Aggregator

CVE-2025-12928 | code-projects Online Job Search Engine 1.0 /login.php username/phone sql injection (EUVD-2025-41752)

Vuldb Updates
3 months ago
A vulnerability, which was classified as critical, has been found in code-projects Online Job Search Engine 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument username/phone results in sql injection. This vulnerability is reported as CVE-2025-12928. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2025-62689 | GNU libbmicrohttpd up to 1.0.2 Packet heap-based overflow (EUVD-2025-41746)

Vuldb Updates
3 months ago
A vulnerability categorized as critical has been discovered in GNU libbmicrohttpd up to 1.0.2. This issue affects some unknown processing of the component Packet Handler. Executing manipulation can lead to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-62689. The attack may be launched remotely. There is no exploit available. It is best practice to apply a patch to resolve this issue.
vuldb.com

CVE-2025-41731 | Jumo variTRON300/variTRON500/variTRON500 touch prior 9.0.2.5 Debug Interface weak prng (vde-2025-086 / EUVD-2025-44036)

Vuldb Updates
3 months ago
A vulnerability has been found in Jumo variTRON300, variTRON500 and variTRON500 touch and classified as problematic. This affects an unknown part of the component Debug Interface. This manipulation causes cryptographically weak prng. This vulnerability appears as CVE-2025-41731. The attack requires local access. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2025-48983 | Veeam Backup & Replication up to 12.3.2.3617 Mount Service privilege escalation (kb4771 / EUVD-2025-37229)

Vuldb Updates
3 months ago
A vulnerability was found in Veeam Backup & Replication up to 12.3.2.3617. It has been classified as critical. Affected by this issue is some unknown functionality of the component Mount Service. Performing manipulation results in privilege escalation. This vulnerability was named CVE-2025-48983. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

Security Affairs
3 months ago
Nine NuGet packages by “shanhai666” can deploy delayed payloads to disrupt databases and industrial systems. Socket’s Threat Research Team discovered nine malicious NuGet packages, published between 2023 and 2024 by “shanhai666,” that can deploy time-delayed payloads to disrupt databases and industrial control systems. Scheduled to trigger in August 2027 and November 2028, the packages were […]
Pierluigi Paganini

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

The Hackers News
3 months ago
Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT. "The attacker's modus operandi involved using a compromised email account to send malicious messages to multiple hotel establishments," Sekoia said. "This campaign
The Hacker News

Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware

不安全
3 months ago
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户的要求是直接写文章描述,不需要特定的开头。首先,我得仔细阅读文章,抓住主要信息。 文章讲的是针对酒店业的网络钓鱼活动。攻击者使用被黑的邮箱发送模仿Booking.com的邮件,引诱酒店经理点击链接,进入ClickFix页面。然后部署PureRAT恶意软件,窃取凭证。最终目的是获取访问Booking.com等平台的权限,用于诈骗或出售。 接下来,我需要将这些要点浓缩到100字以内。要注意关键点:大规模钓鱼活动、目标是酒店业、使用恶意邮件和ClickFix页面、窃取凭证、部署PureRAT、目的获取访问权限用于诈骗或出售。 可能的结构是:描述攻击方式和目标,然后说明手段和目的。确保语言简洁明了。 最后检查字数是否符合要求,并确保没有遗漏重要信息。 研究人员发现针对酒店业的大规模网络钓鱼活动,攻击者通过模仿Booking.com的恶意邮件引诱酒店经理点击链接并窃取凭证,利用ClickFix页面和社会工程学手段部署PureRAT恶意软件,最终目标是获取对Booking.com等平台的非法访问权限以进行诈骗或出售。

The Role of Customer Feedback in Product Development

不安全
3 months ago
客户反馈对在线业务至关重要,能够指导产品开发并揭示消费者需求。通过分析反馈数据,品牌可以改进产品、增强竞争力,并建立信任与忠诚度。使用工具如Yotpo等可高效收集和分析反馈,助力企业快速响应市场变化并提升客户满意度。

GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs

The Hackers News
3 months ago
Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem. The extensions in question, which are still available for download, are listed below - ai-driven-dev.ai-driven-dev (3,402 downloads) adhamu.history-in-sublime-merge (4,057
The Hacker News

Hackers Exploit Websites to Inject Malicious Links for SEO Manipulation

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months ago

A surge in online casino spam is reshaping the dark corners of the internet, with threat actors increasingly hacking websites to embed malicious SEO-boosting links. This evolving tactic aims to promote online gambling sites by hijacking the authority of legitimate websites putting site owners and unsuspecting users alike at risk. Historically, blackhat SEO spam campaigns […]

The post Hackers Exploit Websites to Inject Malicious Links for SEO Manipulation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

上周关注度较高的产品安全漏洞(20251103-20251109)

不安全
3 months ago
嗯,用户让我帮忙总结一篇文章,控制在一百个字以内,而且不需要特定的开头。首先,我得看看文章内容是什么。文章标题是“环境异常”,里面提到当前环境异常,完成验证后可以继续访问,还有一个“去验证”的按钮。看起来这是一个提示用户需要进行验证才能继续访问的通知。 接下来,我需要理解用户的需求。他们可能是在使用某个网站或应用时遇到了环境异常的问题,需要总结这个情况。用户希望总结简洁明了,不超过一百个字,所以我要抓住关键点:环境异常、验证、继续访问。 然后,我要考虑如何表达这些信息。直接描述情况,不需要复杂的结构。比如,“当前环境异常,需完成验证后方可继续访问。”这样既简洁又准确。 最后,检查一下是否符合要求:一百字以内,没有使用特定的开头词。看起来没问题了。 当前环境异常,需完成验证后方可继续访问。

CNVD漏洞周报2025年第43期

不安全
3 months ago
嗯,用户让我总结一篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。首先,我需要理解用户的需求。他可能是在做一个快速的摘要,或者需要简洁的信息用于某种场合,比如报告、演示或者社交媒体。 然后,我看看用户给的原文内容。原文提到“环境异常”,然后说完成验证后可以继续访问,并有一个“去验证”的按钮。看起来这篇文章是在通知用户当前环境有问题,需要进行验证才能继续使用服务或访问内容。 接下来,我需要把这些信息浓缩到一百字以内。要抓住关键点:环境异常、完成验证、继续访问。同时,语言要简洁明了,不使用复杂的句子结构。 可能会想,是否需要提到按钮或者其他细节?但考虑到字数限制,可能不需要。重点是传达主要信息:环境问题和验证步骤。 最后,确保总结准确无误,并且符合用户的格式要求。直接开始描述,不需要任何开头语。 当前环境出现异常问题,需完成验证操作后方可继续访问相关内容或服务。

Managed ad