Aggregator

A vulnerability classified as problematic has been found in vLLM up to 0.8.x. Affected is the function MultiModalHasher of the file vllm/multimodal/hasher.py. The manipulation leads to improper validation of consistency within input. This vulnerability is traded as CVE-2025-46722. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in freescout up to 1.8.179. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2025-48474. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in free5GC 4.0.0. It has been declared as problematic. This vulnerability affects the function handleInitialUEMessageMain/DecodePlainNasNoIntegrityCheck/GetSecurityHeaderType. The manipulation leads to denial of service. This vulnerability was named CVE-2025-29632. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in freescout up to 1.8.179. It has been classified as critical. This affects an unknown part. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2025-48475. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in vLLM up to 0.8.x and classified as problematic. Affected by this issue is some unknown functionality of the component TTFT Handler. The manipulation leads to observable timing discrepancy. This vulnerability is handled as CVE-2025-46570. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in OpenKnowledgeMaps Headstart 7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file getPDF.php of the component URL Parameter Handler. The manipulation leads to improper input validation. This vulnerability is known as CVE-2024-51392. The attack can be launched remotely. There is no exploit available.

The company said it “recently learned of suspicious activity” within its environment that it believes “was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers.”

The accelerated adoption of software as a service (SaaS) has fundamentally changed software consumption patterns, but it has also introduced a significant concentration of risk across enterprise environments and global critical infrastructure.

The post CISO’s open letter on third-party software risk is a call to action appeared first on Security Boulevard.

Huang Says Rules Shut Nvidia Out of $50B China Market, Gives Rivals Long-Term Edge
CEO Jensen Huang says new U.S. chip restrictions on China forced Nvidia to write down $4.5 billion in AI inventory and will hurt American leadership in global infrastructure as Chinese firms gain momentum. The rules fuel China’s rise and jeopardize U.S. infrastructure dominance, according to Huang.

Also: Mango Markets Hacker's Convictions Overturned, Coinbase Lawsuit
This week, $223M Cetus Protocol hack, U.S. judge overturned Mango Markets hacker convictions, class action lawsuit against Coinbase, Cork Protocol's $12M exploit, fake software sites spread crypto-stealing malware, a violent crypto-linked kidnapping and civil proceedings against the ex-ACX exec.

Persistent Attack Grants Remote SSH Access via Exploit
Someone - possibly nation-state hackers - appears to be constructing a botnet from thousands of Asus routers in hacking that survives a firmware patch and reboots. Nearly 9,000 routers have been compromised and the number is growing, say researchers.

New Cyber and Electromagnetic Command Pitched as Lessons Learned from Ukraine
The United Kingdom pledged Thursday one billion pounds for a military "Digital Targeting Web" the government said will enable quick fire targeting of enemy assets, including through offensive cyber operations. "Ways of warfare are rapidly changing," said Defense Secretary John Healy.

AttackIQ has released a new assessment template that contains a curated list of Tools and Malware samples associated with Scattered Spider to help defenders improve their security posture against this sophisticated and persistent threat.

The post Emulating the Unyielding Scattered Spider appeared first on AttackIQ.

The post Emulating the Unyielding Scattered Spider appeared first on Security Boulevard.

Author/Presenter: Aldo Salas

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – PasswordsCon – We Removed Passwords, Now What? appeared first on Security Boulevard.

In the ever-evolving landscape of cybersecurity threats, protecting Windows servers from ransomware has become increasingly critical as these attacks continue to surge alarmingly. Ransomware attacks have increased by 435% since 2020, with organizations facing increasingly sophisticated attack methods. As these threats become complex, understanding the primary attack vectors and implementing robust protection strategies has become […]

The post Protecting Windows Servers from Ransomware Attack Vectors appeared first on Cyber Security News.

IntroductionLogonBox is pleased to announce the immediate availability of LogonBox SSPR 2.4.12.This release includes performance improvements for large user counts, disabled account license changes, and retries for cloud-delivered OTP messages. The changelog at the bottom lists all new features and bugs fixed.Reducing memory footprintWhen large numbers of users and groups exist, this could cause issues [...]

Read More...

The post LogonBox SSPR 2.4.12 – Now Available appeared first on LogonBox.

The post LogonBox SSPR 2.4.12 – Now Available appeared first on Security Boulevard.

Почему FunOS может заменить Windows на умирающем ПК.

UPDATE 3 (20:47 UTC, May 31, 2025): A Root Cause Analysis into the May 29, service disruption has been complet […]

The post Official Root Cause Analysis (RCA) for SentinelOne Global Service Interruption – May 29, 2025 appeared first on SentinelOne.

Threat actors have orchestrated a multi-wave phishing campaign between April and May 2025, leveraging the legitimate infrastructure of Nifty[.]com, a prominent Japanese Internet Service Provider (ISP), to execute their attacks. Uncovered by Raven, a leading threat detection entity, this operation stands out due to its ability to evade conventional email security systems by abusing trusted […]

The post Threat Actors Exploit Nifty[.]com Infrastructure in Sophisticated Phishing Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Alleged data breach of Comando General de las Fuerzas Militares (cgfm.mil.co)