Aggregator

A vulnerability, which was classified as critical, has been found in Oracle Graph Server and Client. Affected by this issue is some unknown functionality of the component Graph Server. This manipulation causes denial of service. This vulnerability is registered as CVE-2020-36518. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Oracle Spatial Studio and classified as critical. This issue affects some unknown processing of the component Spatial Studio. Executing manipulation can lead to denial of service. This vulnerability appears as CVE-2020-36518. The attack may be performed from a remote location. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Oracle Application Server 9.0.2. Affected by this issue is some unknown functionality of the file hellouser.jsp/welcomeuser.jsp/usebean.jsp. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2002-2347. The attack may be performed from a remote location. There is no available exploit.

A vulnerability described as problematic has been identified in phpBBmod 1.3.3. This vulnerability affects the function phpinfo of the file phpinfo.php. Executing manipulation can lead to information disclosure. This vulnerability is registered as CVE-2002-2349. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as problematic has been found in Phpoutsourcing Zorum 2.4. This issue affects some unknown processing of the file z_user_show.php. The manipulation of the argument Class leads to cross site scripting. This vulnerability is documented as CVE-2002-2350. The attack can be initiated remotely. There is not any exploit available.

Microsoft warns that a threat actor tracked as Storm-0501 has evolved its operations, shifting away from encrypting devices with ransomware to focusing on cloud-based encryption, data theft, and extortion. [...]

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

As the sanctions-evading scheme has grown, so too has the U.S. government’s response.

The post Treasury sanctions North Korea IT worker scheme facilitators and front organizations appeared first on CyberScoop.

South Korean authorities have successfully extradited a key suspect in a large-scale hacking operation that resulted in the embezzlement of over 38 billion won (approximately $28.5 million USD) from high-profile victims. The individual, identified as Mr. G, a 34-year-old Chinese national, was repatriated from Thailand to Incheon International Airport on August 22, 2025, marking the […]

The post Chinese Hacker Suspect Arrested in South Korea Over Major Financial Cyberattack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ESET has identified PromptLock, the first AI-powered ransomware, using OpenAI models to generate scripts that target Windows, Linux…

A vulnerability was found in Eclipse Jetty up to 9.4.38/10.0.1/11.0.1. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component TLS Frame Handler. Performing manipulation results in resource consumption. This vulnerability is known as CVE-2021-28165. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability has been found in Oracle Commerce Guided Search and Commerce Experience Manager 11.3.2 and classified as critical. This vulnerability affects unknown code of the component jackson-databind. This manipulation causes deserialization. This vulnerability is handled as CVE-2021-20190. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Oracle REST Data Services up to 21.2 and classified as critical. This issue affects some unknown processing of the component Eclipse Jetty. The manipulation results in denial of service. This vulnerability is known as CVE-2021-28165. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in Oracle Communications Element Manager 8.2.2. Affected by this issue is some unknown functionality of the component Eclipse Jetty. Performing manipulation results in denial of service. This vulnerability was named CVE-2021-28165. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Communications Services Gatekeeper 7.0. Impacted is an unknown function of the component Eclipse Jetty. This manipulation causes denial of service. This vulnerability is tracked as CVE-2021-28165. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Oracle Communications Session Report Manager up to 8.2.4.0. It has been classified as critical. This impacts an unknown function of the component Eclipse Jetty. The manipulation leads to denial of service. This vulnerability is documented as CVE-2021-28165. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

Threat Attack Daily - 27th of August 2025

Ransomware Attack Update for the 27th of August 2025

The company said the threat actor abused its Claude Code service to "an unprecedented degree," automating reconnaissance, intrusions, and credential harvesting.

Why is Secrets Management a Strategic Imperative? Why are global businesses increasingly focusing on secrets management? Intricate digital and growing cyber threats have led to an urgent need for better security protocols. And secrets management is one of the vital components of a robust cybersecurity strategy. It involves securing Non-Human Identities (NHIs) and their access […]

The post Empowering Teams with Better Secrets Management appeared first on Entro.

The post Empowering Teams with Better Secrets Management appeared first on Security Boulevard.