Aggregator

关键词安全漏洞安全研究人员披露苹果Safari浏览器存在设计缺陷，攻击者可利用全屏模式实施“浏览器中间人攻击”

关键词安全漏洞网络安全团队 Oasis Research Team 于 5 月 28 日发布博文，报告称微软

关键词黑客5 月 20 日，广州市公安局天河区分局发布警情通报称，广州某科技公司遭境外黑客组织网络攻击，公安机

The year 2025 has ushered in an unprecedented escalation in cyber threats, driven by the weaponization of generative AI. Cybercriminals now leverage machine learning models to craft hyper-personalized phishing campaigns, deploy self-evolving malware, and orchestrate supply chain compromises at industrial scales. From deepfake CEO fraud to AI-generated ransomware, these attacks exploit human psychology and technological […]

The post Generative AI Exploitation in Advanced Cyber Attacks of 2025 appeared first on Cyber Security News.

Submit #587365 / VDB-310663

Submit #587308 / VDB-235825

Submit #587234 / VDB-310662

A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql injection. The identification of this vulnerability is CVE-2025-5368. The attack may be initiated remotely. Furthermore, there is an exploit available.

点击蓝字，关注我们一想到你在关注我就忍不住有点紧张近期，火绒工程师在日常监测安全动态时发现一起利用AI编程工具

AI即万物：ISC.AI 2025的跨越变迁

A sophisticated client-side attack that enables cybercriminals to gain complete control over iPhones through a single malicious WeChat message, highlighting critical vulnerabilities in one of the world’s most popular messaging platforms. The attack, detailed in recent research by cybersecurity firm DARKNAVY, exploits WeChat’s built-in browser components and URL parsing mechanisms to execute remote code without […]

The post New Client-Side Attack Let Attacker Get Complete Control Over iPhone With Single WeChat Message appeared first on Cyber Security News.

A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. This vulnerability was named CVE-2025-5367. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #586911 / VDB-310661

Submit #586862 / VDB-215112

Submit #586814 / VDB-310660

Антивирус не пикнул, потому что фишинг пришёл из доверенного облака.

A vulnerability has been found in Simple Page Access Restriction Plugin up to 1.0.31 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file settings.php. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-5142. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in OpenSheetMusicDisplay Plugin up to 1.4.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument className leads to cross site scripting. This vulnerability is known as CVE-2025-5235. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is known as CVE-2025-4696. The attack can be launched remotely. Furthermore, there is an exploit available.