Aggregator

A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. This vulnerability is handled as CVE-2024-12976. The attack may be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

SilentMoonwalk SilentMoonwalk is a PoC implementation of a fully dynamic call stack spoofer, implementing a technique to remove the original caller from the call stack, using ROP to desynchronize unwinding from the control flow....

The post SilentMoonwalk: PoC Implementation of a fully dynamic call stack spoofer appeared first on Penetration Testing Tools.

Currently trending CVE - Hype Score: 4 - billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

Currently trending CVE - Hype Score: 5 - Windows OLE Remote Code Execution Vulnerability

Currently trending CVE - Hype Score: 5 - Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to change report content.

Firebase, a versatile platform by Google, powers countless web and mobile applications with its extensive suite of services including real-time databases, authentication, cloud storage, and hosting. Its ubiquity and ease of use make it...

The post agneyastra: Firebase Misconfiguration Detection Toolkit appeared first on Penetration Testing Tools.

A vulnerability was found in Apple macOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component BOM. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2023-42876. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-5900. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

GreyNoise recently observed a coordinated spike in malicious activity against Apache Tomcat Manager interfaces. On June 5, 2025, two GreyNoise tags — Tomcat Manager Brute Force Attempt and Tomcat Manager Login Attempt — registered well above baseline volumes, indicating a deliberate attempt to identify and access exposed Tomcat services at scale.

Explore how learning management systems (LMS) software supports safe online learning, protects employee data, and ensures compliance in…

顺应国产化替代趋势，选用国密算法支持自主可控技术发展。

The identity industry faces its biggest shift yet: machines now outnumber humans 90:1 in digital systems. From AI-powered authentication to passwordless futures, discover the $61.74B transformation reshaping how we think about digital trust and security.

The post Identity’s New Frontier: AI, Machines, and the Future of Digital Trust appeared first on Security Boulevard.

该报告通过实证分析揭示俄罗斯雇佣兵在非洲的战略角色转变及其多维负面影响，为理解地区安全动态、中俄地缘博弈提供了详实的政策参考，其数据与结论对国际社会评估俄罗斯在非洲的行动具有重要价值。

自2018年以来，AI开发者创建了广泛适用的基础模型，这些模型在多种任务上表现出色，但需要大量的计算资源。训练这些模型的费用高昂，并且呈指数级增长，引发了关于“谁来支付这些费用”的讨论。

该报告通过俄乌战争案例，为美国及盟友提供战术、操作及战略层面的调整方向，特别强调技术-能力平衡、低成本装备规模化应用、外部合作及太空韧性，对未来潜在冲突准备具有指导意义。

Ransomware operators have increasingly turned to a sophisticated new malware tool called Skitnet, also known as “Bossnet,” to enhance their post-exploitation capabilities and evade traditional security measures. First emerging on underground cybercrime forums in April 2024, this multi-stage malware has rapidly gained traction among prominent ransomware groups seeking to streamline their operations while maintaining stealth […]

The post Sophisticated Skitnet Malware Actively Adopted by Ransomware Gangs to Streamline Operations appeared first on Cyber Security News.

信息收集端口扫描使用nmap进行端口探测，发现存在22，80，443，41525等端口开放。然后探测具体协议。Web页面访问web页面。发现存在web-INF接口。目录爆破使用工具爆破目录。CVE漏洞搜索发现存在cve-2023-49070漏洞，漏洞原因是：Apache Ofbiz 18.12.09 中的预认证 RCE。这是由于 XML-RPC 不再维护而仍然存在。此问题影响 Apache OF

Chinese state-sponsored hackers launched sophisticated reconnaissance operations against cybersecurity giant SentinelOne’s infrastructure in October 2024, representing part of a broader campaign targeting over 70 organizations worldwide. The previously undisclosed attacks, detailed in a comprehensive report released by SentinelLabs on June 9, 2025, demonstrate the persistent threat that China-nexus actors pose to the very companies tasked […]

The post Chinese Hackers Attempted To Compromise SentinelOne’s Own Servers & Other High-profile Targets appeared first on Cyber Security News.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

The Arkana Security extortion gang briefly listed over the weekend what appeared to be newly stolen Ticketmaster data but is instead the data stolen during the 2024 Snowflake data theft attacks. [...]