Aggregator

A vulnerability was found in Fuel CMS 1.5.2allow and classified as problematic. This issue affects some unknown processing of the component String Handler. The manipulation of the argument group_id leads to cross site scripting. The identification of this vulnerability is CVE-2024-25369. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. This vulnerability is traded as CVE-2024-1822. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in HCL Sametime Chat up to 12.0.1 FP1. Affected is an unknown function of the component Secure Storage. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-37540. It is possible to launch the attack on the local host. There is no exploit available.

Join Grip Security on its mission to redefine identity security. Discover how innovation, empathy, and culture are shaping the future of digital protection.

The post Why I Joined Grip Security in Securing the Digital Future appeared first on Security Boulevard.

ИИ теперь не просто гуглит ответ — он думает, ошибается и спорит.

OpenAI has launched three new reasoning models - o3, o4-mini, and o4-mini-high for Plus and Pro subscribers, but as it turns out, these models do not offer 'unlimited' usage. [...]

Despite Last-Minute Reprieve, Fresh Approach and Ownership Required, and Soon
This week's near-disruption in funding for the Mitre-administered Common Vulnerabilities and Exposures Program shows that the U.S. government no longer wants to be footing the tab. Many experts say this is an opportunity to redesign the CVE Program to be more neutral, sustainable and international.

Safety Concerns Emerge Amid o3, o4-mini and GPT-4.1 Launches
OpenAI's mid-April announcements include its most advanced reasoning models o3 and o4-mini, with a biorisk monitor, the quietly released GPT-4.1 coding family and the upcoming retirement of its costliest model, GPT-4.5. OpenAI's partners warn that the company's rushed evaluations have left gaps.

BitNet b1.58 2B4T Focuses on Speed, Efficiency, Open Access
Microsoft released what it describes as the most expansive 1-bit AI model to date, BitNet b1.58 2B4T. Unlike traditional large language models that depend on GPUs and massive infrastructure, the model is built to operate efficiently on CPUs including Apple's M2 chip.

A vulnerability was found in Google Android 13.0. It has been classified as critical. Affected is the function registerBroadcastReceiver of the file RcsService.java. The manipulation leads to permission issues. This vulnerability is traded as CVE-2022-20536. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 13.0 and classified as problematic. This issue affects the function onPreferenceClick of the file AccountTypePreferenceLoader.java. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2022-20515. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 13.0. It has been declared as problematic. Affected by this vulnerability is the function registerLocalOnlyHotspotSoftApCallback of the file WifiManager.java. The manipulation leads to information exposure through discrepancy. This vulnerability is known as CVE-2022-20535. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 13.0. It has been rated as problematic. Affected by this issue is the function getSmsRoleHolder of the file RoleService.java. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-20538. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A server briefly linked to the notorious KeyPlug malware has inadvertently exposed a comprehensive arsenal of exploitation tools specifically designed to target Fortinet firewall and VPN appliances. The infrastructure, which security researchers have attributed to the RedGolf threat group (overlapping with APT41), was accessible for less than 24 hours before being secured, providing a rare […]

The post Leaked KeyPlug Malware Infrastructure Contains Exploit Scripts to Hack Fortinet Firewall and VPN appeared first on Cyber Security News.

The FBI warns that scammers posing as FBI IC3 employees are offering to "help" fraud victims recover money lost to other scammers. [...]

ASUS AiCloud Vulnerability (CVE-2025-2492) Enables Remote Function Execution via Authentication Bypass

Сайт могут признать копией за совпадение кода или редиректов.

ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device. [...]

RSA Conference (RSAC) brings together cybersecurity practitioners from across the globe to learn about the latest cybersecurity defense strategies and tools, connect with industry peers, and share knowledge about the threat landscape.

The post 5 reasons to not miss Sonatype at RSAC 2025 appeared first on Security Boulevard.