Aggregator

Ultimate RAT Collection: Samples of 450+ classic/modern trojan builders including screenshots

A vulnerability classified as critical was found in Apple iCloud up to 6.2.1 on Windows. Affected by this vulnerability is an unknown functionality of the component WebKit. The manipulation leads to memory corruption. This vulnerability is known as CVE-2017-7043. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Голос будет звучать как родной, губы — двигаться естественно, а автору не придётся делать ничего.

The tech giant has released its second Secure Future Initiative (SFI) progress report, showcasing its ongoing efforts to improve cybersecurity

A vulnerability has been found in EMC Replication Manager up to 5.2.2 and classified as very critical. This vulnerability affects the function RunProgram of the file irccd.exe of the component Replication. The manipulation leads to improper input validation. This vulnerability was named CVE-2011-0647. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The majority — 11 out of 15 — of the top Common Vulnerabilities and Exposures (CVEs) in CISA’s most recent annual Cybersecurity Advisory (CSA) were initially exploited as zero days. 

The post Zero-Day Attack Prevention with Contrast ADR | Real-Time Detection of Zero-Day Exploits of Unknown Vulnerabilities | Contrast Security appeared first on Security Boulevard.

A vulnerability was found in TOTOLINK A810R 4.1.2cu.5182 and classified as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument CSAuthUrl leads to buffer overflow. This vulnerability is handled as CVE-2025-28024. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in TOTOLINK A810R 4.1.2cu.5182_B20201026 and classified as critical. Affected by this vulnerability is an unknown functionality of the file product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. This vulnerability is known as CVE-2025-28031. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in TOTOLINK A810R 4.1.2cu.5182_B20201026. Affected is the function setParentalRules. The manipulation of the argument startTime/endTime leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-28030. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in TOTOLINK A810R and A950RG up to 4.1.2. This issue affects the function setDiagnosisCfg. The manipulation of the argument ipDomain leads to Remote Code Execution. The identification of this vulnerability is CVE-2025-28037. The attack may be initiated remotely. There is no exploit available.

Alleged RDWEB Domain Admin Access for U.S. Software Company with $327M Revenue

The Sekoia TDR (Threat Detection & Research) team has reported on a sophisticated network infrastructure named “Cloudflare tunnel infrastructure to deliver multiple RATs” being exploited by cyber attackers since at least February 2024. This infrastructure has been utilized to host malicious files and distribute remote access trojans (RATs), including the notorious AsyncRAT. Complex Infection Chains […]

The post Hackers Exploit Cloudflare Tunnel Infrastructure to Deploy Multiple Remote Access Trojans appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic was found in Icegram Engage Plugin up to 3.1.31 on WordPress. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13486. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in OpenResty lua-nginx-module up to 0.10.26. This affects an unknown part of the component HEAD request Handler. The manipulation leads to http request smuggling. This vulnerability is uniquely identified as CVE-2024-33452. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in NVIDIA NeMo Framework. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-23251. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in NVIDIA NeMo Framework. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-23250. The attack can be launched remotely. There is no exploit available.

华为计划最早从 5 月其向国内客户大量出货最新的 AI 芯片升腾910C。随着美国限制出口英伟达 H20 芯片，中国 AI 公司一直寻找本国替代品。升腾 910C 并非技术上的突破，而是采用先进封装技术，将两个 910B 芯片整合在单一封装中，算力和内存容量两倍于 910B，整体性能可媲美英伟达 H100，可支持更广泛的 AI 运算需求。H20 的出口限制意味着升腾910C 将成为中国 AI 模型开发商和推理部署的首选硬件。

Agentic AI's appeal is growing as organizations seek more autonomous and hands-off approaches to their security protocols.

A vulnerability was found in Sendy 1.1.9.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2014-100011. The attack may be initiated remotely. Furthermore, there is an exploit available.