Aggregator

A vulnerability categorized as problematic has been discovered in VibeThemes WPLMS Theme up to 4.900 on WordPress. This issue affects some unknown processing. The manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2023-36690. The attack can be executed remotely. There is not any exploit available.

How to defend organisations against malware or ransomware attacks.

For the latest discoveries in cyber research for the week of 15th December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Indian government confirmed cyber incidents involving GPS spoofing at seven major airports, including Delhi, Mumbai, Kolkata, and Bengaluru. The attack affected aircrafts using GPS-based landing procedures. Despite signal disruption to navigation […]

The post 15th December – Threat Intelligence Report appeared first on Check Point Research.

Data "related to current and former JLR employees, and contractors" was affected by a cyberattack in August, the car maker said in a statement representing the first time it has provided details about the incident.

Новое объяснение метеоритов намекает, что планеты земного типа во Вселенной могут быть не редкостью.

A sophisticated Android malware campaign named NexusRoute is actively targeting Indian citizens by impersonating government services. The operation uses fake versions of the official mParivahan and e-Challan applications to harvest login credentials and financial information from unsuspecting users. This coordinated attack combines phishing websites, fraudulent payment interfaces, and advanced malware to execute a multi-stage theft […]

The post New Android Malware Mimic as mParivahan and e-Challan Attacking Android Users to Steal Login Credentials appeared first on Cyber Security News.

New report by Unit 42 reveals the Hamas-linked Ashen Lepus (WIRTE) group is using the AshTag malware suite to target Middle Eastern diplomatic and government entities with advanced, hidden tactics.

In her first public speech, the new chief of Britain's MI6, Blaise Metreweli, pointed to the acute threat posed by Russia, warning of the Kremlin’s “attempts to bully, fearmonger and manipulate.”

Over the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. [...]

为了在真实世界场景中验证我们在前文中提出的框架（RGR, OCA, EMA）的有效性，我们设计并实现了一个移动GUI多智能体系统：Fairy 。

A severe security vulnerability has been discovered in Plesk for Linux that could allow users to gain root access on affected servers. The flaw, tracked as CVE-2025-66430, exists within Plesk’s Password-Protected Directories feature and allows attackers to inject arbitrary data into Apache configuration files. The vulnerability stems from improper handling of user input within the […]

The post Critical Plesk Vulnerability Allows Plesk Users to Gain Root-Level Access appeared first on Cyber Security News.

A vulnerability has been found in Adobe Experience Manager up to 6.5.23 and classified as problematic. This impacts an unknown function. Performing manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-64858. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Adobe Experience Manager up to 6.5.23. It has been rated as problematic. This affects an unknown part. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2025-64861. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability described as problematic has been identified in Adobe Experience Manager up to 6.5.23. This issue affects some unknown processing. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-64850. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic was found in Adobe Experience Manager up to 6.5.23. The affected element is an unknown function. The manipulation results in cross site scripting. This vulnerability was named CVE-2025-64853. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Adobe Experience Manager up to 6.5.23. The impacted element is an unknown function. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-64852. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.23 and classified as problematic. Affected is an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-64847. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.23. It has been declared as problematic. Affected by this issue is some unknown functionality. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-64857. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Adobe Experience Manager up to 6.5.23. Impacted is an unknown function. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-64841. The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Adobe Experience Manager up to 6.5.23. This affects an unknown function. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-64839. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.