Aggregator

A vulnerability was found in freedomofpress securedrop-client up to 0.14.0. It has been rated as critical. This issue affects the function safe_move of the file /home/user/.config/autostart/ of the component Source/Journalist Interface. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-24888. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHPGurukul Land Record System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/manage-propertytype.php of the component POST Request Parameter Handler. The manipulation of the argument propertytype leads to sql injection. This vulnerability was named CVE-2025-25387. The attack can be initiated remotely. There is no exploit available.

摘要：造车计划搁浅后，苹果的「下一件重大项目」。

Authors/Presenters: Mauro Eldritch, Cybelle Oliveira

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – MFT Malicious Fungible Tokens appeared first on Security Boulevard.

PortSwigger has announced the release of Burp Suite Professional and Community Edition 2025.2, introducing significant updates that include AI integration into the Montoya API, enhancing the capabilities for building smarter, AI-powered extensions. Bug Fixes and Browser Updates: A notable bug fix corrects the display of source IP addresses for DNS requests over IPv6 in the […]

The post Burp Suite Professional / Community 2025.2 Released With New Built-in AI Integration appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Currently trending CVE - hypeScore: 11 - An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This h

Currently trending CVE - hypeScore: 11 - Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.

Burp AI, PortSwigger unveils AI-driven extensibility in Burp Suite Professional, revolutionizing the way security professionals approach application testing. In its latest stride toward innovation, PortSwigger, the creator of the widely acclaimed Burp Suite, has announced the integration of artificial intelligence (AI) into its platform. This new feature enables security testers to harness AI-powered extensions, opening […]

The post Burp AI – Burp Suite Now Integrate AI Powered Extension for Web Pentesting with 10,000 Free AI Credits appeared first on Cyber Security News.

WinZip曝出高危漏洞CVE-2025-1240，攻击者可利用恶意7Z文件执行任意代码，威胁全球用户。CVSS评分7.8，需紧急升级至WinZip 29.0，防范勒索软件和数据窃取风险。

As data centers continue to serve as the backbone of the digital economy, they face an escalating challenge: the tightening grip of global energy consumption regulations. Governments and regulatory bodies worldwide are implementing stricter policies to curb carbon footprints, optimize energy use, and enforce sustainability commitments. In this evolving landscape, modern Data Center Infrastructure Management (DCIM) software is proving to be an indispensable tool in ensuring compliance, efficiency, and resilience.

The post Energy Regulations Are Rising: Stay Ahead with Modern DCIM appeared first on Hyperview.

The post Energy Regulations Are Rising: Stay Ahead with Modern DCIM appeared first on Security Boulevard.

A leading online marketplace with 90M+ users faced two Flash DDoS attacks. See how DataDome blocked them in milliseconds at the edge, ensuring zero disruption.

The post How DataDome Defended a Marketplace with 90 Million Users from Flash DDoS Attacks appeared first on Security Boulevard.

Researchers at cybersecurity firm Resecurity detected a rise in cyberattacks targeting UAV and counter-UAV technologies. Resecurity identified an increase in malicious cyber activity targeting UAV and counter-UAV (C-UAV/C-UAS) technologies. That was especially notable during active periods of local conflicts, including the escalation of the Russia-Ukraine war and the Israel-Hamas confrontation. The trend of malicious targeting […]

The Dutch Police (Politie) dismantled the ZServers/XHost bulletproof hosting operation after taking offline 127 servers used by the illegal platform. [...]

A groundbreaking report from the Alliance for Securing Democracy (ASD) at the German Marshall Fund has revealed a disturbing trend: foreign threat actors from Russia, China, and Iran are increasingly targeting local communities across the United States. These operations aim to manipulate public opinion, exacerbate divisions, and undermine trust in democratic institutions. Using sophisticated tactics, […]

The post Threat Actors In Russia, China, and Iran Targeting Local Communities In The U.S – New Report appeared first on Cyber Security News.

GreyNoise 已观察到针对该漏洞的主动利用尝试。

Artificial intelligence (AI) continues to revolutionize how businesses operate, with generative AI (GenAI) technologies taking center stage as critical enablers for innovation.

The post Generative AI-centric technologies: Get Gartner® report appeared first on Security Boulevard.

Telecoms Still Falling to Chinese Nation-State Hacking Group, Researchers Warn
A Chinese cyber espionage group tracked as Salt Typhoon and tied to the mass hacking of telecommunications networks in the U.S. and dozens of other countries has been continuing to seek and hack unpatched equipment, including exploiting two long-patched vulnerabilities in Cisco gear.

Apply These Proven Methodologies to Assess, Prioritize and Act Quickly in a Crisis
Cybersecurity professionals frequently deal with multiple issues - all demanding immediate attention. How can you demonstrate the ability to make sound decisions to advance your career? Decision-making in high-stakes environments demands clear methodologies that promote both efficiency and accuracy.