Aggregator

A vulnerability has been found in jose 6.0.10 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to inadequate encryption strength. This vulnerability is known as CVE-2025-45767. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Hangzhou Shunwang Rentdrv2. Affected is an unknown function. The manipulation leads to exposed ioctl with insufficient access control. This vulnerability is traded as CVE-2023-44976. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS XR. It has been rated as critical. Affected by this issue is some unknown functionality of the component IKEv2 Handler. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2025-20209. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Icinga icingaweb2 up to 2.11.4/2.12.2. This vulnerability affects unknown code of the component Command-Line Interface. The manipulation leads to open redirect. This vulnerability was named CVE-2025-30164. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

In this post we demonstrate how a bypass in OpenAI’s “safe URL” rendering feature allows ChatGPT to send personal information to a third-party server. This can be exploited by an adversary via a prompt injection via untrusted data. If you process untrusted content, like summarizing a website, or analyze a pdf document, the author of that document can exfiltrate any information present in the prompt context, including your past chat history.

Шатдауны бьют рекорды, власти говорят — «детокс».

Security Expert Silke Holtmanns on Telecom Threats, Data Challenges and Zero Trust
Telecom firms face rising cyberthreats, growing regulatory pressure and shrinking budgets. But instead of chasing flashy solutions, the industry should focus on strengthening its security fundamentals, said Silke Holtmanns, telecommunication and critical infrastructure security expert at Blue Hour.

Investor Umesh Padval on Platform Power, Scaling Fast and Global AI Plays
Q2 2025 saw AI dominate global VC funding, grabbing $47.5 billion of the $94.6 billion raised. AI Investor Umesh Padval breaks down what makes AI infrastructure startups worth betting on - from platform depth and speed to regional ecosystems and exit timing.

Creator/Author/Presenter: Gal Elbaz

Our deep appreciation to Security BSides - San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: 0.0.0.0 Day: Exploiting Localhost APIs From The Browser appeared first on Security Boulevard.

A vulnerability has been found in SAML-Toolkits ruby-saml up to 1.12.3/1.17.x and classified as critical. This vulnerability affects unknown code of the component ReXML/Nokogiri. The manipulation leads to improper verification of cryptographic signature. This vulnerability was named CVE-2025-25292. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in SAML-Toolkits ruby-saml up to 1.12.3/1.17.x. Affected by this issue is some unknown functionality of the component Message Size Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2025-25293. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Security debt ahoy: Only about half of the code that the latest large language models (LLMs) create is cybersecure, and more and more of it is being created all the time.

Chinese-speaking threat actors have used the PlayPraetor Remote Access Trojan (RAT) to infiltrate more than 11,000 Android devices globally in a sophisticated Malware-as-a-Service (MaaS) operation. This allows for on-device fraud (ODF) by controlling the device in real time. First investigated by Cleafy Threat Intelligence in June 2025, the campaign impersonates legitimate Google Play Store pages […]

The post Chinese Threat Actors Hack 11,000 Android Devices to Deploy PlayPraetor Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Stack Overflow 对 4.9 万名程序员的调查发现，2025 年八成开发者在工作流程中使用 AI 辅助编程工具，但开发者对其准确性的信任度从前几年的 40% 降至今年的 29%。45% 的受访者认为，AI 辅助编程工具最让他们不满的地方是“解决方案几乎正确但并不完全正确”，相比输出明显错误的答案，几乎正确但不完全正确的答案可能会在程序中引入隐藏的 bug 或者其它难以识别需要时间解决的问题。逾三分之一的开发者表示他们如今访问 Stack Overflow 部分是为了寻找 AI 相关的问题。大模型的问题不可能完全解决，因为这是其工作原理决定的。开发者仍然使用大模型的原因包括经理要求他们使用，以及 AI 工具仍然有用但不能被误用。

A vulnerability, which was classified as problematic, was found in Zoom Workplace App and Meeting SDK up to 6.2.x on iOS. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-0150. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple macOS up to 13.6/14.6/15.5. Affected is an unknown function of the component File Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-43239. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS up to 13.6/14.6/15.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Restrictions Handler. The manipulation leads to sandbox issue. This vulnerability is known as CVE-2025-43241. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apple macOS up to 15.5. This affects an unknown part of the component App. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-43235. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple macOS up to 15.5. This affects an unknown part. The manipulation leads to improper check or handling of exceptional conditions. This vulnerability is uniquely identified as CVE-2025-43240. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Makers of the period tracking app Flo agreed to settle with plaintiffs in a suit alleging that millions of users' data was improperly shred with Meta.