Aggregator

Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. [...]

A burst of global law enforcement actions during the past few weeks marked by a flurry of successful takedowns gives cybercrime experts a jolt of hope.

The post Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe appeared first on CyberScoop.

A vulnerability, which was classified as problematic, was found in Wise Chat Plugin up to 3.3.4 on WordPress. Affected is an unknown function of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to cross site scripting. This vulnerability is traded as CVE-2025-3774. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Infinite Scroll Plugin up to 7.4.0.1 on WordPress. This issue affects some unknown processing of the component HTML Attribute Handler. The manipulation of the argument data-button-label leads to HTML injection. The identification of this vulnerability is CVE-2025-4775. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Blog2Social Plugin up to 8.4.4 on WordPress. This vulnerability affects unknown code. The manipulation of the argument prgSortPostType leads to sql injection. This vulnerability was named CVE-2025-5673. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Apache Tomcat up to 9.0.105/10.1.41/11.0.7. This affects an unknown part of the component Commons FileUpload. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-48976. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenable Agent up to 10.8.4 on Windows. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to incorrect default permissions. This vulnerability is handled as CVE-2025-36632. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Liferay Portal and DXP. It has been declared as very critical. Affected by this vulnerability is an unknown functionality of the component Xuggler. The manipulation of the argument _com_liferay_server_admin_web_portlet_ServerAdminPortlet_jarName leads to path traversal. This vulnerability is known as CVE-2025-3594. The attack can be launched remotely. There is no exploit available.

Authors/Presenters: José Ibañez (CEO at Blind Penguin), Raissa Ibañez (Manager At Blind Penguin)

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: Beyond ARIA Labels What A Blind Film Enthusiast Can Teach Us About Open Source appeared first on Security Boulevard.

Operation DEEP Sentinel has shut down Archetyp Market, the longest-running dark web drug marketplace

A vulnerability was found in Liferay Portal and DXP. It has been classified as critical. Affected is an unknown function of the component HTTP Request Handler. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2025-3526. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Liferay Portal and DXP and classified as critical. This issue affects some unknown processing. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2025-3602. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Apache Tomcat up to 9.0.105/10.1.41/11.0.7 on Windows and classified as critical. This vulnerability affects unknown code of the file icacls.exe of the component Installer. The manipulation leads to untrusted search path. This vulnerability was named CVE-2025-49124. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

Внутри — почти всё, кроме фото паспорта.

A vulnerability, which was classified as critical, was found in Apache Tomcat up to 9.0.105/10.1.41/11.0.7. This affects an unknown part. The manipulation leads to authentication bypass using alternate channel. This vulnerability is uniquely identified as CVE-2025-49125. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apache Tomcat up to 9.0.105/10.1.41/11.0.7. Affected by this issue is some unknown functionality. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2025-48988. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A former GCHQ intern has been sentenced to seven-and-a-half years in prison after copying top secret data files onto his mobile phone and taking them to his home computer, creating what prosecutors described as a significant risk to national security. Hasaan Arshad, 25, a computer science student from Rochdale, Greater Manchester, pleaded guilty at the […]

The post Former GCHQ Intern Jailed for Seven Years After Copying Top Secret Files to Mobile Phone appeared first on Cyber Security News.

An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat." "The ransomware features a 'wipe mode,' which permanently erases files, rendering recovery impossible even if the ransom is paid," Trend Micro researchers Maristel Policarpio, Sarah Pearl Camiling, and

bluerust非我三清弟子，身在北美乡下，却与一众释家相近

Kali Linux 2025.2, the second release of the year, is now available for download with 13 new tools and an expanded car hacking toolkit. [...]