Aggregator

Submit #597566 / VDB-313386

Submit #597565 / VDB-313386

A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-5138. The attack can be launched remotely. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. The vendor was contacted early about this disclosure but did not respond in any way.

95% of C-suite leaders say that GenAI is driving a new level of innovation in their organizations, according to NTT DATA. While CEOs and business leaders are committed to GenAI adoption, CISOs and operational leaders lack the necessary guidance, clarity and resources to address security risks and infrastructure challenges associated with deployment. The C-Suite disconnect 99% of C-Suite executives are planning further GenAI investments over the next two years, with 67% of CEOs planning significant … More →

The post CISOs flag gaps in GenAI strategy, skills, and infrastructure appeared first on Help Net Security.

Ни одного файла, ни одного следа — а все ваши пароли уже в чьём-то Telegram-канале.

A vulnerability was found in Apple iOS up to 10.3.2 and classified as critical. This issue affects some unknown processing of the component libxpc. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-7047. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Even security teams, the ones responsible for protecting the business, are adding to AI-related risk. A new survey by AI security company Mindgard, based on responses from over 500 cybersecurity professionals at RSAC 2025 Conference and Infosecurity Europe 2025, found that many security staff are using AI tools on the job without approval. Al tools usage by security teams (Source: Mindgard) This growing use of unapproved AI, often called shadow AI, is becoming a major … More →

The post Who’s guarding the AI? Even security teams are bypassing oversight appeared first on Help Net Security.

A vulnerability has been found in CloudClassroom-PHP-Project 1.0 and classified as critical. This vulnerability affects unknown code of the component registrationform. The manipulation of the argument pass leads to sql injection. This vulnerability was named CVE-2025-45542. The attack can be initiated remotely. Furthermore, there is an exploit available.

Мошенники потратят на вас время, но останутся с носом. Теперь ваш голос для них — загадка.

A vulnerability was found in RBX Gallery 2.1. It has been rated as very critical. This issue affects some unknown processing of the file uploader.php of the component File Upload. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2012-3575. The attack may be initiated remotely. Furthermore, there is an exploit available.

Stanford recently released its AI Index 2025, and it’s packed with insights on how AI is changing. For CISOs, it’s a solid check-in on where things stand. It covers what the tech can do now, how governments are responding, and where public opinion is heading. Here’s what’s worth knowing. AI is improving fast and showing up everywhere New models are performing better on hard benchmarks and tackling complex tasks like coding and math with more … More →

The post AI Index 2025: What’s changing and why it matters appeared first on Help Net Security.

本文提出了 HoneyPLC，一个高交互、可扩展且可收集恶意软件的蜜罐，其达到了与真实 PLC 设备相当的性能水平，显著推动了该领域的技术发展水平。

За безобидным значком скрывается новая итерация Android-шпионажа.

A vulnerability was found in Beaver Builder Plugin up to 2.9.1 on WordPress and classified as critical. This issue affects the function save_enabled_icons. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2025-4102. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in powsybl-core up to 6.7.1 and classified as critical. This vulnerability affects the function com.powsybl.commons.xml.XmlReader of the component XML Parser. The manipulation leads to xml external entity reference. This vulnerability was named CVE-2025-47293. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, was found in powsybl-core up to 6.7.1. This affects the function read of the component SparseMatrix. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-47771. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Microsoft Dynamics 365 FastTrack Implementation. Affected by this issue is some unknown functionality. The manipulation leads to exposure of private personal information to an unauthorized actor. This vulnerability is handled as CVE-2025-49715. The attack may be launched remotely. There is no exploit available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves.

A vulnerability classified as problematic was found in powsybl-core up to 6.7.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to inefficient regular expression complexity. This vulnerability is known as CVE-2025-48058. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Rapid7 Velociraptor up to 0.74.2. Affected is the function Admin.Client.UpdateClientConfig of the component VQL Query Handler. The manipulation leads to incorrect default permissions. This vulnerability is traded as CVE-2025-6264. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Here’s a look at the most interesting products from the past week, featuring releases from BigID, Dashlane, Sumsub, and Jumio. Dashlane’s AI model alerts businesses to phishing risks In contrast to rule-based filters or reliance on a threat intel database, Dashlane’s AI phishing alerts leverage an AI model that analyzes 79 phishing indicators in real-time, such as hidden login forms, external link ratios and concealed iFrames, to determine whether a domain is potentially malicious. Analysis … More →

The post New infosec products of the week: June 20, 2025 appeared first on Help Net Security.