SecWiki News 2025-07-16 Review
今日暂未更新资讯~
更多最新文章,请访问SecWiki
更多最新文章,请访问SecWiki
Aggregator
CVE-2025-53926 | Emlog Pro up to 2.5.17 POST Request comname cross site scripting (EUVD-2025-21725)
9 months 1 week ago
A vulnerability classified as problematic was found in Emlog Pro up to 2.5.17. This vulnerability affects unknown code of the component POST Request Handler. The manipulation of the argument comname leads to cross site scripting.
This vulnerability was named CVE-2025-53926. The attack can be initiated remotely. There is no exploit available.
vuldb.com
Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits
9 months 1 week ago
Dozens of Fortinet FortiWeb instances have been compromised with webshells in a widespread hacking campaign, according to the threat monitoring organization The Shadowserver Foundation. The attacks are linked to a critical vulnerability, tracked as CVE-2025-25257, for which public proof-of-concept (PoC) exploits were released just days ago. Key Takeaways1. A critical flaw in Fortinet FortiWeb is […]
The post Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits appeared first on Cyber Security News.
Guru Baran
CVE-2025-53931 | LabRedesCefetRJ WeGIA up to 3.4.4 adicionar_raca.php raca cross site scripting (EUVD-2025-21724)
9 months 1 week ago
A vulnerability classified as problematic has been found in LabRedesCefetRJ WeGIA up to 3.4.4. This affects an unknown part of the file adicionar_raca.php. The manipulation of the argument raca leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-53931. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53930 | LabRedesCefetRJ WeGIA up to 3.4.4 adicionar_especie.php especie cross site scripting (EUVD-2025-21728)
9 months 1 week ago
A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file adicionar_especie.php. The manipulation of the argument especie leads to cross site scripting.
This vulnerability is handled as CVE-2025-53930. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53929 | LabRedesCefetRJ WeGIA up to 3.4.4 adicionar_cor.php cor cross site scripting (EUVD-2025-21729)
9 months 1 week ago
A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.4.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file adicionar_cor.php. The manipulation of the argument cor leads to cross site scripting.
This vulnerability is known as CVE-2025-53929. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Pro-Russian DDoS group NoName057(16) disrupted by international law enforcement operation
9 months 1 week ago
Over a dozen law enforcement agencies took action earlier this week, resulting in multiple arrests.
The post Pro-Russian DDoS group NoName057(16) disrupted by international law enforcement operation appeared first on CyberScoop.
Greg Otto
MacOS Malware NimDoor Weaponizing Zoom SDK Update to Steal Keychain Credentials
9 months 1 week ago
A sophisticated MacOS malware campaign dubbed NimDoor has emerged, targeting Web3 and cryptocurrency organizations through weaponized Zoom SDK updates. The malware, attributed to North Korea-linked threat actors likely associated with Stardust Chollima, represents a significant evolution in offensive capabilities against MacOS systems, having been active since at least April 2025. The attack orchestration begins with […]
The post MacOS Malware NimDoor Weaponizing Zoom SDK Update to Steal Keychain Credentials appeared first on Cyber Security News.
Tushar Subhra Dutta
乌克兰黑客破坏了俄罗斯无人机制造商的 IT 基础设施
9 months 1 week ago
乌克兰黑客与情报部门合作,成功破坏了俄罗斯最大无人机制造商之一的 Gaskar Integration 的 IT 基础设施,导致该公司的生产陷入瘫痪。黑客在此次攻击中窃取了 47 TB 数据,之后将包括备份在内的所有数据全部从服务器上抹掉。窃取的数据转交给了乌克兰国防部。
SquidLoader Malware Campaign Targets Hong Kong Financial Sector
9 months 1 week ago
A new malware campaign targeting Hong Kong finance has been identified, featuring SquidLoader to deploy Cobalt Strike Beacon
Google spots tailored backdoor malware aimed at SonicWall appliances
9 months 1 week ago
Google researchers reported on a malware campaign against end-of-life SonicWall appliances, noting that the attackers were good at covering their tracks.
SonicWall SMA devices hacked with OVERSTEP rootkit tied to ransomware
9 months 1 week ago
A threat actor has been deploying a previously unseen malware called OVERSTEP that modifies the boot process of fully-patched but no longer supported SonicWall Secure Mobile Access appliances. [...]
Ionut Ilascu
DragonForce
9 months 1 week ago
You must login to view this content
cohenido
Mozilla 征求用户对 Firefox 未来发展的意见
9 months 1 week ago
Firefox 最近推出了多项用户期待已久的新功能,如标签页组和垂直标签,Mozilla 此举也是旨在响应社区民意。在推出这些新功能之后,Firefox 接下来该这么做呢?Mozilla 开发者通过官方论坛征求用户的意见,并准备进行一次社区的 AMA(你问我答)活动。
DragonForce
9 months 1 week ago
You must login to view this content
cohenido
Resource Energy falls victim to Qilin Ransomware
9 months 1 week ago
Resource Energy falls victim to Qilin Ransomware
Dark Web Informer - Cyber Threat Intelligence
Play
9 months 1 week ago
You must login to view this content
cohenido
Play
9 months 1 week ago
You must login to view this content
cohenido
Пользуетесь VPN? Не паникуйте: Шейкин объяснил, когда штрафуют, а когда — нет
9 months 1 week ago
VPN не преступление, но если очень постараться — станет им.
CVE-2025-7712 | Madara Plugin up to 2.2.3 on WordPress wp_manga_delete_zip denial of service
9 months 1 week ago
A vulnerability was found in Madara Plugin up to 2.2.3 on WordPress. It has been classified as problematic. Affected is the function wp_manga_delete_zip. The manipulation leads to denial of service.
This vulnerability is traded as CVE-2025-7712. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com