Aggregator

A vulnerability was found in Honeywell OneWireless Network Wireless Device Manager up to 322.2/330.1 and classified as critical. This issue affects some unknown processing of the component Firmware Update Handler. The manipulation leads to command injection. The identification of this vulnerability is CVE-2023-5878. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. This vulnerability was named CVE-2025-1086. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.

Иллюзия контроля рассеивается, когда мнимая угроза становится реальной.

Threat actors have been leveraging the legitimate Remote Monitoring and Management (RMM) tool, ScreenConnect, to establish persistence in their cyberattacks. This trend shows the evolving tactics of hackers who exploit trusted software to gain unauthorized access to systems. ScreenConnect, now known as ConnectWise Control, is a widely used RMM tool that allows IT teams to […]

The post Hackers Exploiting ScreenConnect RMM Tool to Establish Persistence appeared first on Cyber Security News.

Submit #491021 / VDB-294862

A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-1085. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

Expel announced expanded security information and event management (SIEM) coverage, including a new low-cost data lake offering, allowing customers to meet compliance and data storage requirements more effectively while strengthening their overall security posture. Additionally, Expel extended integration coverage and support for several industry-leading SIEM and extended detection and response (XDR) products, including Sumo Logic Cloud SIEM and CrowdStrike Falcon LogScale environments. “Organizations are navigating an increasingly complex landscape when it comes to the balance … More →

The post Expel expands SIEM capabilities to meet mounting data storage needs appeared first on Help Net Security.

美国网络安全与基础设施安全局将Microsoft Outlook、Sophos XG Firewall等漏洞列入已知被利用漏洞目录。

British-based engineering firm IMI plc has disclosed a security breach after unknown attackers hacked into the company's systems. [...]

Submit #489857 / VDB-294861

Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles

A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-1084. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is known as CVE-2025-1083. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. This vulnerability is traded as CVE-2025-1082. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

看打铁花为什么会感受到心灵的震撼与惊喜，因为当外在的铁花与内在的心花心心相印，心之性也如花一般绽放于我们的生命内，心花怒放，吾心光明。

看打铁花为什么会感受到心灵的震撼与惊喜，因为当外在的铁花与内在的心花心心相印，心之性也如花一般绽放于我们的生命内，心花怒放，吾心光明。

看打铁花为什么会感受到心灵的震撼与惊喜，因为当外在的铁花与内在的心花心心相印，心之性也如花一般绽放于我们的生命内，心花怒放，吾心光明。

看打铁花为什么会感受到心灵的震撼与惊喜，因为当外在的铁花与内在的心花心心相印，心之性也如花一般绽放于我们的生命内，心花怒放，吾心光明。