Aggregator

Alleged RDWEB Domain Admin Access for U.S. Software Company with $327M Revenue

The Sekoia TDR (Threat Detection & Research) team has reported on a sophisticated network infrastructure named “Cloudflare tunnel infrastructure to deliver multiple RATs” being exploited by cyber attackers since at least February 2024. This infrastructure has been utilized to host malicious files and distribute remote access trojans (RATs), including the notorious AsyncRAT. Complex Infection Chains […]

The post Hackers Exploit Cloudflare Tunnel Infrastructure to Deploy Multiple Remote Access Trojans appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic was found in Icegram Engage Plugin up to 3.1.31 on WordPress. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13486. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in OpenResty lua-nginx-module up to 0.10.26. This affects an unknown part of the component HEAD request Handler. The manipulation leads to http request smuggling. This vulnerability is uniquely identified as CVE-2024-33452. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in NVIDIA NeMo Framework. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-23251. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in NVIDIA NeMo Framework. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-23250. The attack can be launched remotely. There is no exploit available.

华为计划最早从 5 月其向国内客户大量出货最新的 AI 芯片升腾910C。随着美国限制出口英伟达 H20 芯片，中国 AI 公司一直寻找本国替代品。升腾 910C 并非技术上的突破，而是采用先进封装技术，将两个 910B 芯片整合在单一封装中，算力和内存容量两倍于 910B，整体性能可媲美英伟达 H100，可支持更广泛的 AI 运算需求。H20 的出口限制意味着升腾910C 将成为中国 AI 模型开发商和推理部署的首选硬件。

Agentic AI's appeal is growing as organizations seek more autonomous and hands-off approaches to their security protocols.

A vulnerability was found in Sendy 1.1.9.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2014-100011. The attack may be initiated remotely. Furthermore, there is an exploit available.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

The Socket Threat Research Team has unearthed a trio of malicious packages, two hosted on the Python Package Index (PyPI) and one on the npm registry, designed to silently pilfer cryptocurrency secrets, including mnemonic seed phrases and private keys. Released between 2021 and 2024, these packages, under the guise of harmless developer tools, have been […]

The post Threat Actors Leverage npm and PyPI with Impersonated Dev Tools for Credential Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

AppOmni and Splunk SaaS work together to elevate SaaS security with enriched insights, streamlined investigations, and advanced AI-driven detection.

The post AppOmni and Splunk SaaS: A Unified Front for Enhanced Security Insights appeared first on AppOmni.

The post AppOmni and Splunk SaaS: A Unified Front for Enhanced Security Insights appeared first on Security Boulevard.

A vulnerability was found in NVIDIA NeMo Framework. It has been classified as critical. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-23249. It is possible to launch the attack remotely. There is no exploit available.

A new malware campaign utilizing NFC-relay techniques has been identified carrying out unauthorized transactions through POS systems and ATMs

A vulnerability was found in Rollback Rx Professional 12.8.0.0 and classified as problematic. This issue affects some unknown processing in the library shieldm.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-29547. Local access is required to approach this attack. There is no exploit available.

A vulnerability has been found in Tecnick TCExam 16.3.2 and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2025-23176. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Centreon BAM up to 23.04.9/23.10.9/24.04.4/24.10.0. This affects an unknown part of the component Boolean KPi Listing Module. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-3767. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in IBM Hardware Management Console 10.2.1030.0/10.3.1050.0. Affected by this issue is some unknown functionality of the component Power Systems. The manipulation leads to execution with unnecessary privileges. This vulnerability is handled as CVE-2025-1951. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in IBM Hardware Management Console 10.2.1030.0/10.3.1050.0. Affected by this vulnerability is an unknown functionality of the component Power Systems. The manipulation leads to process control. This vulnerability is known as CVE-2025-1950. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.