Aggregator

A vulnerability, which was classified as critical, was found in Tastyc Theme Plugin up to 2.5.1 on WordPress. This affects an unknown part. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2025-27010. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Dessau Theme Plugin up to 1.8 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to file inclusion. This vulnerability is handled as CVE-2025-39463. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Dør Theme up to 2.4 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to file inclusion. This vulnerability is known as CVE-2025-39466. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Wanderland Theme up to 1.7.1 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to file inclusion. The identification of this vulnerability is CVE-2025-39467. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in JetReviews Plugin up to 2.3.6 on WordPress. Affected is an unknown function. The manipulation leads to file inclusion. This vulnerability is traded as CVE-2025-39396. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Grip Theme up to 1.0.9 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to file inclusion. This vulnerability was named CVE-2025-26735. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Foton Theme up to 2.5.2 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2025-39458. It is possible to initiate the attack remotely. There is no exploit available.

Series B Investment to Boost AI, Expand Coverage Across IaaS, PaaS, SaaS, On-Prem
Data security startup Sentra has raised $50 million to expand its AI-powered classification, labeling and enforcement capabilities. With enterprise interest in secure AI adoption and risk mitigation rising, the firm will grow its team and expand support for cloud, SaaS and on-prem data governance.

North Korea Continues Refining Profit-Making Scheme, Says CrowdStrike's Adam Meyers
In recent years, cash-starved North Korea has deployed legions of domestically trained workers to secure remote IT jobs to generate revenue for the Pyongyang-based regime. They can work for many months before being spotted, said Adam Meyers, head of counter adversary operations at CrowdStrike.

Attack Combines Social Engineering and Card Emulation to Execute Real-Time Theft
Hackers are using Chinese-speaking Android malware-as-a-service SuperCard X to carry out near-field communication relay attacks, siphoning payment card data and executing live point of sale and ATM transactions. Victims receive spoofed SMS or WhatsApp alerts purporting to originate from their bank.

Faces Two Counts of Oklahoma Computer Crime Act Violations
The CEO of a small cybersecurity firm is facing two counts of violating Oklahoma's Computer Crimes Act in a case alleging that he walked into an Oklahoma City hospital and installed malware on employee computers. The case echoes other alleged hospital security incidents.

Author/Presenter: Laura Johnson

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Common Ground – Cyber Harassment: Stop The Silence, Save Lives appeared first on Security Boulevard.

A vulnerability was found in SAP S4 HANA and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-31328. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in SAP Field Logistics and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to external control of assumed-immutable web parameter. This vulnerability is known as CVE-2025-31327. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in NVIDIA NvContainer Service on Windows. Affected is an unknown function of the component OpenSSL. The manipulation leads to use of hard-coded, security-relevant constants. This vulnerability is traded as CVE-2025-23253. The attack needs to be approached locally. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Hoteldruid 3.0.5. This issue affects some unknown processing. The manipulation of the argument commento1_1 leads to cross site scripting. The identification of this vulnerability is CVE-2023-43378. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in LabVantage up to 8.8.0.13 HF5. This vulnerability affects unknown code of the component Request Parameter Handler. The manipulation of the argument objectname leads to file inclusion. This vulnerability was named CVE-2025-43951. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Volmarg Personal Management System 1.4.65. This affects an unknown part of the component Goal Creation Section. The manipulation of the argument description leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-53569. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Volmarg Personal Management System 1.4.65. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Upload Section. The manipulation of the argument tag leads to cross site scripting. This vulnerability is handled as CVE-2024-53568. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument IW_SessionID_ leads to cross site scripting. This vulnerability is known as CVE-2025-43952. The attack can be launched remotely. There is no exploit available.