Aggregator

The cloud security crisis no one’s talking about

Help Net Security
8 months 3 weeks ago

Security teams are overwhelmed by a flood of alerts, most of which lack the context needed to accurately assess and espond to threats, according to ARMO. Respondents report receiving an average of 4,080 security alerts per month – or 136 alerts per day – related to potential cloud-based attacks, with 61% handling between 1,001 and 5,000 alerts monthy. Yet despite this deluge, the average number of true security incidents per year is just 7, meaning … More →

The post The cloud security crisis no one’s talking about appeared first on Help Net Security.

Help Net Security

CVE-2025-5626 | Campcodes Online Teacher Record Management System 1.0 edit-subjects-detail.php editid sql injection (EUVD-2025-16948)

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as critical has been found in Campcodes Online Teacher Record Management System 1.0. Affected is an unknown function of the file /admin/edit-subjects-detail.php. The manipulation of the argument editid leads to sql injection. This vulnerability is traded as CVE-2025-5626. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5627 | code-projects Patient Record Management System 1.0 /sputum_form.php itr_no sql injection (EUVD-2025-16947)

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /sputum_form.php. The manipulation of the argument itr_no leads to sql injection. This vulnerability is known as CVE-2025-5627. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-30097 | Microsoft Windows up to Server 2022 23H2 Speech Application Programming Interface double free (EUVD-2024-28034)

Vuldb Updates
8 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Microsoft Windows. This affects an unknown part of the component Speech Application Programming Interface. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2024-30097. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-5625 | Campcodes Online Teacher Record Management System 1.0 /search-teacher.php searchteacher sql injection (EUVD-2025-16949)

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /search-teacher.php. The manipulation of the argument searchteacher leads to sql injection. The identification of this vulnerability is CVE-2025-5625. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-49466 | rjarry aerc commands/msgview/open.go path traversal (EUVD-2025-16956)

Vuldb Updates
8 months 3 weeks ago
A vulnerability has been found in rjarry aerc and classified as critical. This vulnerability affects unknown code of the file commands/msgview/open.go. The manipulation leads to relative path traversal. This vulnerability was named CVE-2025-49466. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-5715 | Signal App 7.41.4 on Android Biometric Authentication missing critical step in authentication

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. This vulnerability was named CVE-2025-5715. It is possible to launch the attack on the physical device. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Google survey shows Americans are changing how they fight scams

Help Net Security
8 months 3 weeks ago

If it seems like scams are popping up everywhere lately, you’re not wrong. A new survey from Google shows most Americans feel the same, and they’re starting to change how they handle things online because of it. But different age groups are responding in different ways, and the tools people trust to stay safe vary more than you might expect. In a new blog post, Evan Kotsovinos, Google’s VP of Privacy, Safety and Security, breaks … More →

The post Google survey shows Americans are changing how they fight scams appeared first on Help Net Security.

Sinisa Markovic

ZDI-CAN-26616: Apple

ZDI: Upcoming Advisories
8 months 3 weeks ago
A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Gary Kwong' was reported to the affected vendor on: 2025-06-05, 54 days ago. The vendor is given until 2025-10-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Managed ad