MR-ES, FX5UJ-40MR-DS, FX5UJ-60MT-ES, FX5UJ-60MT-DS, FX5UJ-60MT-ESS, FX5UJ-60MT-DSS, FX5UJ-60MR-ES, FX5UJ-60MR-DS, FX5UJ-24MT-ES-A, FX5UJ-24MR-ES-A, FX5UJ-40MT-ES-A, FX5UJ-40MR-ES-A, FX5UJ-60MT-ES-A, FX5UJ-60MR-ES-A, FX5S-30MT-ES, FX5S-30MT-DS, FX5S-30MT-ESS, FX5S-30MT-DSS, FX5S-30MR-ES, FX5S-30MR-DS, FX5S-40MT-ES, FX5S-40MT-DS, FX5S-40MT-ESS, FX5S-40MT-DSS, FX5S-40MR-ES, FX5S-40MR-DS, FX5S-60MT-ES, FX5S-60MT-DS, FX5S-60MT-ESS, FX5S-60MT-DSS, FX5S-60MR-ES, FX5S-60MR-DS, FX5S-80MT-ES, FX5S-80MT-ESS, FX5S-80MR-ES and FX5-CCLGN-MS 5.3. Affected is an unknown function. The manipulation leads to overly restrictive account lockout mechanism. This vulnerability is traded as CVE-2025-5241. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Cockpit up to 2.11.3. It has been rated as problematic. This issue affects some unknown processing of the file /system/users/save. The manipulation of the argument name/email leads to cross site scripting. The identification of this vulnerability is CVE-2025-7053. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and acted very professional. A patch and new release was made available very quickly.

A vulnerability was found in Easy Restaurant Menu Manager Plugin up to 2.0.1 on WordPress. It has been declared as problematic. This vulnerability affects the function nsc_eprm_menu_link of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-6673. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Premium Addons for Elementor Plugin up to 4.10.69 on WordPress. It has been classified as problematic. This affects an unknown part of the component Mobile Menu Element. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11937. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in StarCitizenTools mediawiki-skins-Citizen up to 3.3.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-53368. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #605594 / VDB-314819

A vulnerability has been found in WPCenter AiBud WP Plugin up to 1.8.5 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-23968. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in berriai litellm 1.65.4. Affected is an unknown function of the file /key/block. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-45809. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in ABB RMC-100 and RMC-100 LITE. This issue affects some unknown processing of the component MQTT Handler. The manipulation leads to use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2025-6071. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in ABB RMC-100 and RMC-100 LITE. This vulnerability affects unknown code of the component REST Interface. The manipulation leads to use of hard-coded cryptographic key . This vulnerability was named CVE-2025-6074. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in ABB RMC-100 and RMC-100 LITE. This affects an unknown part of the component REST Interface. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-6073. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ABB RMC-100 and RMC-100 LITE. It has been rated as critical. Affected by this issue is some unknown functionality of the component REST Interface. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-6072. The attack may be launched remotely. There is no exploit available.

Генетические сигналы плаценты оказались гораздо древнее, чем считалось.

A vulnerability was found in JKDEVKIT Plugin up to 1.9.4 on WordPress. It has been rated as problematic. Affected by this issue is the function font_upload_handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-2932. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in ThickBox JavaScript Library Plugin up to 3.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-2537. It is possible to launch the attack remotely. There is no exploit available.