Aggregator

Submit #587365 / VDB-310663

Submit #587308 / VDB-235825

Submit #587234 / VDB-310662

A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql injection. The identification of this vulnerability is CVE-2025-5368. The attack may be initiated remotely. Furthermore, there is an exploit available.

点击蓝字，关注我们一想到你在关注我就忍不住有点紧张近期，火绒工程师在日常监测安全动态时发现一起利用AI编程工具

AI即万物：ISC.AI 2025的跨越变迁

A sophisticated client-side attack that enables cybercriminals to gain complete control over iPhones through a single malicious WeChat message, highlighting critical vulnerabilities in one of the world’s most popular messaging platforms. The attack, detailed in recent research by cybersecurity firm DARKNAVY, exploits WeChat’s built-in browser components and URL parsing mechanisms to execute remote code without […]

The post New Client-Side Attack Let Attacker Get Complete Control Over iPhone With Single WeChat Message appeared first on Cyber Security News.

A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. This vulnerability was named CVE-2025-5367. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #586911 / VDB-310661

Submit #586862 / VDB-215112

Submit #586814 / VDB-310660

Антивирус не пикнул, потому что фишинг пришёл из доверенного облака.

A vulnerability has been found in Simple Page Access Restriction Plugin up to 1.0.31 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file settings.php. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-5142. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in OpenSheetMusicDisplay Plugin up to 1.4.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument className leads to cross site scripting. This vulnerability is known as CVE-2025-5235. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is known as CVE-2025-4696. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. This affects an unknown part of the file /add-computer.php. The manipulation of the argument compname/comploc leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4226. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

本文提出了一种利用语法和语义分析的新型攻击检测引擎 SWIDE，用于大规模系统性地检测成功的 Web 注入攻击。

The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major crypto losses through fraud infrastructure. The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Philippines-based company Funnull Technology Inc. and its admin Liu Lizhi for enabling romance scams, causing $200M in U.S. victim losses. A romance scam […]

Breaking Out of the Security Mosh Pit When Jason Elrod, CISO of MultiCare Health System, describes legacy healthcare IT environments, he doesn't mince words: "Healthcare loves to walk backwards into the future. And this is how we got here, because there are a lot of things that we could have prepared for that we didn't, because we were so concentrated on where we were." This chaotic approach has