Aggregator

Призрак Пабло Эскобара снова заработал миллионы. Но не так, как вы думаете.

AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information. [...]

CVE-2025-53770: SharePoint WebPart Injection Exploit Tool

A vulnerability classified as critical has been found in Fortinet FortiADC up to 7.6.1. Affected is an unknown function of the component HTTP Request Handler. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-31104. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Autodesk Revit. It has been declared as critical. This vulnerability affects unknown code of the component RTE File Parser. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-5040. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Attachment Manager Plugin up to 2.1.2 on WordPress. This affects the function handle_actions. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-7643. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in MasterStudy LMS Pro Plugin up to 4.7.9 on WordPress. Affected is the function install_and_activate_plugin. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-7438. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Malcure Malware Scanner Plugin up to 16.8 on WordPress. It has been rated as problematic. This issue affects the function wpmr_inspect_file. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2025-7772. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Lenovo Vantage and Commercial Vantage and classified as critical. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. The manipulation leads to argument injection. This vulnerability is known as CVE-2025-6231. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Lenovo Vantage and Commercial Vantage and classified as critical. Affected by this issue is some unknown functionality of the component Registry Handler. The manipulation leads to argument injection. This vulnerability is handled as CVE-2025-6232. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Fortinet FortiIsolator and FortiSandbox. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to session expiration. This vulnerability was named CVE-2024-27779. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Identity Services Engine Software and classified as problematic. This issue affects some unknown processing of the component Web-based Management Interface. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2025-20267. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft reveals Chinese state-backed hacker groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, are exploiting SharePoint flaws, breaching over 100 organisations. Discover threat actors, their tactics and Microsoft's urgent security guidance.

The rise of clandestine “travel agencies” on darknet forums has reshaped the cyber-crime landscape, morphing traditional card-skimming into a full-fledged service economy that sells half-priced flights, five-star hotels, and even yacht charters. What unsuspecting buyers see as a bargain is merely the last hop of a criminal supply chain that begins with credential theft and […]

The post Dark Web Travel Agencies Offering Cheap Travel Deals to Steal Credit Card Data appeared first on Cyber Security News.

H4X-Tools: Open source toolkit for scraping, OSINT and more

Исследование показало: в мире ИИ добрые алгоритмы всегда проигрывают злым.

A vulnerability classified as problematic has been found in Zimbra Collaboration Suite up to 8.x/10.0.14/10.1.8. Affected is an unknown function of the component Webmail Interface/Admin Console. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2025-53645. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in intlify vue-i18n up to 9.14.4/10.0.7/11.0.x. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-53892. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was suspected in Realtek AmebaD up to 3.1.8. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.