Aggregator

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.10. Affected by this vulnerability is the function afs_split_string of the file fs/afs/addr_prefs.c. The manipulation leads to improper locking. This vulnerability is known as CVE-2025-21672. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in quantumcloud AI Infographic Maker Plugin up to 4.9.0 on WordPress. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-12415. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in svenl77 Post Form Plugin up to 2.8.13 on WordPress. It has been rated as problematic. This issue affects the function bf_new_submission_link. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-12037. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in vernonsystems eHive Objects Image Grid Plugin up to 2.4.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13662. The attack can be initiated remotely. There is no exploit available.

Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a hard-coded IP address and have a backdoor that can be used to download and execute unverified files, the US Cybersecurity and Infrastructure Security Agency confirmed. “CISA assesses the inclusion of this backdoor in the firmware of the monitor can create conditions which may allow remote code execution and device modification … More →

The post Patient monitors with backdoor are sending info to China, CISA warns appeared first on Help Net Security.

The rapid rise of DeepSeek, a Chinese artificial intelligence (AI) company, has not only disrupted the AI industry but also attracted the attention of cybercriminals. As its AI Assistant app became the most downloaded free app on the iOS App Store in January 2025, surpassing OpenAI’s ChatGPT, malicious actors have exploited its popularity to launch […]

The post DeepSeek’s Growing Influence Sparks a Surge in Frauds and Phishing Attacks appeared first on Cyber Security News.

​Law enforcement authorities in the United States and the Netherlands have seized 39 domains and associated servers used by the HeartSender phishing gang operating out of Pakistan. [...]

Italy’s data protection authority Garante blocked the DeepSeek AI service due to insufficient transparency regarding user data process. Italy’s data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek ‘s chatbot service within the country, citing a lack of information on its use of users’ personal data. The AI-powered chatbot, recently launched globally, has rapidly gained […]

Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.

Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data. In particular, it wanted

A new wave of cyberattacks leveraging the Coyote Banking Trojan has been identified, targeting financial institutions in Brazil. This sophisticated malware employs malicious Windows LNK (shortcut) files as an entry point to execute PowerShell scripts, enabling multi-stage infection chains that ends in data theft and system compromise. The attack begins with a malicious LNK file […]

The post Coyote Banking Malware Weaponizing Windows LNK Files To Execute Malicious Scripts appeared first on Cyber Security News.

Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with

Cyber reports exposed major security flaws in DeepSeek’s R1 LLM

A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. This affects an unknown part of the file /\_parse/load\_user-profile.php. The manipulation leads to information disclosure. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. This affects an unknown part of the file /parse/_call_job_search_ajax.php. The manipulation of the argument n leads to sql injection. This vulnerability is uniquely identified as CVE-2025-0934. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Deepseek R1 越狱版！无审查、无内容限制，无思想钢印，无道德制高点DeepSeek 开源了多模态大模型，普通电脑可以直接安装使用，现在我们就来本地部署！支持图像识别和图像生成，性能非常...