DragonForce
You must login to view this content
Aggregator
The Detection Series: Initial Access
7 months 1 week ago
Red Canary
“CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation
7 months 1 week ago
Critical flaw in Citrix NetScaler devices echoes infamous 2023 security breach that crippled major organizations worldwide. The new critical vulnerability in Citrix NetScaler devices has security experts warning of potential widespread exploitation, drawing alarming parallels to the devastating “CitrixBleed” attacks that plagued organizations in 2023. The vulnerability, tracked as CVE-2025-5777 and dubbed “CitrixBleed 2,” allows […]
The post “CitrixBleed 2” Vulnerability PoC Released – Warns of Potential Widespread Exploitation appeared first on Cyber Security News.
Guru Baran
如何利用ai辅助挖漏洞
7 months 1 week ago
Submit #607209: Bludit 3.16.2 Unrestricted Upload [Duplicate]
7 months 1 week ago
Submit #607209 / VDB-231710
Submit #607203: Bludit 3.16.2 Improper Neutralization of Alternate XSS Syntax [Duplicate]
7 months 1 week ago
Submit #607203 / VDB-254051
CVE-2025-7080 | Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17 JWT Token jwt_utils.go accessSecret/refreshSecret hard-coded password (EUVD-2025-20136)
7 months 1 week ago
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret with the input jank-blog-secret/jank-blog-refresh-secret leads to use of hard-coded password.
This vulnerability is traded as CVE-2025-7080. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
vuldb.com
CVE-2025-7079 | mao888 bluebell-plus up to 2.3.0 JWT Token jwt.go mySecret hard-coded password (Issue 35 / EUVD-2025-20137)
7 months 1 week ago
A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plus leads to use of hard-coded password.
The identification of this vulnerability is CVE-2025-7079. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
Submit #603746: https://github.com/Done-0 https://github.com/Done-0/Jank 9b7b0cb Authorization Bypass [Accepted]
7 months 1 week ago
Submit #603746 / VDB-314994
Tritium
Submit #603726: https://github.com/mao888 https://github.com/mao888/bluebell-plus v2.3.0 Authorization Bypass [Accepted]
7 months 1 week ago
Submit #603726 / VDB-314993
Tritium
CVE-2025-7078 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 1.3.9 cross-site request forgery (EUVD-2025-20135)
7 months 1 week ago
A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery.
This vulnerability was named CVE-2025-7078. The attack can be initiated remotely. Furthermore, there is an exploit available.
This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
7 months 1 week ago
Russian Federal Security Service (FSB) officers have detained two hackers in Siberia who conducted cyberattacks on critical infrastructure facilities under direct orders from Ukrainian intelligence services. The simultaneous arrests in the Kemerovo and Tomsk regions exposed a sophisticated cyber espionage network targeting Russia’s governmental, industrial, and financial information systems. The primary suspect, a 36-year-old resident […]
The post Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure appeared first on Cyber Security News.
Tushar Subhra Dutta
Submit #603552: 07FLYCMS https://github.com/lingqifei/07fly-crm V1.3.9 CSRF [Accepted]
7 months 1 week ago
Submit #603552 / VDB-314992
Excent1c
Submit #603132: 程序员二师兄 oasys master arbitrary file reading [Duplicate]
7 months 1 week ago
Submit #603132 / VDB-310995
Unnlucky1
CVE-2025-7077 | Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6 /appy.cgi config_3g_para username_3g/password_3g buffer overflow (EUVD-2025-20133)
7 months 1 week ago
A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of the argument username_3g/password_3g leads to buffer overflow.
This vulnerability is uniquely identified as CVE-2025-7077. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #603012: LinBle LBT-T300-T310 v2.2.3.6 Buffer Overflow [Accepted]
7 months 1 week ago
Submit #603012 / VDB-314991
FLY200503
微软 XBox 业务高管建议被裁员的员工用 AI 管理情绪
7 months 1 week ago
微软本周宣布裁员逾九千人,其中 XBox 游戏业务深受影响,有工作室被关闭,多个游戏项目被取消。对此情况,XBox 高管 Matt Turnbull 提出了一项建议:被裁的员工应该用 AI 管理情绪。他的建议发表在 LinkedIn 上,帖子已删除,但内容已被人保存了下来。他表示自己已经试验用 LLM AI 工具(如 ChatGPT 或 Copilot)帮助减少失业带来的情绪和认知负担,称如果不尽力提供最好的建议将是自己的失职。
Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone
7 months 1 week ago
Cybercriminals are exploiting the economic uncertainty and remote work trends to orchestrate sophisticated employment fraud schemes, with victims losing over $264 million in 2024 alone according to FBI reports. These malicious campaigns, known as “task scams,” represent a rapidly evolving threat landscape where fraudsters weaponize legitimate job-seeking behavior to extract cryptocurrency payments from unsuspecting victims […]
The post Threat Actors Turning Job Offers Into Traps, Over $264 Million Lost in 2024 Alone appeared first on Cyber Security News.
Tushar Subhra Dutta
Instagram Started Using 1-Week Validity TLS Certificates and Changes Them Daily
7 months 1 week ago
Instagram has adopted an unprecedented approach to web security by implementing daily rotation of TLS certificates that maintain validity periods of just one week, according to a recent technical analysis. This practice represents a significant departure from industry standards, where certificates typically remain valid for 90 days or longer, suggesting a strategic shift toward enhanced […]
The post Instagram Started Using 1-Week Validity TLS Certificates and Changes Them Daily appeared first on Cyber Security News.
Kaaviya
Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass
7 months 1 week ago
A significant security vulnerability has been discovered in Lenovo’s preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoft’s AppLocker security framework. The issue affects all variants of Lenovo machines running default Windows installations and poses serious implications for enterprise security environments. The vulnerability centers around the MFGSTAT.zip […]
The post Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass appeared first on Cyber Security News.
Guru Baran