Aggregator

CVE-2025-8347 | Kehua Charging Pile Cloud Platform 1.0 /sys/task/findAllTask sql injection

2 weeks ago

A vulnerability, which was classified as critical, was found in Kehua Charging Pile Cloud Platform 1.0. This affects an unknown part of the file /sys/task/findAllTask. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8347. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

New Gunra Ransomware Linux Variant Launches 100 Encryption Threads with Partial Encryption Feature

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

2 weeks ago

The new Gunra group has expanded its attack surface beyond Windows PCs by releasing a Linux version of their virus, which was initially discovered in April 2025. This is a major uptick in the ransomware ecosystem. This development underscores the group’s strategic pivot toward cross-platform targeting, inspired by predecessors like Conti ransomware. Trend Micro’s threat […]

The post New Gunra Ransomware Linux Variant Launches 100 Encryption Threads with Partial Encryption Feature appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

图解 | 一图速览《国家信息化发展报告（2024年）》

中国信息安全

2 weeks ago

一图速览《国家信息化发展报告（2024年）》

国际 | 澳政府拟禁止16岁以下人群使用优兔

中国信息安全

2 weeks ago

澳大利亚政府30日发表声明说，将通过立法把视频网站优兔（YouTube）列入16岁以下人群禁用的社交媒体目录。

评论 | 用网络身份认证护个人信息安全

中国信息安全

2 weeks ago

网购时要用到实名信息但又不想透露个人隐私，生活中你是否也有过这样的烦恼？不久前，公安部等六部门联合公布的《国家网络身份认证公共服务管理办法》（以下简称《管理办法》）正式施行，为个人信息保护与数字经济发展提供了重要的制度遵循和实践指引。

CNCERT：关于“黑猫”团伙利用搜索引擎传播捆绑远控木马的知名应用程序安装包的风险提示

中国信息安全

2 weeks ago

近期，CNCERT和安恒信息联合监测到由“黑猫”黑灰产团伙发起的针对性攻击。该团伙将包含钓鱼软件的恶意网站推送到搜索结果前列，并诱导搜索引擎错误地将部分钓鱼网站标注为“官方”，极大地增强了其欺骗性。

发布 | 国家网信办发布《国家信息化发展报告（2024年）》（附下载）

中国信息安全

2 weeks ago

7月30日，《国家信息化发展报告（2024年）》发布会在京召开。

Submit #617568: Kehua Data Co., Ltd the equipment management platform 1.0 the equipment management platform [Accepted]

Vuldb Submit

2 weeks ago

Submit #617568 / VDB-318298

qiantx

Submit #617567: Kehua Data Co. the charging pile cloud platform 1.0 cloud platform [Accepted]

Vuldb Submit

2 weeks ago

Submit #617567 / VDB-318297

qiantx

CVE-2025-8346 | Portabilis i-Educar 2.10 /educar_aluno_lst.php ref_cod_matricula cross site scripting

VulDB Recent Entries

2 weeks ago

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /educar_aluno_lst.php. The manipulation of the argument ref_cod_matricula with the input "><img%20src=x%20onerror=alert(%27CVE-Hunters%27)> leads to cross site scripting. This vulnerability is handled as CVE-2025-8346. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

Submit #617706: Portabilis I-Educar 2.10 Cross Site Scripting [Accepted]

Vuldb Submit

2 weeks ago

Submit #617706 / VDB-318296

nmmorette

CISO Blueprint: 5 Steps to Enterprise Cyber Threat Resilience

Anyrun

2 weeks ago

Why are SOC teams still struggling to keep up despite heavy investments in security tools? False positives pile up, evasive threats slip through, and critical alerts often get buried under noise. For CISOs, the challenge is giving teams the visibility and speed they need to respond before damage is done. ANY.RUN helps close that gap. 95% of […]

The post CISO Blueprint: 5 Steps to Enterprise Cyber Threat Resilience appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

Submit #617527: Portabilis i-Educar 2.10 Cross Site Scripting [Duplicate]

Vuldb Submit

2 weeks ago

Submit #617527 / VDB-315024

nmmorette

二代必读 | 系列01 • 家族内斗的技术窃密风险

全频带阻塞干扰

2 weeks ago

要防的不仅仅是人，还有那些层出不穷的窃密手段

10 Best Dark Web Monitoring Tools in 2025

Cyber Security News

2 weeks ago

Monitoring and tracking actions on the dark web, a section of the internet that is hidden and requires particular software and configurations to access, is called monitoring. The selling of stolen data, illegal drugs, illegal weapons, hacking services, and other unlawful acts are among the illegal activities known to occur on the dark web. Dark […]

The post 10 Best Dark Web Monitoring Tools in 2025 appeared first on Cyber Security News.

CISO Advisory

Ваш код тормозит при отладке? GNU Binutils 2.45 с SFrame решит проблему на уровне ассемблера

Securitylab.ru

2 weeks ago

Линковщик и ассемблер научились больше, а старые инструкции ушли в прошлое.

New JSCEAL Attack Aims to Steal Credentials and Wallets from Crypto App Users

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

2 weeks ago

Check Point Research (CPR) has identified a sophisticated malware campaign dubbed JSCEAL, which targets users of cryptocurrency trading applications through malicious advertisements and compiled JavaScript payloads. Active since at least March 2024, the operation has evolved to incorporate advanced anti-analysis techniques, including modular infection flows and the use of Node.js to execute compiled V8 JavaScript […]

The post New JSCEAL Attack Aims to Steal Credentials and Wallets from Crypto App Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra