Aggregator

A vulnerability was found in Ruckus Virtual SmartZone and Network Director and classified as critical. This issue affects some unknown processing of the component JWT Signing Key Handler. The manipulation leads to use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2025-44957. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Ruckus Virtual SmartZone and Network Director. It has been classified as problematic. Affected is an unknown function. The manipulation leads to relative path traversal. This vulnerability is traded as CVE-2025-44962. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Ruckus Virtual SmartZone and Network Director. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SSH. The manipulation leads to use of default cryptographic key. This vulnerability is known as CVE-2025-44954. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Ruckus Virtual SmartZone and Network Director. It has been rated as critical. Affected by this issue is some unknown functionality of the component API Route. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-44960. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Ruckus Virtual SmartZone and Network Director. This vulnerability affects unknown code of the component JWT Token Handler. The manipulation leads to use of hard-coded cryptographic key . This vulnerability was named CVE-2025-44963. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in Ruckus Virtual SmartZone and Network Director and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to storing passwords in a recoverable format. This vulnerability is known as CVE-2025-44958. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. This vulnerability is known as CVE-2025-8517. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A critical vulnerability has been discovered in the Squid proxy server, enabling remote execution of arbitrary code. The flaw affects nearly all actively used versions, and given the widespread deployment of Squid, millions of...

The post Critical Squid Flaw Allows Remote Code Execution & Data Leakage appeared first on Penetration Testing Tools.

In the first half of 2025, Sonatype uncovered a large-scale, ongoing assault on the open-source software ecosystem, orchestrated by the North Korean threat actor known as Lazarus. Sonatype’s automated malware detection systems were the...

The post Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets appeared first on Penetration Testing Tools.

本报告数据整合自CNVD、CNNVD、Verizon DBIR、VulnCheck等漏洞研究平台，并结合奇安信CERT多源情报交叉验证。分析周期覆盖2025年1月1日至6月30日，通过对全球网络空间的动态监测，确保漏洞数据的准确性与时效性。

A new large-scale threat has emerged on the Android horizon, dubbed PlayPraetor—a sophisticated piece of malware capable of seizing full control over compromised devices. To date, over 11,000 devices have fallen under its sway,...

The post PlayPraetor: New Android RAT Infects 11,000+ Devices with Real-Time On-Device Fraud appeared first on Penetration Testing Tools.

The government of Luxembourg has launched an official investigation into an unprecedented disruption of the national telecommunications system that occurred on July 23. The cause of the outage, which left 4G and 5G mobile...

The post Luxembourg Hit by “Sophisticated” Cyberattack: Huawei Equipment Targeted, Mobile Networks Down for Hours appeared first on Penetration Testing Tools.

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

三菱太陽光発電システム用モニターのエコガイドTABには、複数の脆弱性が存在します。

Proton Authenticator iOS版存在严重安全漏洞，以明文形式记录TOTP密钥到本地日志中。虽然日志不会上传服务器，但若用户主动分享或设备被他人获取并解锁，则可能泄露多因素身份验证代码。建议立即更新至最新版本修复此问题。

无人机时代的地缘博弈当夜幕降临在喜马拉雅山脉的皑皑雪峰之上，一双双机械的"眼睛"正在高空中悄然游弋。这些看似

越南，这个昔日依赖传统军力的东南亚国家，正以惊人的速度构建其无人机军事力量。从2020年到2025年，短短五

菲律宾，这个看似不起眼的东南亚国家，近年来在无人机领域的迅猛布局，正逐步改写着南海地缘政治的棋局。早在201

Experts at Palo Alto Networks’ Unit 42 have uncovered a new cyber-espionage campaign targeting the telecommunications sector in Southeast Asia. At the heart of these operations lies a threat actor identified as CL-STA-0969, closely...

The post The Telecom Threat: Liminal Panda’s Covert Campaign Targets Southeast Asian Critical Infrastructure appeared first on Penetration Testing Tools.

In the autumn of 2024, Microsoft reintroduced a controversial feature in Windows called Recall—an artificial intelligence system that periodically captures screenshots, allowing users to later search through their entire on-screen activity. Marketed as a...

The post The Dark Side of Recall: Microsoft’s AI Feature is Still Capturing Sensitive Data and Poses Grave Security Risks appeared first on Penetration Testing Tools.