Aggregator

A vulnerability was found in Jenkins ssh-agent Docker Images up to 6.11.1. It has been classified as problematic. This affects an unknown part of the component SSH Host Key Handler. The manipulation leads to an unknown weakness. This vulnerability is uniquely identified as CVE-2025-32754. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Hugh Mungus Vice Versa Plugin up to 2.2.3 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-27350. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Videx CyberAudit-Web up to 1.1.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2025-22374. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Videx CyberAudit-Web up to 9.5. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-22375. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Aribhour Linet ERP-Woocommerce Integration Plugin up to 3.5.12 on WordPress. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-31411. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in SUSE openSUSE Tumbleweed. This vulnerability affects unknown code. The manipulation leads to incorrect default permissions. This vulnerability was named CVE-2025-23386. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Crocoblock JetCompareWishlist Plugin up to 1.5.9 on WordPress. This affects an unknown part. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is uniquely identified as CVE-2025-22279. It is possible to initiate the attack remotely. There is no exploit available.

攻击者利用 Foxmail 客户端存在的高危漏洞，受害者仅需点击邮件本身即可触发远程命令执行，最终执行落地的木马。

A sophisticated malware campaign dubbed “HollowQuill” has emerged as a significant threat to academic institutions and government agencies worldwide. The attack leverages weaponized PDF documents disguised as research papers, grant applications, or official government communiques to entice unsuspecting victims into initiating the infection chain. The malware employs advanced social engineering tactics to increase its success […]

The post HollowQuill Malware Attacking Government Agencies Worldwide Via Weaponized PDF Documents appeared first on Cyber Security News.

Overview of the PlayPraetor Masquerading Party Variants CTM360 has now identified a much larger extent of the ongoing Play Praetor campaign. What started with 6000+ URLs of a very specific banking attack has now grown to 16,000+ with multiple variants. This research is ongoing, and much more is expected to be discovered in the coming days.  As before, all the newly discovered play

A sophisticated campaign by the Pakistan-linked SideCopy Advanced Persistent Threat (APT) group has emerged since late December 2024, targeting critical Indian government sectors with enhanced tactics. The group has significantly expanded its scope beyond traditional defense and maritime sectors to now include entities under railway, oil & gas, and external affairs ministries, demonstrating an alarming […]

The post SideCopy APT Hackers Mimic as Government Personnel to Deploy Open-Source XenoRAT Tool appeared first on Cyber Security News.

Amnesty International раскрывает документы, подтверждающие тревожную тенденцию в регионе.

AI agents have rapidly evolved from experimental technology to essential business tools. The OWASP framework explicitly recognizes that Non-Human Identities play a key role in agentic AI security. Their analysis highlights how these autonomous software entities can make decisions, chain complex actions together, and operate continuously without human intervention. They're no longer just tools,

关键词安全漏洞Adobe 已发布了一套全面的安全更新，用于修复旗下十二款产品中存在的多个漏洞。

关键词网络攻击甲骨文最终在发送给客户的电子邮件通知中证实，一名黑客窃取并泄露了其所称的“两台过时的服务器”中的

关键词人工智能Windows 11 上的 Copilot 正在测试操作系统级集成，允许您与 Copilot 共

关键词chatgptOpenAI准备推出多达三种新的 AI 模型，分别名为“o4-mini”、“o4-mini

A vulnerability was found in PickPlugins Post Grid Plugin up to 2.2.74 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-30441. The attack may be launched remotely. There is no exploit available.