Aggregator

A vulnerability identified as problematic has been detected in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. This vulnerability is referenced as CVE-2025-10091. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The identification of this vulnerability is CVE-2025-10090. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #644920 / VDB-314780

The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos. The problem In an earnest attempt to shift left, security teams deputized developers to own remediation. While development teams have legitimately become more security-focused, it’s created a dynamic in which security is still accountable for risk but has … More →

The post Cyber defense cannot be democratized appeared first on Help Net Security.

A major security flaw has been discovered in Argo CD, a popular open-source tool used for Kubernetes GitOps deployments. The vulnerability allows project-level API tokens to expose sensitive repository credentials, such as usernames and passwords, to attackers. The issue has been classified as critical with a CVSS score of 9.8/10 and is tracked as CVE-2025-55190. The […]

The post Critical Argo CD API Flaw Exposes Repository Credentials to Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #644918 / VDB-314554

Submit #644868 / VDB-323047

Submit #644864 / VDB-323046

Submit #644635 / VDB-323045

AI 数据行业，总有新人出头。

当前环境出现异常，需完成验证后方可继续访问。

Письма пришли перед раундом переговоров в Швеции, когда обсуждалось продление тарифного перемирия.

文章记录了一周内网站遭受的扫描、探测及异常流量攻击情况，并提供了相关PCAP文件（需密码解压），密码可在网站“about”页面找到。

The threat group TAG-150, which researchers associate with the development of the CastleLoader malware, has expanded its arsenal

The post CastleRAT: The New MaaS Threat Expanding the Cybercrime Toolkit appeared first on Penetration Testing Tools.

The European Commission has fined Google €2.95 billion (approximately $3.5 billion), accusing the company of abusing its dominant

The post EU Fines Google $3.5B for Abusing Its Ad Tech Monopoly appeared first on Penetration Testing Tools.

The hacking scene has once again made headlines with a provocative declaration. A Telegram channel carried a message

The post Hackers Threaten Google: Fire Our Trackers or We’ll Leak Your Data appeared first on Penetration Testing Tools.

Identity security is becoming a core part of cybersecurity operations, but many organizations are falling behind. A new report from SailPoint shows that as AI-driven identities and machine accounts grow, most security teams are not prepared to manage them at scale. This gap creates new risks and makes identity security harder to deploy across global enterprises. Investments in IAM provide the highest perceived ROI when compared to all other security domains (Source: SailPoint) Most organizations … More →

The post Identity management was hard, AI made it harder appeared first on Help Net Security.

白帽黑客发现汉堡王使用的RBI信息管理系统存在严重安全漏洞，包括硬编码密码、API未认证注册及权限提升等问题。研究人员因商标权问题删除报告博文。系统还泄露客户录音信息。研究人员已负责任地报告漏洞并删除内容。汉堡王和RBI未回应事件。

The arrest of the alleged administrator of the Russian-speaking forum XSS[.]is, known under the alias Toha, has become

The post The Fall of XSS.is: A Cybercrime Forum Fractured by Toha’s Arrest appeared first on Penetration Testing Tools.