Aggregator

A vulnerability classified as problematic has been found in Typecho 1.3.0. Affected is an unknown function of the component Post Comment Handler. The manipulation leads to race condition. This vulnerability is traded as CVE-2024-35539. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Roundcube Webmail up to 1.5.6/1.6.6. It has been classified as problematic. Affected is an unknown function of the component SVG Handler. The manipulation of the argument animate leads to cross site scripting. This vulnerability is traded as CVE-2024-37383. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Smart Manager Plugin up to 8.27.x on WordPress. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-0566. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

What happens when you put a bunch of overachieving network engineers in a room and hand them an intractable problem: Can an artificial intelligence (AI)-driven self-healing “network brain” be created to automate and dramatically accelerate fault detection and resolution in live network operations center (NOC)...

A new security flaw, LegalPwn, exploits a weakness in generative AI tools like GitHub Copilot and ChatGPT, where malicious code is disguised as legal disclaimers. Learn why human oversight is now more critical than ever for AI security.

A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component mp4decrypt. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-8537. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Даже один скомпрометированный аккаунт может заразить миллионы браузеров.

美国前共和党官员肖恩·卡恩克罗斯被确认为新任国家网络总监。尽管他缺乏网络安全背景，但凭借在私营部门和联邦机构的管理经验获得参议院批准。他强调跨部门合作以主导网络领域，并得到两党和专家支持。

Submit #619602 / VDB-318666

A massive cryptocurrency theft that remained hidden for over four years has been uncovered, revealing what may be the largest Bitcoin hack in history. LuBian, once one of the world’s most prominent Bitcoin mining pools, lost approximately $3.5 billion in a sophisticated attack that went largely undetected since December 2020. The breach began on December […]

The post Biggest-Ever Bitcoin Hack Uncovered: $3.5B Stolen in Silent Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, has been found in VMware Workstation 4.0.1 Build 5289 on Linux. This issue affects some unknown processing. The manipulation leads to symlink following. The identification of this vulnerability is CVE-2003-0739. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in phpWebSite 0.9.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument day/fatcat_id/PAGE_ID/PDA_limit leads to basic cross site scripting. This vulnerability is handled as CVE-2003-0736. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

跳板技术研究及实操、proxy代理技术研究及实操、模拟构建多层跳板网络

A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the component xrb URL Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-8535. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Security researchers at Safety have uncovered an AI-generated malicious NPM package dubbed @kodane/patch-manager, engineered as an advanced cryptocurrency wallet drainer. This package, posing as a benign “NPM Registry Cache Manager” for license validation and registry optimization, embeds sophisticated mechanisms to siphon funds from developers’ and users’ crypto wallets. Published under the NPM username “Kodane,” the […]

The post Hackers Leverage AI to Craft Malicious NPM Package That Drains Crypto Wallets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Senate voted 59-35 to place Republican Party insider Sean Cairncross atop the Office of the National Cyber Director, which plays a pivotal role in dictating policy and bolstering U.S. cybersecurity efforts.

ANY.RUN在7月推出新功能和更新，包括与IBM QRadar SOAR的集成以加速响应、免费威胁情报查询计划、Debian ARM虚拟机用于分析物联网恶意软件以及新增163个行为签名、13个YARA规则和2772个Suricata规则，提升威胁可见性和工作效率。

Submit #619142 / VDB-318665

A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-8534. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used."