【招聘】美团安全团队~诚聘情报领域精英人才
美团安全团队~诚聘情报领域精英人才。
Aggregator
【资料】7.10全球每日动态-机遇与风险
6 days 7 hours ago
过去24小时内1、阿塞拜疆在外交领域动作频繁,总统阿利耶夫与亚美尼亚总理帕希尼扬将在阿联酋举行和平会谈,同时与
CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’
6 days 7 hours ago
The one-day deadline issued by CISA on Thursday appears to be the shortest one ever issued. Federal civilian agencies are typically given three weeks to patch bugs added to the known exploited vulnerability catalog.
WorldLeaks
6 days 7 hours ago
You must login to view this content
cohenido
Infostealers Targeting macOS Users in Active Campaigns to Steal Sensitive Data
6 days 7 hours ago
MacOS infostealers are becoming a powerful and underappreciated method of data exfiltration in a world where Windows-centric threats predominate. They act as predecessors to ransomware deployments and significant breaches. These malware variants, often distributed via Malware-as-a-Service (MaaS) models, meticulously harvest sensitive host data, including installed applications, browser-stored credentials, session cookies, and autofill details. This pilfered […]
The post Infostealers Targeting macOS Users in Active Campaigns to Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
Bitchat: мессенджер для постапокалипсиса. Без интернета. Без намёка на защиту
6 days 7 hours ago
Остался только Bluetooth и слепая вера… во что-то.
CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
6 days 7 hours ago
The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes. [...]
Bill Toulas
ISACA Addresses Experience Gap with CISA Associate Designation
6 days 7 hours ago
The new CISA Associate designation recognizes ISACA members who have passed the CISA exam, but do not yet have the required experience
当AI智能体学会“欺骗”,我们如何自保?火山的MCP安全答卷
6 days 7 hours ago
火山引擎云安全
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
6 days 8 hours ago
Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances.
Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0.
"An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in
The Hacker News
Arkana Ransomware Claimed to Have Stolen 2.2 Million Customer Records
6 days 8 hours ago
The cybersecurity landscape witnessed a significant breach in early 2025 when Arkana Ransomware emerged as a formidable threat actor, making its debut with a devastating attack on WideOpenWest (WOW!), a major U.S. internet service provider. The attack, which occurred in late March 2025, demonstrated the group’s sophisticated capabilities as they claimed to have successfully exfiltrated […]
The post Arkana Ransomware Claimed to Have Stolen 2.2 Million Customer Records appeared first on Cyber Security News.
Tushar Subhra Dutta
CVE-2025-7492 | PHPGurukul Vehicle Parking Management System 1.13 manage-incomingvehicle.php del sql injection
6 days 8 hours ago
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage-incomingvehicle.php. The manipulation of the argument del leads to sql injection.
This vulnerability is handled as CVE-2025-7492. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-7491 | PHPGurukul Vehicle Parking Management System 1.13 manage-outgoingvehicle.php del sql injection
6 days 8 hours ago
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/manage-outgoingvehicle.php. The manipulation of the argument del leads to sql injection.
This vulnerability is known as CVE-2025-7491. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-7490 | PHPGurukul Vehicle Parking Management System 1.13 /admin/reg-users.php del sql injection
6 days 8 hours ago
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been classified as critical. Affected is an unknown function of the file /admin/reg-users.php. The manipulation of the argument del leads to sql injection.
This vulnerability is traded as CVE-2025-7490. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-7489 | PHPGurukul Vehicle Parking Management System 1.13 search-vehicle.php searchdata sql injection
6 days 8 hours ago
A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchdata leads to sql injection.
The identification of this vulnerability is CVE-2025-7489. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
Microsoft Removes High-Privilege Access to Strengthen Microsoft 365 Security
6 days 8 hours ago
Microsoft has taken a significant step forward in bolstering the security of its Microsoft 365 ecosystem by systematically eliminating high-privileged access (HPA) across all applications, as part of its broader Secure Future Initiative (SFI). This initiative integrates efforts across the company’s infrastructure, products, and services to enhance cybersecurity protections, with a particular emphasis on the […]
The post Microsoft Removes High-Privilege Access to Strengthen Microsoft 365 Security appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
Virtru secures $50 million investment to advance data-centric security standards
6 days 8 hours ago
Virtru's technology centers on the Trusted Data Format, an open standard that embeds security controls directly into data files rather than relying on traditional perimeter defenses.
The post Virtru secures $50 million investment to advance data-centric security standards appeared first on CyberScoop.
Greg Otto
CVE-2025-7488 | JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 /file/download Name path traversal (Issue 18)
6 days 8 hours ago
A vulnerability has been found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal.
This vulnerability was named CVE-2025-7488. The attack can be initiated remotely. Furthermore, there is an exploit available.
Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
vuldb.com
CVE-2025-7487 | JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 /file/upload SysFileController portraitFile unrestricted upload (Issue 19)
6 days 8 hours ago
A vulnerability, which was classified as critical, was found in JoeyBling SpringBoot_MyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26. This affects the function SysFileController of the file /file/upload. The manipulation of the argument portraitFile leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2025-7487. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
vuldb.com
Submit #610577: PHPGurukul Vehicle Parking Management System 1.13 SQL Injection [Accepted]
6 days 8 hours ago
Submit #610577 / VDB-316142