Aggregator

CVE-2025-9119 | Netis WF2419 1.2.29433 Wireless Settings Page /index.htm SSID cross site scripting (EUVD-2025-25152)

VulDB Recent Entries
4 days 18 hours ago
A vulnerability identified as problematic has been detected in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cross site scripting. This vulnerability is registered as CVE-2025-9119. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Workday Latest Company Hit by Third-Party CRM Platform Breach

Security Boulevard
4 days 18 hours ago

Workday, a high-profile HR and finance software solutions maker, is the latest victim of a string of data breaches orchestrated by the resurgent ShinyHunters threat group through Salesforce's CRM solution, joining a lineup of targets that includes Google, Qantas, Pandora, and Adidas.

The post Workday Latest Company Hit by Third-Party CRM Platform Breach appeared first on Security Boulevard.

Jeffrey Burt

The AI Memory Wars: Why One System Crushed the Competition (And It’s Not OpenAI)

Security Boulevard
4 days 19 hours ago

Most AI agents forget everything very soon. I benchmarked OpenAI Memory, LangMem, MemGPT, and Mem0 in real production environments. One system delivered 26% better accuracy and 91% faster performance. Here's which memory solution actually works for long-term AI agent deployments.

The post The AI Memory Wars: Why One System Crushed the Competition (And It’s Not OpenAI) appeared first on Security Boulevard.

Deepak Gupta - Tech Entrepreneur, Cybersecurity Author

Technical Details of SAP 0-Day Exploitation Script for RCE Revealed

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
4 days 19 hours ago

Cybersecurity researchers have unveiled the inner workings of an exploit script targeting a critical zero-day vulnerability in SAP NetWeaver’s Visual Composer Metadata Uploader, now designated as CVE-2025–31324. This flaw stems from a missing authorization check on the HTTP endpoint /developmentserver/metadatauploader, enabling unauthenticated file uploads that can lead to remote code execution (RCE) under the SAP […]

The post Technical Details of SAP 0-Day Exploitation Script for RCE Revealed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Dissecting PipeMagic: Inside the architecture of a modular backdoor framework

Threat intelligence | Microsoft Security Blog
4 days 19 hours ago

A comprehensive technical deep dive on PipeMagic, a highly modular backdoor used by Storm-2460 masquerading as a legitimate open-source ChatGPT Desktop Application. Beneath its disguise, PipeMagic is a sophisticated malware framework designed for flexibility and persistence. Once deployed, it can dynamically execute payloads while maintaining robust command and control (C2) communication via a dedicated networking module.

The post Dissecting PipeMagic: Inside the architecture of a modular backdoor framework appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence

New NIST guide explains how to detect morphed images

Help Net Security
4 days 19 hours ago

Face morphing software can blend two people’s photos into one image, making it possible for someone to fool identity checks at buildings, airports, borders, and other secure places. These morphed images can trick face recognition systems into linking the photo to both people, allowing one person to pass as the other. Face morphing software can blend photos of different people’s faces into a single synthesized image (Source: NIST) This kind of software is easy to … More →

The post New NIST guide explains how to detect morphed images appeared first on Help Net Security.

Sinisa Markovic

Managed ad