Aggregator

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-6931. The attack can be launched remotely. Furthermore, there is an exploit available.

六一儿童节那天，带安仔去了趟顺德的长鹿旅游休博园。

早上九点多到的时候，停车场空荡荡的，还以为人不多。进园时工作人员在喊免费拍照，排队的人不多，就拍了几张。

Submit #605593 / VDB-314443

Submit #605592 / VDB-314443

A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/manage-foreigners-ticket.php. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2025-6930. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/view-normal-ticket.php. The manipulation of the argument viewid leads to sql injection. The identification of this vulnerability is CVE-2025-6929. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #605579 / VDB-314442

Submit #605578 / VDB-314441

Alleged Database Sale of Vietnam's Global Insurance Company (GIC)

The government in Switzerland is informing that sensitive information from various federal offices has been impacted by a ransomware attack at the third-party organization Radix. [...]

Multiple critical vulnerabilities in D-Link router models could allow remote attackers to execute arbitrary code and gain unauthorized access to the network infrastructure.  The vulnerabilities affect all hardware revisions and firmware versions of the non-US DIR-816 models, which have now reached their End-of-Life (EOL) status. Buffer Overflow Flaws Enable Remote Code Execution Four of the […]

The post Multiple Critical Vulnerabilities in D-Link Routers Let Attackers Execute Arbitrary Code Remotely appeared first on Cyber Security News.

Microsoft has released RIFT (Rust Identification and Function Tagging), a groundbreaking open-source tool designed to help cybersecurity analysts identify and analyze malware concealed within Rust binaries.  The cybersecurity community has witnessed a significant shift toward Rust-based malware development over the past five years. Notable examples include the BlackCat ransomware in December 2021, followed by Hive […]

The post RIFT – Microsoft’s New Open-Source Tool to Analyze Malware in Rust Binaries appeared first on Cyber Security News.

The agencies said U.S. critical infrastructure entities should be on high alert for "Iranian-affiliated cyber actors" trying to target American networks.

A vulnerability was found in MikroTik RouterOS up to 7.13. It has been declared as critical. This vulnerability affects unknown code of the component IPv6 UDP Traceroute Packet Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2023-47310. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenda AC1206 15.03.06.23_multi_TD01. It has been classified as critical. This affects the function formSetCfm. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-53621. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in IBM Cloud Pak System up to 2.3.4.1 iFix1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. This vulnerability is handled as CVE-2025-2895. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Spanish authorities arrested five members of a criminal network responsible for laundering €460 million stolen through global cryptocurrency investment fraud schemes. Source: Europol The operation, led by the Guardia Civil with support from Europol and law enforcement in Estonia, France, and the United States, uncovered that more than 5,000 victims worldwide were defrauded. The action day led to: 5 arrests (3 on the Canary Islands and 2 in Madrid), and 5 searches (3 on the … More →

The post Fraudsters behind €460 million crypto scam arrested in Spain appeared first on Help Net Security.

Currently trending CVE - Hype Score: 2

Currently trending CVE - Hype Score: 4 - In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators ...