Aggregator

A vulnerability has been found in Cure53 DOMPurify up to 3.2.5 and classified as problematic. This vulnerability affects unknown code of the file scripts/server.js. The manipulation leads to path traversal: '../filedir'. This vulnerability was named CVE-2025-48050. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in lockfile-lint-api up to 5.9.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component URL Validation Handler. The manipulation leads to incorrect behavior order: early validation. This vulnerability is handled as CVE-2025-4759. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in D-Link DI-7003GV2 24.04.18D1 R(68125). Affected is an unknown function of the file /index.data. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-4751. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability has been found in D-Link DI-7003GV2 24.04.18D1 R(68125) and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /install_base.data. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-4752. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument subnet leads to command injection. The identification of this vulnerability is CVE-2025-4747. The attack may be initiated remotely. Furthermore, there is an exploit available.

Group123, a North Korean state-sponsored Advanced Persistent Threat (APT) group also known by aliases such as APT37, Reaper, and ScarCruft, continues to target Windows-based systems across multiple regions. Active since at least 2012, the group has historically focused on South Korea but has broadened its operations since 2017 to include Japan, Vietnam, the Middle East, […]

The post APT Group 123 Targets Windows Systems in Ongoing Malicious Payload Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/purchase_delete.php. The manipulation of the argument pr_id leads to sql injection. This vulnerability was named CVE-2025-4746. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Hitachi Ops Center Analyzer Viewpoint. This affects an unknown part. The manipulation leads to use of default credentials. This vulnerability is uniquely identified as CVE-2025-1531. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

关键词数据泄露最近针对英国零售商Marks和Spencer的勒索软件攻击暴露了敏感的客户信息,引发了网络安全专

关键词安全漏洞本周全球网络安全态势依旧紧张，多个关键漏洞正被黑客组织大规模利用。

关键词Intel苏黎世联邦理工学院（ETH Zürich）的安全团队近日披露了英特尔处理器中的一个新型侧信道漏

关键词数据安全奥地利隐私组织noyb于5月27日向Meta爱尔兰总部发出法律警告，反对其未经用户明示同意（op

Alright, you’ve come this far. You’ve admitted that your SEG isn’t exactly the security soulmate you thought it was. Maybe you’ve even started to notice the red flags – missed phishes, frustrated clients, constant rule tuning. But breaking up is a process, and before you can move on to something better, it’s important to assess the current state of the relationship.

The post Modern Threats, Missed Phish: How Exposed Are You? (Part 2) appeared first on Security Boulevard.

An analysis by Robert Walters found there are around 17,000 cybersecurity vacancies in the UK currently, with organizations struggling to fill open positions

A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google Chrome’s Loader, which attackers can use to make the browser leak cross-origin data that can be used to take over accounts. The vulnerability can be triggered with a maliciously crafted HTML page, on Chrome versions prior … More →

The post CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) appeared first on Help Net Security.

近日，绿盟科技CERT监测到微软发布5月安全更新补丁，修复了78个安全问题，涉及Windows、Microsoft Office、Azure、Outlook等广泛使用的产品，其中包括权限提升、远程代码执行等高危漏洞类型。

近日，绿盟科技CERT监测到Ivanti发布安全公告，修复了Ivanti EPMM中的漏洞(CVE-2025-4427/CVE-2025-4428)，目前漏洞细节与PoC已公开，且发现在野利用，请相关用户尽快采取措施进行防护。

以模制模，数智赋能石油石化新质生产力发展

打造数字化转型高校标杆

Hackers from the Scattered Spider group, known for UK retail attacks, are now targeting US retailers, Google cybersecurity…