Aggregator

A vulnerability was found in OnlyOffice Docs up to 8.3.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component WOPI Protocol Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-5301. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens Mendix Studio Pro 10, Mendix Studio Pro 10.12, Mendix Studio Pro 10.18, Mendix Studio Pro 10.6, Mendix Studio Pro 11, Mendix Studio Pro 8 and Mendix Studio Pro 9. It has been classified as critical. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-40592. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Sensor Intel Series: June 2025 CVE Trends

Erie Insurance reveals suspected network breach and ongoing outage

Amazon хотел «по умолчанию», Linux ответил «у нас так не работает».

A newly disclosed vulnerability, CVE-2025-33073, dubbed the “Reflective Kerberos Relay Attack,” has shaken the Windows security landscape. Discovered by RedTeam Pentesting and patched by Microsoft on June 10, 2025, this flaw allows low-privileged Active Directory users to escalate privileges to NT AUTHORITY\SYSTEM on domain-joined Windows systems that do not enforce SMB signing. The attack leverages […]

The post Windows SMB Client Zero-Day Vulnerability Exploited via Reflective Kerberos Relay Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GPS из помощника превратился в пульт от вашей машины.

CISA and international cybersecurity partners have released a comprehensive suite of guidance documents aimed at protecting critical network edge devices from increasingly sophisticated cyberattacks.  This coordinated effort, involving cybersecurity authorities from nine countries, including Australia, Canada, the United Kingdom, and Japan, addresses the growing threat to firewalls, routers, VPN gateways, and other internet-facing network infrastructure. […]

The post CISA Releases Guide to Protect Network Edge Devices From Hackers appeared first on Cyber Security News.

该漏洞暴露了AI Agents的根本缺陷

美国佐治亚州陆军国民警卫队启动第111电磁战连

Your weakest link doesn’t have to stay weak. Rethink file data management strategy today to secure your organization’s data—and trust.  

The post File Data: The Hidden Ransomware Threat Costing Enterprises Millions appeared first on Security Boulevard.

A sophisticated new threat platform, Nytheon AI, has emerged, which combines multiple uncensored large language models (LLMs) built specifically for malicious activities. The platform, discovered by Cato CTRL, is being actively promoted on popular hacking forums, including XSS and various Telegram channels, representing a significant evolution in how threat actors are leveraging artificial intelligence for […]

The post Hackers Advertising New Blackhat Tool Nytheon AI on Popular Hacking Forums appeared first on Cyber Security News.

80 000 взломанных аккаунтов — и все по инструкции с GitHub.

Currently trending CVE - Hype Score: 1 - A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

As organizations scale and adopt cloud-native architectures, the way they manage encryption — particularly how they issue, track and rotate certificates — has never been more critical. 

The post Why Open-Source Encryption and Automated Key Rotation Aren’t Enough Without Certificate Management appeared first on Security Boulevard.

NIST рассказывает, почему иначе нельзя.

过去几年新闻网站流量大幅下降，一个可能的原因是 Google 的 AI 摘要服务，减少了用户点击链接访问网站的需要。Similarweb 的数据显示，HuffPost 桌面和移动版本来自搜索的流量下降了一半以上，Washington Post 流量下降近半。Business Insider 上个月裁员 21%，CEO Barbara Peng 表示此举旨在应对超出其控制的极端流量下降。2022 年 4 月至 2025 年 4 月期间，Business Insider 的自然搜索流量下降了 55%。《大西洋月刊》CEO Nicholas Thompson 在一次公司会议上表示应假设来自 Google 的搜索流量归零，公司需要改进商业模式。他接受采访时指出 Google 正从搜索引擎变成答案引擎，他们需要制定新的策略。Washington Post 出版人兼 CEO William Lewis 指出，AI 答案对新闻行业构成了严重威胁，需要立即采取行动，寻求新收入来源，为后搜索时代做好准备。NYT 桌面版和移动版来自自然搜索的流量份额已从三年前的近 44% 降至 2025 年 4 月的 36.5%。WSJ 来自自然搜索流量与三年前相比略有上升，但占总流量的比例从 29% 降至 24%。

斗象MSSP托管安全运营专有服务网络发布会暨斗象科技x派网战略合作发布

安全运营平台AI加持后实现自主化安全运营

Кто теперь следит за протестующими в Лос-Анджелесе?