Aggregator

Untangle: 多层 Web 服务器指纹识别 by ourren

更多最新文章，请访问SecWiki

A vulnerability, which was classified as problematic, has been found in Bagisto 2.2.2. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument Query leads to cross site scripting. This vulnerability is handled as CVE-2025-40675. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Zoho ManageEngine ADAudit Plus up to 8510. This affects an unknown part of the component Service Account Auditing Report. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-27709. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

In a recent research by Proofpoint and Threatray has unveiled the intricate and evolving malware arsenal of the Bitter group, also known as TA397, believed to be a state-backed actor aligned with the interests of the Indian government. Active since 2016, Bitter has transformed its operations from deploying rudimentary downloaders to orchestrating sophisticated Remote Access […]

The post Bitter Malware Employs Custom-Built Tools to Evade Detection in Advanced Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Alleged data breach of IMS Consultores

Vulnerability in PayU CommercePro plugin allows account hijacking on thousands of WordPress sites

Linux 基金会上周宣布了 FAIR 包管理器项目，此举旨在让去年引发混乱的 WordPress 社区稳定下来。WordPress 联合创始人 Matthew Mullenweg 去年对竞争对手 WP Engine 发动了攻击，引发了一场至今尚未解决的诉讼。期间他还通过其控制的 WordPress.org 开源项目劫持了 WP Engine 的插件。用于分发 WordPress 插件的 FAIR 包管理器项目试图解决这一问题，它将确保 WordPress 插件不受任何一方的控制。它是中心化 WordPress.org 插件和主题生态系统的去中心化替代，旨在将控制权交还给 WordPress 托管者和开发商。它采用了联邦式开源架构。

At this year’s RSAC Conference, one theme loomed large: AI isn’t just a tool anymore—it’s a battleground. Industry veteran Anand Oswal discussed how AI is reshaping both sides of the cybersecurity equation: It’s amplifying the speed and scale of attacks while simultaneously offering new ways to fight back. The complexity of securing AI applications is..

The post Security in the Age of AI with Anand Oswal appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in Bunnys Print CSS Plugin up to 0.95 on WordPress. This affects the function pcss_options_subpanel of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-5925. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Real Estate Theme Plugin up to 4.4.0/4.4.1 on WordPress. It has been rated as critical. Affected by this issue is the function inspiry_update_profile. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2025-4601. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. This vulnerability is known as CVE-2025-5935. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Браузер не защитит, если не смотришь на URL.

A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-5934. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #589354 / VDB-311713

RipperSec Targeted the Website of Vice President of India

Submit #588258 / VDB-311712

The statement said the Rhode Island-based company identified unauthorized activity on its systems on Thursday, prompting officials to take systems offline. The action “has temporarily impacted the Company’s ability to fulfill and distribute customer orders.”

The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025. "The victimology includes a South Asian government entity, a European media organization, and more than 70 organizations across a wide range of sectors," SentinelOne security researchers Aleksandar

Skitnet malware, also referred to as Bossnet, has emerged as a critical tool for ransomware gangs in 2025, showcasing a marked increase in operational efficiency for cybercriminals. First advertised on underground forums like RAMP on April 19, 2024, by a threat actor known as LARVA-306, Skitnet was initially positioned as a compact, user-friendly post-exploitation package […]

The post Skitnet Malware Actively Adopted by Ransomware Gangs to Enhance Operational Efficiency appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.