Aggregator

WatchTowr has found three vulnerabilities in the Sitecore Experience Platform, used by HSBC and L’Oréal

For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten. To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or test environments) are often left active with non-expiring or stale passwords. It’s no surprise

WhatsApp, the world’s most popular messaging app, is entering a new era as Meta officially begins rolling out advertisements within its Updates tab—a move that marks the platform’s most significant shift in monetization since its inception. The announcement, made on June 16, signals WhatsApp’s intent to leverage its vast user base of over two billion […]

The post WhatsApp’s Status Tab Set to Feature Ads as Meta Monetizes Platform appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-6146. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The identification of this vulnerability is CVE-2025-6148. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in cri-o up to 1.28.6/1.29.4/1.30.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /proc/mounts. The manipulation leads to symlink following. This vulnerability is handled as CVE-2024-5154. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in PHPGurukul Hostel Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/students.php. The manipulation of the argument search_box leads to sql injection. This vulnerability was named CVE-2025-6153. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /includes/login.inc.php. The manipulation of the argument student_roll_no leads to sql injection. The identification of this vulnerability is CVE-2025-6154. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argument testtype leads to sql injection. This vulnerability is handled as CVE-2025-6157. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is known as CVE-2025-6162. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is handled as CVE-2025-6163. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability was named CVE-2025-6165. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_customer_create_order.php. The manipulation of the argument user_id leads to sql injection. The identification of this vulnerability is CVE-2025-6160. The attack may be initiated remotely. Furthermore, there is an exploit available.

Threat actors are leveraging deceptive tactics to distribute a fileless variant of AsyncRAT, a notorious remote access Trojan. Discovered during routine attacker infrastructure analysis, this operation employs a fake verification prompt themed around the “Clickfix” technique to trick users into executing malicious commands. The campaign, which appears to target German-speaking individuals as evidenced by the […]

The post Hackers Use Fake Verification Prompt and Clickfix Technique to Deploy Fileless AsyncRAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

pydantic-ai 通过将结构化输出巧妙地抽象为一种强制性的工具调用，并深度整合 Pydantic 的模式生成与验证能力，实现了一套极为可靠的 LLM 输出约束机制...

Eztest 在phpversion()处修改，可知为rce，多次测试使用无参rce赌狗函数：print_r(scandir(chr(ord(strrev(crypt(serialize(array())))))))多执行几次就可以得到根目录 ​​Ezlogin知识：java反序列化，Spring Actuator 未授权：这个知识点可以看看这位师傅的：https://xz.aliyun.co

ModelContext Inspector 未授权访问漏洞(CVE-2025-49596)

双方聚焦云安全、智算数据中心建设、大模型安全等关键领域，推动产品与业务场景融合，打造领先数字化安全底座。

关键词安全漏洞2025年5月21日，Grafana Labs 发布安全更新，修复了由安全研究人员 Alvaro