Aggregator

A vulnerability, which was classified as problematic, has been found in SummerNote 0.8.18. This affects an unknown function of the component Code View. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-37629. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

According to TransUnion, digital fraud has cost companies $534bn in losses globally with US business hit hardest

London's Metropolitan Police announced the arrests of two 17-year-old boys who are under questioning in relation to the hack and extortion of the Kido chain.

A critical flaw in the AWS Client VPN for macOS has been disclosed, presenting a local privilege escalation risk to non-administrator users.  The vulnerability tracked as CVE-2025-11462 allows attackers to gain root privileges by abusing the client’s log rotation mechanism. AWS Client VPN is a managed, client-based VPN service that secures access to AWS and […]

The post Critical AWS ClientVPN for macOS Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Сера, не похожая на земную — учёные наткнулись на аномалию с доисторическим привкусом.

Tel Aviv, Israel, 8th October 2025, CyberNewsWire

Tel Aviv, Israel, 8th October 2025, CyberNewsWire

The post Miggo Security Named a Gartner® Cool Vendor in AI Security appeared first on Security Boulevard.

North Korean hackers have stolen more than $2 billion in cryptocurrency in 2025, according to blockchain analytics firm Elliptic, and the year isn’t over yet. Though this year’s record losses are driven largely by the February attack on cryptocurrency exchange Bybit ($1.46 billion stolen), the company has also linked more than thirty additional hacks to North Korea this year. “The actual figure may be even higher,” the company says. “We are aware of many other … More →

The post North Korean hackers stole over $2 billion in cryptocurrency this year appeared first on Help Net Security.

Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.

The post CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code appeared first on Security Boulevard.

OpenAI's new report warns hackers are combining multiple AI tools for cyberattacks, scams, and influence ops linked to China, Russia, and North Korea.

A vulnerability labeled as critical has been found in B&R Industrial Automation Automation Runtime up to Q4.92. Affected is an unknown function. Executing manipulation can lead to improper resource locking. This vulnerability appears as CVE-2025-3450. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during log rotation. CVE ID Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-11462 AWS Client VPN Client […]

The post AWS Client VPN for macOS Hit by Critical Privilege Escalation Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers set out to test leading large language models (LLMs) for resilience against the long-standing ASCII Smuggling technique.  By embedding invisible control characters within seemingly harmless text, ASCII Smuggling abuses Unicode “tag” blocks to hide malicious instructions from human reviewers while feeding them directly into the raw input stream consumed by LLMs.  FireTail researcher Viktor […]

The post ASCII Smuggling Attack Lets Hackers Manipulate Gemini to Deliver Smuggled Data to Users appeared first on Cyber Security News.

JLR возвращает жизнь после сбоя, остановившего всю цепочку поставок.

A new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5. Security researchers discovered that attackers can trigger remote code execution and privilege escalation by abusing flaws in the Lua parser, the unpack() function, and the protection of basic type metatables. These issues pose a direct threat to […]

The post PoC Exploit Released for Critical Vulnerabilities in Lua Engine appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability marked as critical has been reported in Melis Platform up to 5.3.3. This impacts an unknown function of the file /melis/MelisCms/PageEdition/getTinyTemplates. The manipulation of the argument idPage leads to sql injection. This vulnerability is documented as CVE-2025-10351. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Melis Platform up to 5.3.10. This affects an unknown function of the file /melis/MelisCore/ToolUser/addNewUser. Executing manipulation can lead to missing authorization. This vulnerability is registered as CVE-2025-10352. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection. This vulnerability is cataloged as CVE-2025-11491. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as critical has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler. Such manipulation leads to os command injection. This vulnerability is listed as CVE-2025-11490. The attack may be performed from remote. In addition, an exploit is available. The vendor explains: "The usual use case is that AI is asked to do something, picks commands itself, and typically uses simple command names without absolute paths. It's curious why a user would ask the model to bypass restrictions this way. (...) This could potentially be a problem, but we are yet to hear reports of this being an issue in actual workflows. We'll leave this issue open for situations where people may report this as a problem for the long term."