Aggregator

A vulnerability was found in Exchange Plugin up to 5.8.0 on Checkmk and classified as problematic. This vulnerability affects unknown code. Executing manipulation can lead to deserialization. This vulnerability is handled as CVE-2024-47092. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

Salt Typhoon’s primary Dutch targets were small internet service providers and hosting providers

A vulnerability, which was classified as critical, was found in BGP Monitoring on Checkmk. This affects an unknown part. The manipulation results in improper certificate validation. This vulnerability was named CVE-2025-58123. The attack may be performed from a remote location. There is no available exploit.

A vulnerability, which was classified as problematic, has been found in ItayXD Responsive Mobile-Friendly Tooltip Plugin up to 1.6.6 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-48316. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in salubrio Add Code To Head Plugin up to 1.17 on WordPress. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-48314. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as problematic has been found in Kevin Heath Tripadvisor Shortcode Plugin up to 2.2 on WordPress. Affected is an unknown function. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2025-48313. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as problematic has been identified in 文派翻译 WPAvatar Plugin up to 1.9.3 on WordPress. This impacts an unknown function. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-48312. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in vikingjs Goal Tracker for Patreon Plugin up to 0.4.6 on WordPress. This affects an unknown function. This manipulation causes cross site scripting. This vulnerability appears as CVE-2025-48305. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as problematic has been found in mibuthu Link View Plugin up to 0.8.0 on WordPress. The impacted element is an unknown function. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-48110. The attack can be launched remotely. No exploit exists.

The notorious Lazarus advanced persistent threat (APT) organization, which Qi’anxin internally tracks as APT-Q-1, has been seen using the ClickFix technique to penetrate Windows 11 and macOS systems in a sophisticated progression of social engineering attacks. Known for high-profile incidents like the 2014 Sony Pictures hack, Lazarus has shifted from intelligence theft to financial asset […]

The post Lazarus Group Targets Windows 11 with ClickFix Tactics and Fake Job Offers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability identified as critical has been detected in VMware vSAN on Checkmk. The affected element is an unknown function. The manipulation leads to improper certificate validation. This vulnerability is documented as CVE-2025-58126. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in stanton119 HTML Plugin up to 0.51 on WordPress. Impacted is an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-48315. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in extremeidea bidorbuy Store Integrator Plugin up to 2.12.0 on WordPress. It has been rated as critical. This issue affects some unknown processing. Performing manipulation results in code injection. This vulnerability is cataloged as CVE-2025-48100. It is possible to initiate the attack remotely. There is no exploit available.

ShadowSilk first surfaced in late 2023 as a sophisticated threat cluster targeting government entities across Central Asia and the broader APAC region. Exploiting known public vulnerabilities and widely available penetration-testing frameworks, the group orchestrates data exfiltration campaigns with a high degree of automation and stealth. Initial deliveries were achieved via phishing emails containing password-protected archives; […]

The post ShadowSilk Leveraging Penetration-Testing Tools, Public Exploits to Attack Organizations appeared first on Cyber Security News.

本文对固有后门进行了系统性研究，发现它们广泛存在于干净模型中，与注入型后门一样具有危险性，是一种新型攻击媒介。

F6 описала новый сценарий атак.

A coalition of international cybersecurity agencies led by the UK’s National Cyber Security Centre (NCSC) has publicly linked…

Cybersecurity experts discovered an advanced persistent threat (APT) cluster called ShadowSilk in a thorough research published by Group-IB. Since at least 2023, this group has been actively breaching government institutions in Central Asia and the Asia-Pacific area. The group’s operations, ongoing as of July 2025, focus primarily on data exfiltration, leveraging a sophisticated blend of […]

The post ShadowSilk Targets Penetration-Testing Tools and Public Exploits to Breach Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.