Aggregator

CVE-2025-50122 | Schneider Electric EcoStruxure IT Data Center Expert Installation/Upgrade entropy (SEVD-2025-189-01 / EUVD-2025-21127)

VulDB Recent Entries
6 days 4 hours ago
A vulnerability was found in Schneider Electric EcoStruxure IT Data Center Expert. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Installation/Upgrade. The manipulation leads to insufficient entropy. This vulnerability is known as CVE-2025-50122. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-50121 | Schneider Electric EcoStruxure IT Data Center Expert Web Interface os command injection (SEVD-2025-189-01 / EUVD-2025-21128)

VulDB Recent Entries
6 days 4 hours ago
A vulnerability was found in Schneider Electric EcoStruxure IT Data Center Expert. It has been classified as critical. Affected is an unknown function of the component Web Interface. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-50121. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-3933 | huggingface transformers up to 4.52.0 API Service token2json redos (EUVD-2025-21126)

VulDB Recent Entries
6 days 4 hours ago
A vulnerability was found in huggingface transformers up to 4.52.0 and classified as problematic. This issue affects the function token2json of the component API Service. The manipulation leads to inefficient regular expression complexity. The identification of this vulnerability is CVE-2025-3933. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Securing Data in the AI Era

不安全
6 days 4 hours ago
2025数据风险报告显示,企业面临由AI工具引发的严重数据丢失风险。报告指出,AI应用、SaaS平台、电子邮件和文件共享是主要数据泄露源。建议企业采取统一的AI驱动安全方法应对挑战。

Securing Data in the AI Era

The Hackers News
6 days 4 hours ago
The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help. As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes for safeguarding sensitive enterprise data have reached unprecedented levels. The Zscaler ThreatLabz
The Hacker News

New eSIM Hack Lets Attackers Clone Profiles and Hijack Phone Identities

Cyber Security News
6 days 5 hours ago

A critical vulnerability in eSIM technology enables attackers to clone mobile subscriber profiles and hijack phone identities.  AG Security Research revealed they broke the security of Kigen eUICC cards with GSMA consumer certificates, marking what they claim is the first successful public hack against consumer GSMA eUICC and EAL-certified GSMA security chips. The research team […]

The post New eSIM Hack Lets Attackers Clone Profiles and Hijack Phone Identities appeared first on Cyber Security News.

Guru Baran

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild

The Hackers News
6 days 5 hours ago
A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface, which allows for remote code execution. It has been addressed in version 7.4.4. "The user and
The Hacker News

Wing FTP Server RCE Vulnerability Under Active Exploitation

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
6 days 5 hours ago

Security researchers at Huntress have confirmed active exploitation of a critical remote code execution vulnerability in Wing FTP Server, designated CVE-2025-47812, with the first observed attack occurring just one day after the vulnerability’s public disclosure. The flaw affects versions before 7.4.4 and can lead to root or SYSTEM-level remote code execution, prompting urgent calls for […]

The post Wing FTP Server RCE Vulnerability Under Active Exploitation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals

The Hackers News
6 days 5 hours ago
An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S. The financially motivated scheme, now operating under the moniker Pay2Key.I2P, is assessed to be linked to a hacking group tracked as Fox Kitten (aka Lemon Sandstorm). "
The Hacker News

Managed ad