Aggregator

A vulnerability has been found in microlight 0.0.7 and classified as problematic. This vulnerability affects unknown code of the file microlight.js of the component Color Value Handler. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-45525. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. This vulnerability is uniquely identified as CVE-2025-6299. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is the function setStaticDhcpConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Comment leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-6302. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in powsybl-core up to 6.7.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to inefficient regular expression complexity. This vulnerability is known as CVE-2025-48058. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Microsoft Dynamics 365 FastTrack Implementation. Affected by this issue is some unknown functionality. The manipulation leads to exposure of private personal information to an unauthorized actor. This vulnerability is handled as CVE-2025-49715. The attack may be launched remotely. There is no exploit available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves.

A vulnerability, which was classified as problematic, has been found in PHPGurukul Bus Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php of the component Profile Page. The manipulation of the argument profile name leads to cross site scripting. This vulnerability is handled as CVE-2025-6288. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in D-Link DIR-825 2.03. This affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-6291. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-6292. The attack can be initiated remotely. Furthermore, there is an exploit available.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

Oxford City Council revealed that attackers accessed data of individuals who worked on Council-administered elections between 2001 and 2022

A sophisticated malware campaign targeting ComfyUI, a popular AI image generation framework, has successfully compromised at least 695 servers worldwide, security researchers have discovered. The attack represents a significant escalation in threats against AI infrastructure, exploiting vulnerabilities in ComfyUI to deploy a lightweight but highly persistent backdoor dubbed “Pickai.” The campaign first emerged in February […]

The post Hackers Exploit ComfyUI 700+ AI Image Generation Servers to Deploy Malware appeared first on Cyber Security News.

System Update

Red Canary uncovers 'Mocha Manakin,' a new threat using paste and runs to deliver custom NodeInitRAT malware, potentially leading to ransomware. Learn to protect your systems.

有没有一种AI助手，它不需要你“写论文”一样敲提示词，也不要求你“懂编程”才能用起来？有没有一种AI服务，它像你的私人助理一样，懂你、快你、帮你？

用于在数据分析任务中自动且可验证地执行复杂的数据使用策略的系统——PICACHV

«Мать всех утечек» оказалась сводной мачехой из Telegram.

In this role, Sunder will provide leadership and oversight to NIST’s laboratories, which provide vital measurement and research services that underpin technology innovation in the United States.

Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud PCs are Azure (i.e., Windows 365 service)-hosted virtual Windows PCs the company offers as a service. They are accessible from any modern device with internet access, and provide users with their own “always-on” Cloud PC with saved state and settings. They are often provisioned by enterprises who offer remote … More →

The post Microsoft boosts default security of Windows 365 Cloud PCs appeared first on Help Net Security.

Iran's state-owned TV broadcaster was hacked Wednesday night to interrupt regular programming and air videos calling for street protests against the Iranian government, according to multiple reports. It's currently not known who is behind the attack, although Iran pointed fingers at Israel, per Iran International. "If you experience disruptions or irrelevant messages while watching various TV