Aggregator

本文内容摘自为安全牛最新发布的《Agentic AI安全技术应用报告》 在人工智能迅猛发展的今天，Agenti […]

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SAP NetWeaver flaw, tracked as CVE-2025-31324, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is […]

JPCERT/CC organised ICS Security Conference on 5 February 2025. This event aims to share the current threat to ICS both in Japan and overseas and the efforts of stakeholders in the field, as well as to help participants improve their...

实现物联网跨网、跨域、业务级的安全接入。

unzip-stream 0.3.1 - Arbitrary File Write

This blog discusses the latest modifications observed in Earth Kasha’s TTPs from their latest campaign detected in March 2025 targeting Taiwan and Japan.

实现物联网跨网、跨域、业务级的安全接入。

Explore the implications of JPMorgan's open letter on SaaS security and how organizations can effectively and proactively address the evolving SaaS risks.

The post JPMorgan Just Made SaaS Security Impossible to Ignore | Grip appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in Kibana up to 6.8.15/7.12.x. This affects an unknown part of the component URL Handler. The manipulation leads to open redirect. This vulnerability is uniquely identified as CVE-2021-22141. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Automotive Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /asms/admin/?page=transactions/manage_transaction. The manipulation of the argument ID leads to sql injection. This vulnerability is known as CVE-2022-44820. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in SEPPmail 11.1.10. Affected by this issue is some unknown functionality of the component Recipient Address Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2021-31739. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in IObit IOTransfer 4 and classified as critical. This vulnerability affects unknown code. The manipulation leads to unquoted search path. This vulnerability was named CVE-2022-37197. The attack can be initiated remotely. Furthermore, there is an exploit available.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Threat Attack Daily - 29th of April 2025

Ransomware Attack Update for the 29th of April 2025