Aggregator

A vulnerability, which was classified as problematic, was found in Intelbras RX 1500 and RX 3000. This affects an unknown part of the file /HNAP1/ of the component Connected Clients Page. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-26064. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intelbras RX 1500 and RX 3000 and classified as critical. This issue affects some unknown processing. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2025-26062. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in TESI Gandia Integra Total and classified as critical. This vulnerability affects unknown code of the file /encuestas/integraweb/html/view/acceso.php. The manipulation of the argument idestudio leads to sql injection. This vulnerability was named CVE-2025-41370. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in TESI Gandia Integra Total and classified as critical. This issue affects some unknown processing of the file /encuestas/integraweb_v4/integra/html/view/acceso.php. The manipulation of the argument idestudio leads to sql injection. The identification of this vulnerability is CVE-2025-41371. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in TESI Gandia Integra Total. This affects an unknown part of the file /encuestas/integraweb[_v4]/integra/html/view/consultaincimails.php. The manipulation of the argument idestudio leads to sql injection. This vulnerability is uniquely identified as CVE-2025-41375. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Blockspare Plugin up to 3.2.13.1 on WordPress. Affected by this vulnerability is an unknown functionality of the component Image Carousel/Image Slider. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-4684. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Sina Extension for Elementor Plugin up to 3.7.0 on WordPress. Affected by this issue is some unknown functionality of the component Sina Posts/Sina Blog Post/Sina Table. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-6228. The attack may be launched remotely. There is no exploit available.

A sophisticated new attack method that exploits AI models’ tendency to comply with legal-sounding text, successfully bypassing safety measures in popular development tools. A study by Pangea AI Security has revealed a novel prompt injection technique dubbed “LegalPwn” that weaponizes legal disclaimers, copyright notices, and terms of service to manipulate large language models (LLMs) into […]

The post New LegalPwn Attack Exploits Gemini, ChatGPT and other AI Tools into Executing Malicious Code via Disclaimers appeared first on Cyber Security News.

A survey of 1,000 IT, security and engineering professionals based in North America finds that most organizations are still struggling to manage and secure access to corporate networks.

The post Survey: Network Security Challenges Persist Despite Desire to Modernize appeared first on Security Boulevard.

Антивирус видит чистую фотографию, а внутри — шпионский вирус от Ким Чен Ына.

乌克兰的无人机完成了一项非同寻常的任务：快递电动自行车救出士兵。被称为 Rubizh 的乌克兰国民警卫队第四快速反应旅分享了一则长 16 分钟的相关视频，显示无人机吊起了一辆电动自行车，然后士兵骑着电动车返回安全地带。乌克兰方面称，这名士兵坚守的前线阵地遭到了袭击，多名战友阵亡，他发现自己与安全区隔离，不得不独自坚守阵地数日。为了营救这名士兵，参谋制定了用大型无人机运送电动自行车的计划，第一架无人机被击落，第二架因为过重而失败，第三架成功了。

Nederland doneert een steunpakket ter waarde van 500 miljoen euro aan Oekraïne. Dit is onderdeel van een nieuw Amerikaans initiatief, de zogeheten Prioritised Ukraine Requirements List (PURL). Hierbij nemen NAVO-bondgenoten militair materieel af uit de voorraden van de Verenigde Staten voor Oekraïne. Nederland financiert met deze bijdrage als eerste een volledig pakket en is hiermee de eerste NAVO-bondgenoot die via dit nieuwe initiatief middelen aan Oekraïne doneert.

本文介绍了什么大量赋值漏洞（Mass Assignment Vulnerabiltiy），并以CVE-2025-6702为例，分享了笔者是如何使用CodeQL去挖掘Spring中的大量赋值漏洞。

A newly disclosed set of security flaws in NVIDIA's Triton Inference Server for Windows and Linux, an open-source platform for running artificial intelligence (AI) models at scale, could be exploited to take over susceptible servers. "When chained together, these flaws can potentially allow a remote, unauthenticated attacker to gain complete control of the server, achieving remote code execution

A January 2025 breach at Northwest Radiologists exposed data of 350,000 Washington State residents, the company confirmed. A data breach at Northwest Radiologists in January 2025 has exposed the personal information of 350,000 residents of Washington State, the company has confirmed. The security breach occurred on January 25, 2025 and caused “network disruption” at the […]

Name: idekCTF 2025 (an idekCTF event.)
Date: Aug. 2, 2025, 8 a.m. — 04 Aug. 2025, 08:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.idek.team/
Rating weight: 52.06
Event organizers: idek

大模型漏洞分析准确度提升的实践分享 by ourren

「太阿」修升传——记一个科研型软件系统的成长之路 by ourren

更多最新文章，请访问SecWiki

Как ShadowSyndicate переизобрела киберпреступность?

JSCEAL malware targets millions using fake crypto app ads to steal wallets and data. Users urged to stay alert and avoid downloading from untrusted sources.

Mozilla 警告针对 Firefox 扩展开发者的钓鱼攻击，督促开发者对冒充 Mozilla 或 AMO (addons.mozilla.org) 发件人的邮件提高警惕。攻击者可能是利用钓鱼邮件劫持开发者的账号，然后向 Firefox 用户推送包含恶意代码的扩展更新，发动供应链攻击。安全研究人员称，目前针对 Firefox 的恶意插件旨在窃取加密货币钱包的凭证。