Aggregator

CVE-2025-32977 | Quest KACE SMA up to 14.1 Backup signature verification (EUVD-2025-19026)

VulDB Recent Entries
7 months 3 weeks ago
A vulnerability has been found in Quest KACE SMA up to 14.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Backup Handler. The manipulation leads to improper verification of cryptographic signature. This vulnerability is known as CVE-2025-32977. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-32976 | Quest KACE SMA up to 14.1 2FA authentication bypass (EUVD-2025-19034)

VulDB Recent Entries
7 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Quest KACE SMA up to 14.1. Affected is an unknown function of the component 2FA. The manipulation leads to authentication bypass using alternate channel. This vulnerability is traded as CVE-2025-32976. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-32975 | Quest KACE SMA up to 14.1 improper authentication (EUVD-2025-19028)

VulDB Recent Entries
7 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Quest KACE SMA up to 14.1. This issue affects some unknown processing. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-32975. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

China-linked APT Salt Typhoon targets Canadian Telecom companies

Security Affairs
7 months 3 weeks ago
Canada and FBI warn of China-linked APT Salt Typhoon targeting Canadian telecom firms in ongoing cyber espionage operations. The Canadian Centre for Cyber Security and the FBI warn that China-linked APT cyber espionage group Salt Typhoon, is targeting Canadian telecom firms in espionage attacks. The Salt Typhoon hacking campaign, active for 1–2 years, has targeted […]
Pierluigi Paganini

Firefox 140 释出

Solidot
7 months 3 weeks ago
Mozilla 释出了 Firefox 140,这是一个长期支持版本(LTS)。主要新特性包括:右键标签页会显示“Unload Tab”选项,此举可减少未使用标签页占用的内存节省 CPU 资源;支持 CSS Custom Highlighting API,Chrome 从 v121 开始支持该 API;改进垂直标签,支持添加自定义搜索引擎;支持 SVG fetchpriority 属性、Cookie Store API 等。

UUSEC WAF: Free, Industrial-Grade Web Application Firewall with AI & Three-Layer Defense

Penetration Testing Tools - Metepreter.org
7 months 3 weeks ago

UUSEC WAF Web Application Firewall is an industrial grade free, high-performance, and highly scalable web application and API security protection product that supports AI and semantic engines. It is a comprehensive website protection product launched...

The post UUSEC WAF: Free, Industrial-Grade Web Application Firewall with AI & Three-Layer Defense appeared first on Penetration Testing Tools.

ddos

CVE-2025-33117 | IBM QRadar SIEM up to 7.5.0 Update Package 12 file inclusion (EUVD-2025-18994)

Vuldb Updates
7 months 3 weeks ago
A vulnerability has been found in IBM QRadar SIEM up to 7.5.0 Update Package 12 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to file inclusion. This vulnerability is known as CVE-2025-33117. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

玻璃瓶瓶盖显著增加了饮料中的微塑料含量

Solidot
7 months 3 weeks ago
法国食品、环境和职业健康与安全局(ANSES)发表研究报告,所有饮料都含有微塑料,但玻璃瓶装饮料的微塑料颗粒含量显著高于塑料瓶、纸盒或罐装饮料。对各种包装的饮料的检测发现,玻璃瓶装软饮料、柠檬水、冰茶和啤酒中平均每升含有 100 个微塑料颗粒,是塑料瓶或金属罐装饮料的 5-50 倍。科学家推测,玻璃瓶装饮料的塑料颗粒可能来自瓶盖上的塑料涂层。瓶盖可能是在运输过程中因为摩擦等导致了塑料颗粒脱落。制造商可采取措施减少塑料颗粒的脱落。

100 dronedetectieradars in nieuw steunpakket voor Oekraïne

Defensie.nl - Nieuwsberichten
7 months 3 weeks ago
Nederland doneert 100 aanvullende dronedetectieradars aan Oekraïne. Ook gaan er voertuigen voor gewondenvervoer naar het land. Verder steekt Nederland extra geld in de steun met drones. Het gaat om een steunpakket van in totaal ongeveer €175 miljoen. Dit komt bovenop contracten die deze dagen ondertekend zijn met de Oekraïense industrie om voor €500 miljoen drones te produceren. Dat maakte minister Ruben Brekelmans vandaag bekend voorafgaand aan het NATO Summit Defence Industry Forum in Den Haag.

CVE-2025-24076 | Microsoft Windows Cross Device Service access control (EDB-52320)

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Microsoft Windows 11 22H2/11 23H2/11 24H2/Server 2022 23H2/Server 2025. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Cross Device Service. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-24076. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

U.S. warns of incoming cyber threats following Iran airstrikes

Security Affairs
7 months 3 weeks ago
U.S. warns of cyberattacks by pro-Iranian groups after launching airstrikes on Iran’s nuclear sites amid the Iran –Israel war starting June 13, 2025. The Iran conflict raises cyber threat levels in the U.S., with likely low-level attacks by pro-Iranian hacktivists and possible state-linked cyber activity. Following U.S. strikes on Iranian nuclear sites, President Trump called […]
Pierluigi Paganini

CoinMarketCap Hacked: “Doodle” Graphic Delivers Wallet Drainer, $43K+ Stolen

Penetration Testing Tools - Metepreter.org
7 months 3 weeks ago

One of the world’s leading cryptocurrency tracking platforms, CoinMarketCap, has fallen victim to a sophisticated cyberattack. Visitors to the site were unexpectedly confronted with intrusive Web3 pop-ups, seemingly inviting them to connect their wallets....

The post CoinMarketCap Hacked: “Doodle” Graphic Delivers Wallet Drainer, $43K+ Stolen appeared first on Penetration Testing Tools.

ddos

SparkKitty Unleashed: New Mobile Spyware Steals Crypto Seed Phrases from Your Photos

Penetration Testing Tools - Metepreter.org
7 months 3 weeks ago

Your personal photographs are increasingly becoming the target of malicious actors. Smartphones have long since evolved from mere communication tools into vast repositories of intimate data—ranging from vacation plans and cherished family photos to...

The post SparkKitty Unleashed: New Mobile Spyware Steals Crypto Seed Phrases from Your Photos appeared first on Penetration Testing Tools.

ddos

Managed ad