Aggregator

CVE-2025-64499 | Enalean Tuleap Community Edition/Tuleap Enterprise Edition cross-site request forgery (GHSA-9h47-jg7r-ww7x)

Vuldb Updates
1 month ago
A vulnerability was found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. It has been rated as problematic. The impacted element is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is documented as CVE-2025-64499. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-14249 | code-projects Online Ordering System 1.0 /user_school.php product_id sql injection (EUVD-2025-201712)

Vuldb Updates
1 month ago
A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. The affected element is an unknown function of the file /user_school.php. The manipulation of the argument product_id results in sql injection. This vulnerability was named CVE-2025-14249. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

CVE-2025-14250 | code-projects Online Ordering System 1.0 /user_contact.php Name sql injection (EUVD-2025-201729)

Vuldb Updates
1 month ago
A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. The impacted element is an unknown function of the file /user_contact.php. This manipulation of the argument Name causes sql injection. The identification of this vulnerability is CVE-2025-14250. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-67641 | Jenkins Coverage Plugin up to 2.3054.ve1ff7b_a_a_123b_ REST API cross site scripting (Nessus ID 278130)

Vuldb Updates
1 month ago
A vulnerability has been found in Jenkins Coverage Plugin up to 2.3054.ve1ff7b_a_a_123b_ and classified as problematic. This affects an unknown part of the component REST API. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-67641. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

Teamwork is failing in slow motion and security feels it

Help Net Security
1 month ago

Security leaders often track threats in code, networks, and policies. But a quieter risk is taking shape in the everyday work of teams. Collaboration is getting harder even as AI use spreads across the enterprise. That tension creates openings for mistakes, shadow tools, and uncontrolled data flows. A recent Forrester study shows how this break in teamwork forms and how leaders can respond before it grows. Teamwork is central to enterprise outcomes Forrester’s research found … More →

The post Teamwork is failing in slow motion and security feels it appeared first on Help Net Security.

Anamarija Pogorelec

CVE-2024-35970 | Linux Kernel up to 5.15.155/6.1.86/6.6.27/6.8.6 af_unix file descriptor consumption (WID-SEC-2025-2711)

Vuldb Updates
1 month ago
A vulnerability has been found in Linux Kernel up to 5.15.155/6.1.86/6.6.27/6.8.6 and classified as problematic. This issue affects some unknown processing of the component af_unix. The manipulation leads to uncontrolled file descriptor consumption. This vulnerability is uniquely identified as CVE-2024-35970. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2023-40130 | Google Android CallRedirectionProcessor.java onBindingDied permission (WID-SEC-2025-2711)

Vuldb Updates
1 month ago
A vulnerability was found in Google Android. It has been declared as critical. Affected by this vulnerability is the function onBindingDied of the file CallRedirectionProcessor.java. Executing manipulation can lead to permission issues. This vulnerability is registered as CVE-2023-40130. The attack needs to be launched locally. No exploit is available. Applying a patch is advised to resolve this issue.
vuldb.com

CVE-2025-13502 | WebKitGTK/WPE WebKit GLib Remote Inspector Server integer overflow (EUVD-2025-199556 / Nessus ID 276745)

Vuldb Updates
1 month ago
A vulnerability has been found in WebKitGTK and WPE WebKit and classified as problematic. The impacted element is an unknown function of the component GLib Remote Inspector Server. Performing manipulation results in integer overflow. This vulnerability was named CVE-2025-13502. The attack may be initiated remotely. There is no available exploit.
vuldb.com

勒索软件利用EDR工具隐秘执行恶意代码

嘶吼
1 month ago

代号为Storm-0249的初始访问中间人,正通过滥用终端检测与响应解决方案及受信任的微软Windows系统工具,实现恶意软件加载、通信链路建立与持久化驻留,为后续勒索软件攻击预先部署环境。

Storm-0249已摒弃大规模钓鱼攻击手段,转而采用更隐蔽、更高级的攻击方法。这些方法不仅攻击效果显著,且即便相关攻击路径已有详细公开文档,防御方依旧难以有效应对。

研究人员在分析一起攻击事件时发现,Storm-0249借助SentinelOne EDR组件的特性隐藏恶意活动。这一攻击手法同样适用于其他品牌的EDR产品。

对SentinelOne EDR的滥用手段

Storm-0249的攻击始于ClickFix社会工程学骗局,诱导用户在Windows运行对话框中粘贴并执行curl命令,以系统权限(SYSTEM)下载恶意MSI安装包。

与此同时,攻击者还会从伪造的微软域名中获取恶意PowerShell脚本,该脚本会被直接载入系统内存,全程不写入磁盘,以此规避杀毒软件的检测。 

恶意MSI文件会释放一个名为SentinelAgentCore.dll的恶意动态链接库文件。研究人员表示:“攻击者将该恶意DLL文件特意放置在受害终端已安装的、合法的SentinelOne EDR组件程序SentinelAgentWorker.exe所在目录下。”

随后,攻击者通过已签名的SentinelAgentWorker程序加载该恶意DLL(即DLL侧加载技术),让恶意代码在受信任的高权限EDR进程中执行,进而实现可抵御系统更新的隐蔽持久化驻留。

ReliaQuest解释道:“由合法进程全权执行攻击者的恶意代码,其行为在安全工具看来与常规SentinelOne组件活动无异,从而绕过检测机制。”

签署的可执行文件侧载恶意DLL

攻击者获取目标设备访问权限后,会借助SentinelOne组件,通过reg.exe、findstr.exe等Windows合法工具收集系统标识信息,并以加密HTTPS流量的形式传输命令与控制数据。

正常情况下,注册表查询与字符串检索这类操作会触发安全警报,但当操作源于受信任的EDR进程时,安全机制会将其判定为常规行为并忽略。

攻击者会利用MachineGuid(一种基于硬件的唯一标识符)对受入侵系统进行画像。LockBit、ALPHV等勒索软件团伙常利用该标识符将加密密钥与特定受害对象进行绑定。

这一特征表明,Storm-0249开展的初始访问入侵活动,是根据其主要客户(即勒索软件附属团伙)的需求量身定制的。

对受信任的已签名EDR进程的滥用,可绕过几乎所有传统监控手段。研究人员建议系统管理员采用基于行为的检测机制,重点识别受信任进程从非标准路径加载未签名DLL文件的异常行为。此外,加强对curl、PowerShell及各类二进制文件的执行权限管控,也有助于提升防御效果。

胡金鱼

Managed ad