Aggregator

A vulnerability marked as critical has been reported in sapphi-red vite-plugin-static-copy up to 2.3.1/3.1.1. Affected by this vulnerability is an unknown functionality. This manipulation causes path traversal. This vulnerability is tracked as CVE-2025-57753. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

Europol has confirmed that a widely reported $50,000 reward for information on the Qilin ransomware group is a…

A vulnerability labeled as critical has been found in Espressif ESP-IDF up to 5.0.8/5.1.5/5.3.2/5.4.0. Affected is an unknown function. The manipulation results in buffer overflow. This vulnerability is identified as CVE-2025-55297. The attack can only be performed from the local network. There is not any exploit available. The affected component should be upgraded.

Fogos.pt, a volunteer-run wildfire tracker in Portugal, grew from a side project into a critical national resource used by citizens, media, and government. During 2025 fire season it was hit by DDoS

A vulnerability identified as problematic has been detected in FoxCMS 1.2.6. This impacts an unknown function of the file /index.php. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-55420. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as critical has been discovered in UnoPim up to 0.2.0. This affects an unknown function. Executing manipulation can lead to unrestricted upload. The identification of this vulnerability is CVE-2025-55743. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Roadcute API 1.0. It has been rated as critical. The impacted element is an unknown function. Performing manipulation results in weak password recovery. This vulnerability was named CVE-2025-52395. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in vLLM up to 0.0.x. It has been declared as problematic. The affected element is an unknown function of the component HTTP Endpoint. Such manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2025-48956. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.6. It has been classified as problematic. Impacted is an unknown function of the file insere_despacho.php. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2025-57763. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.6 and classified as problematic. This issue affects some unknown processing of the file pre_cadastro_adotante.php. The manipulation of the argument msg_e results in cross site scripting. This vulnerability is known as CVE-2025-57765. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in LabRedesCefetRJ WeGIA up to 3.4.6 and classified as problematic. This vulnerability affects unknown code of the file cargos.php. The manipulation of the argument msg_e leads to cross site scripting. This vulnerability is traded as CVE-2025-57764. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in LabRedesCefetRJ WeGIA up to 3.4.6. This affects an unknown part of the file dependente_docdependente.php. Executing manipulation of the argument nome can lead to cross site scripting. This vulnerability appears as CVE-2025-57762. The attack may be performed from a remote location. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in musistudio claude-code-router up to 1.0.33. Affected by this issue is some unknown functionality. Performing manipulation results in permissive cross-domain policy with untrusted domains. This vulnerability is reported as CVE-2025-57755. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

云服务公司 Fastly 的报告显示，AI 爬虫给开放 Web 带来了沉重的负担。访问网站的 AI 机器人流量中 AI 爬虫占八成，剩余二成是 AI 抓取程序——用户请求大模型集成训练数据日期之后的信息时抓取程序会按需要触发。Fastly 的监测显示，网站负载的增加不是来自人类访客，而是机器人程序，尤其是 AI 公司的爬虫和抓取程序。其中 Meta 的 AI 爬虫占到了所有 AI 爬虫流量的 52%，而 Google 和 OpenAI 分别占 23% 和 20%，Anthropic 仅占 3.76%，Perplexity AI 占 1.12%。相比 AI 爬虫，AI 抓取程序会在短时间内造成流量爆发。Fastly 称一个抓取程序每分钟产生了逾 39,000 个请求。98% 的 AI 抓取程序流量来自于 OpenAI 公司。

A vulnerability classified as critical was found in LabRedesCefetRJ WeGIA up to 3.4.9. Affected by this vulnerability is an unknown functionality of the file /html/funcionario/dependente_remover.php. Such manipulation of the argument id_funcionario leads to sql injection. This vulnerability is documented as CVE-2025-57761. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in TitanHQ SpamTitan up to 8.00.100/8.01.13. Affected is an unknown function of the file quarantine.php. This manipulation of the argument email causes improper authorization. This vulnerability is registered as CVE-2024-45438. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

Xi Whiz: HTTPS connections on port 443 received forged replies.

The post NOT-So-Great Firewall: China Blocks the Web for 74 Min. appeared first on Security Boulevard.

Quick recovery relies on three security measures.

The Warlock ransomware group has intensified its operations by targeting unpatched on-premises Microsoft SharePoint servers, leveraging critical vulnerabilities to achieve remote code execution and initial network access. This campaign, observed in mid-2025, involves sending crafted HTTP POST requests to upload web shells, facilitating reconnaissance, privilege escalation, and credential theft. Initial Exploitation Attackers exploit flaws like […]

The post Warlock Ransomware Exploits SharePoint Flaws for Initial Access and Credential Theft appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

QuirkyLoader прячет яд в законной оболочке — и никто не замечает.