Aggregator

Two NHS England trusts could see highly sensitive patient records exposed

Alleged Data Breach of Universidad Pedagógica Experimental Libertador (UPEL)

ACTF2025 Web 全解

A newly disclosed critical vulnerability (CVE-2025-4009) in Evertz’s Software Defined Video Network (SDVN) product line exposes a wide range of broadcasting infrastructure to unauthenticated remote code execution. The flaw, uncovered by ONEKEY Research Labs, affects the core web administration interface shared by multiple Evertz devices, putting global media operations at risk. Unauthenticated Arbitrary Command Injection […]

The post Evertz SDN Vulnerabilities Enable Unauthenticated Arbitrary Command Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A spoofed Bitdefender site has been used in a malicious campaign distributing VenomRAT and other malware, according to DomainTools

Author/Presenter: Kenton McDonough

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – PasswordsCon – Zero Downtime Credential Rotation appeared first on Security Boulevard.

As digital transformation accelerates across industries, the cybersecurity landscape is changing. 2025 marks a pivotal moment, with organizations worldwide facing increasingly sophisticated cyber threats, regulatory demands, and technological disruptions. Here’s a deep dive into the trends shaping the future of cybersecurity, the challenges they present, and how industry leaders are responding. AI: The Double-Edged Sword […]

The post The Future of Cybersecurity – Trends Shaping the Industry appeared first on Cyber Security News.

Russia’s GRU-backed APT28, widely known as Fancy Bear, has intensified its cyber espionage campaign against NATO-aligned organizations. Active since at least 2007, this notorious threat actor has been attributed to a series of sophisticated attacks targeting critical infrastructure, government entities, and logistics firms across the United States, United Kingdom, Germany, Canada, Poland, Ukraine, and other […]

The post Russian APT28 Hackers Attacking NATO-aligned Organizations to Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Traefik up to 1.7.34/2.11.24/3.4.0. It has been classified as critical. This affects an unknown part of the component URL Encoding. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-47952. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Avast Business Antivirus 4.5.1 on Linux and classified as critical. Affected by this issue is the function do_update_vps. The manipulation leads to files or directories accessible. This vulnerability is handled as CVE-2025-4134. Local access is required to approach this attack. There is no exploit available.

A vulnerability has been found in alexei-led aws-mcp-server up to 1.2.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-5277. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apache Commons BeanUtils up to 1.10.x/2.0.0-/1. Affected is the function getProperty of the component org.apache.commons. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-48734. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Devolutions Server up to 2024.3.15.0/2025.1.7.0. This issue affects some unknown processing of the component PAM JIT Request Handler. The manipulation leads to incorrect privilege assignment. The identification of this vulnerability is CVE-2025-4493. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical was found in SourceCodester Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the component Image Handler. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2025-45997. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Real Easy Store. This affects an unknown part of the file /index.php?a=search. The manipulation of the argument keyword leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-40651. It is possible to initiate the attack remotely. There is no exploit available.

Three critical vulnerabilities in XenServer VM Tools for Windows allow attackers to execute arbitrary code and escalate privileges within guest operating systems.  The flaws, identified as CVE-2025-27462, CVE-2025-27463, and CVE-2025-27464, affect all versions of XenServer VM Tools for Windows before 9.4.1. The vulnerabilities were publicly disclosed as part of Xen Security Advisory, prompting immediate action […]

The post XenServer VM Tools for Windows Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Citrix has issued a high-severity security bulletin addressing multiple vulnerabilities—CVE-2025-27462, CVE-2025-27463, and CVE-2025-27464—affecting XenServer VM Tools for Windows. These vulnerabilities allow attackers with the ability to execute arbitrary unprivileged code within a guest Windows VM to escalate privileges and compromise that VM. The affected platforms include Windows VMs running on XenServer 8.4 and Citrix Hypervisor […]

The post XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Major tech companies now generate 30% of code with AI. Explore the dramatic shift from manual coding to AI orchestration—and why the next 3 years will transform who can build software.

The post The Evolution of Software Development: From Machine Code to AI Orchestration appeared first on Security Boulevard.

The Czech Republic says the Chinese-backed APT31 hacking group was behind cyberattacks targeting the country's Ministry of Foreign Affairs and critical infrastructure organizations. [...]