Aggregator

A vulnerability described as problematic has been identified in Intel QuickAssist Technology Software up to 2.4.x. This issue affects some unknown processing. Such manipulation leads to untrusted pointer dereference. This vulnerability is referenced as CVE-2025-20090. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in wolfSSL 5.8.2. Impacted is an unknown function of the component X25519. This manipulation causes information exposure through discrepancy. This vulnerability appears as CVE-2025-12888. It is feasible to perform the attack on the physical device. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in wolfSSL 5.8.4 and classified as critical. This affects an unknown part of the component TLS 1.2. Such manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2025-12889. The attack can be launched remotely. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability described as critical has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /customer_register.php. Executing manipulation can lead to unrestricted upload. This vulnerability is registered as CVE-2025-13544. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /admin_area/index.php. The manipulation of the argument edit_pack leads to sql injection. This vulnerability is documented as CVE-2025-13545. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument user_query results in sql injection. This vulnerability is reported as CVE-2025-13546. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

President Donald Trump's new 33-page national security strategy sets cybersecurity within the broader context of protecting critical infrastructure and managing regional affairs in the Western Hemisphere.

Submit #697380 / VDB-334492

Ведомство постепенно отключает подтверждение по смс для входа на "Госуслуги".

A persistent privilege escalation technique in AWS that allows attackers with limited permissions to execute code under higher-privileged execution roles on EC2 instances and SageMaker notebook instances. First documented by Grzelak in 2016 for EC2, the method exploits modifiable boot-time configurations to inject malicious payloads, bypassing standard IAM controls like PassRole. Recent analysis from Security […]

The post AWS Execution Roles Enable Subtle Privilege Escalation in SageMaker and EC2 appeared first on Cyber Security News.

A maximum-severity vulnerability affecting the React JavaScript library has been exploited in the wild, further stressing the need to patch now.

A new Remote Access Trojan known as CastleRAT has emerged as a growing threat to Windows systems worldwide. First observed around March 2025, this malware enables attackers to gain complete remote control over compromised machines. The threat comes in two main builds: a lightweight Python version and a more powerful compiled C version, with the […]

The post Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access appeared first on Cyber Security News.

A vulnerability, which was classified as critical, was found in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. This vulnerability is referenced as CVE-2025-14111. It is possible to launch the attack remotely. Furthermore, an exploit is available. You should upgrade the affected component. The vendor responded very professional: "This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (...) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn't affected."

Torrance, California, USA, 5th December 2025, CyberNewsWire

Passive scan data goes stale fast as cloud assets shift daily, leaving teams blind to real exposures. Sprocket Security shows how continuous, automated recon gives accurate, up-to-date attack surface visibility. [...]

Akamai proved its resilience and scale by handling an 80% increase in traffic during the busiest shopping time of the year: Black Friday and Cyber Monday.

伪装成投诉举报证据红队样本分析

As quantum quietly moves beyond lab experiment and into production workflows, here's what enterprise security leaders should be focused on, according to Lineswala.

A vulnerability, which was classified as critical, has been found in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. The identification of this vulnerability is CVE-2025-14108. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection. This vulnerability was named CVE-2025-14107. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.