Aggregator

A vulnerability has been found in Single Content Sync up to 1.4.11 on Drupal and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-48009. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Enterprise MFA up to 4.6.x/5.1.x on Drupal. Affected by this vulnerability is an unknown functionality. The manipulation leads to authentication bypass using alternate channel. This vulnerability is known as CVE-2025-47710. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Enterprise MFA up to 4.6.x/5.1.x on Drupal. It has been classified as critical. This affects an unknown part. The manipulation leads to authentication bypass by capture-replay. This vulnerability is uniquely identified as CVE-2025-47706. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in FUDforum 3.1.3. Affected by this vulnerability is an unknown functionality of the file /adm/admsmiley.php. The manipulation of the argument chpos leads to cross site scripting. This vulnerability is known as CVE-2024-30951. The attack can be launched remotely. There is no exploit available.

S5 Agency World Ltd falls victim to BERT Ransomware

The scheme is based in Cambodia, where people residing in scam centers contact U.S. victims through phone calls, texts, dating apps and other avenues to promote fake cryptocurrency investments.

通过上传ASPX可执行文件绕过PHP站点黑名单

Alleged Sale of Chrome Alert Bypass and WD Exclusion

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution. [...]

Жители обратились к Мизулиной.

V8 Sandbox Escape

Can a simple dash character introduce a security risk? Discover how SQL line comments can open the door to unexpected injection vulnerabilities in several PostgreSQL client libraries!

The post Double Dash, Double Trouble: A Subtle SQL Injection Flaw appeared first on Security Boulevard.

A ransomware attack on Mastery Schools, Philadelphia, has compromised personal information of 37,031 individuals, exposing sensitive data

In a timely and candid webinar hosted by Axio, leading experts discussed what’s working (and what’s not) in industrial cybersecurity as we look toward 2025. Featuring insights from cybersecurity veteran

Read More

The post Industrial Cybersecurity 2025: Key Takeaways from our Webinar appeared first on Axio.

The post Industrial Cybersecurity 2025: Key Takeaways from our Webinar appeared first on Security Boulevard.

The campaign has affected hundreds of Russian users, particularly targeting industrial enterprises and engineering schools, with additional victims reported in Belarus and Kazakhstan.

Heroku is suffering a widespread outage that has lasted over six hours, preventing developers from logging into the platform and breaking website functionality. [...]

Ivanti has released a critical security update for its Workspace Control software, patching three high-severity vulnerabilities that could allow attackers to compromise sensitive credentials. The vulnerabilities, identified as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455, affect versions of Ivanti Workspace Control prior to 10.19.10.0. CVE Number Description CVSS Score (Severity) CVE-2025-5353 A hardcoded key in Ivanti Workspace Control […]

The post Ivanti Workspace Control Vulnerability Lets Attackers Remotely Exploit To Steal the Credential appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SP 2025 论文 cycle 2的论文清单补上

Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that's being propagated via fraudulent gaming websites. "Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background," Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan