Aggregator

A vulnerability classified as critical was found in mcp-markdownify-server. Affected by this vulnerability is the function Markdownify.get. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2025-5276. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Absolute Security Secure Access up to 13.53. Affected is an unknown function of the component Management Console. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-27706. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mcp-markdownify-server. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to files or directories accessible. The identification of this vulnerability is CVE-2025-5273. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Absolute Security Secure Access up to 13.53. It has been declared as critical. This vulnerability affects unknown code of the component Management Console. The manipulation leads to permission issues. This vulnerability was named CVE-2025-27702. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-12955. The attack can be initiated remotely. Furthermore, there is an exploit available.

Любая попытка влиять на соцсети — билет в чёрный список.

A vulnerability was found in Absolute Security Secure Access up to 13.53. It has been classified as critical. This affects an unknown part of the component management console. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2025-27703. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Zanubis предлагает «помочь с налогами», а сам тайно выписывает чеки на удалённый кошелёк.

​万元级机器人要来了，下一站可能就是你家楼下商场。

安全公司 GreyNoise 的研究人员报告，数千台华硕制造的家用和小型办公路由器感染了一种隐蔽的后门，该后门能在设备重启和固件更新后仍然存在。研究人员猜测攻击者可能有国家背景。研究人员目前跟踪到有约 9,000 台被植入了后门，感染数量还在继续增长，不过攻击者尚未利用这些被感染的设备。攻击者利用的一个漏洞是 CVE-2023-39780，华硕已在最近释出的固件更新中修复。感染设备会显示能通过端口 53282 使用 SSH 登陆。

Чехия обвиняет, Китай молчит, а APT31 продолжает работать, не отвлекаясь на прессу.

GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor. GreyNoise discovered the AyySSHush botnet has hacked over 9,000 ASUS routers, adding a persistent SSH backdoor. “Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that […]

Логов нет, антивирус спит, но ты уже в ловушке.

A critical security flaw in Microsoft’s OneDrive File Picker has exposed millions of users to unauthorized data access, allowing third-party web applications to gain complete access to users’ entire OneDrive storage rather than just selected files.  Security researchers from Oasis Security reported on May 28, 2025, that this vulnerability stems from overly broad OAuth scopes […]

The post Microsoft OneDrive File Picker Vulnerability Exposes Users’ Entire Cloud Storage to Websites appeared first on Cyber Security News.

美国反情报帝国：看不见的战争如何重塑全球格局在这个信息爆炸的时代，一场看不见的战争正在全球范围内激烈进行。

火绒祝您平安喜乐，“粽”享安康~

恭喜你“粽”奖啦！（参与方式戳文了解哟）祝大家端午安康，“粽”享好时光~

WithSecure将此活动归因于UNC4696，这是一个之前与Nitrogen Loader活动有关的黑客组织。

At Span Cyber Security Arena, I sat down with Ria Shetty, Director, Cyber Security & Resilience for Europe at Mastercard. Our conversation cut through the hype and focused on what CISOs deal with every day: how to embed security into innovation, manage supply chain risk, and prepare both systems and people for the threats ahead. For Shetty, the idea that innovation competes with security is a false choice. “They go hand in hand,” she says. … More →

The post What CISOs can learn from the frontlines of fintech cybersecurity appeared first on Help Net Security.