Aggregator

A vulnerability was found in Adobe InCopy up to 19.5.3/20.3. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to integer underflow. This vulnerability is handled as CVE-2025-47097. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Adobe InCopy up to 19.5.3/20.3. This vulnerability affects unknown code. The manipulation leads to uninitialized pointer. This vulnerability was named CVE-2025-47098. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dradis up to 4.10.x. It has been declared as problematic. This vulnerability affects unknown code of the component Output Console. The manipulation leads to exposure of sensitive information through metadata. This vulnerability was named CVE-2023-50458. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe Framemaker up to 2020.8/2022.6. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-47132. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MDM, Snapdragon Mobile, Snapdragon Technology and Snapdragon WBC. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Crypto API Call Handler. The manipulation leads to cryptographic issues. This vulnerability is handled as CVE-2025-21422. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Illustrator up to 28.7.6/29.5.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-49528. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

当攻击者进入企业网络后,会利用横向移动技术在内部扩散控制权,通过合法工具如RDP、SMB等访问敏感资产。这种隐蔽的扩散方式可能造成数据泄露、破坏备份甚至接管域控制器等严重后果,因此需要通过最小权限原则、网络分段和持续监控等措施加以防范。

The Qilin group emerged as the leading player in the ransomware ecosystem, which saw a notable rise in activity during June 2025 in a startling escalation of cyber dangers. According to the latest Deep Web and Dark Web trend report, Qilin outpaced all other ransomware collectives, targeting a broad spectrum of high-value entities across government, […]

The post Ransomware Activity Spikes Amid Qilin’s New Wave of Targeted Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Windows_EndPoint_Audit 是一个基于 PowerShell 的工具包，用于检测 Windows 端点配置中的安全漏洞和日志设置。它帮助红队识别服务 hijacking、权限滥用和日志不足等问题，并支持与 SIEM 集成。适用于渗透测试和防御加固。

Caracal 是一款基于 Rust 的 eBPF 根工具包，用于隐藏用户空间进程和内核级 BPF 程序，避免被传统监控工具检测。它针对 Linux 环境设计，在后渗透阶段提供持久性和隐蔽性。

Qantas says nearly six million passengers were impacted by a recent data breach

A vulnerability has been found in Ruckus Virtual SmartZone and Network Director and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to storing passwords in a recoverable format. This vulnerability is known as CVE-2025-44958. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Ruckus Virtual SmartZone and Network Director. Affected is an unknown function of the component SSH Public Key. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is traded as CVE-2025-6243. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Ruckus Virtual SmartZone and Network Director. This issue affects some unknown processing. The manipulation leads to use of hard-coded password. The identification of this vulnerability is CVE-2025-44955. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Ruckus Virtual SmartZone and Network Director. This vulnerability affects unknown code of the component JWT Token Handler. The manipulation leads to use of hard-coded cryptographic key . This vulnerability was named CVE-2025-44963. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Ruckus Virtual SmartZone and Network Director. This affects an unknown part of the component IP Address Handler. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-44961. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Ruckus Virtual SmartZone and Network Director. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SSH. The manipulation leads to use of default cryptographic key. This vulnerability is known as CVE-2025-44954. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Ruckus Virtual SmartZone and Network Director. It has been rated as critical. Affected by this issue is some unknown functionality of the component API Route. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-44960. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Ruckus Virtual SmartZone and Network Director. It has been classified as problematic. Affected is an unknown function. The manipulation leads to relative path traversal. This vulnerability is traded as CVE-2025-44962. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Ruckus Virtual SmartZone and Network Director and classified as critical. This issue affects some unknown processing of the component JWT Signing Key Handler. The manipulation leads to use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2025-44957. The attack may be initiated remotely. There is no exploit available.