Aggregator

Can I have a new password, please? The $400M question.

Bleeping Computer.
9 months 1 week ago
Scattered Spider didn't need a zero-day to breach Clorox. They just phoned the help desk—convincing agents to reset passwords & MFA without proper checks. The result: $380M in damages. Learn from Specops Software why caller verification and audit trails are critical. [...]
Sponsored by Specops Software

CVE-2025-10235 | Scada-LTS up to 2.7.8.1 Reports /reports.shtm Colour cross site scripting

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in Scada-LTS up to 2.7.8.1. It has been classified as problematic. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes cross site scripting. This vulnerability appears as CVE-2025-10235. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10234 | Scada-LTS up to 2.7.8.1 Data Point Edit /data_point_edit.shtm Text Renderer properties cross site scripting

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in Scada-LTS up to 2.7.8.1 and classified as problematic. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scripting. This vulnerability is reported as CVE-2025-10234. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10233 | kalcaddle kodbox 1.61 editor.class.php fileGet/fileSave path path traversal

VulDB Recent Entries
9 months 1 week ago
A vulnerability has been found in kalcaddle kodbox 1.61 and classified as critical. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path traversal. This vulnerability is documented as CVE-2025-10233. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Coro 3.6 reduces operational burden for resource-constrained SMBs

Help Net Security
9 months 1 week ago

Coro announced the latest version of its platform. Coro 3.6 leverages AI to transform complex security into easy-to-use security for resource-constrained SMBs. Today, SMBs require a solution to enhance their security posture. Coro’s unified platform ensures that everything works together across all security functions, easing the operational burden on lean IT teams and providing small businesses with advanced protection. Security threats generate overwhelming amounts of data across various security modules and tools that require time-consuming … More →

The post Coro 3.6 reduces operational burden for resource-constrained SMBs appeared first on Help Net Security.

Industry News

CVE-2025-10232 | 299ko up to 2.0.0 FileManagerAPIController.php getSentDir/delete path traversal

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as critical, was found in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. This vulnerability is registered as CVE-2025-10232. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Managed ad