Aggregator

Новая платформа заработает уже в ноябре.

Sanctions are one of the tools Western governments use when they want to hit back at state-sponsored cyber threat actors. But do they actually work? That’s the question a group of current and former cybersecurity officials, analysts, and researchers tackled at the Royal United Services Institute (RUSI), a London-based think tank focused on defense and security. Their findings suggest that while sanctions won’t stop cyberattacks altogether, they can make them slower, riskier, and more expensive … More →

The post Sanctions won’t stop cyberattacks, but they can still “bite” appeared first on Help Net Security.

A vulnerability marked as problematic has been reported in Start Windocks Containers Plugin up to 1.4 on Jenkins. The impacted element is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2025-64138. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability labeled as problematic has been found in Themis Plugin up to 1.4.1 on Jenkins. The affected element is an unknown function. Executing manipulation can lead to cross-site request forgery. The identification of this vulnerability is CVE-2025-64136. The attack may be launched remotely. There is no exploit available.

Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks. In the attack devised by AI security company SPLX, a bad actor can set up websites that serve different content to browsers and AI crawlers run by ChatGPT and Perplexity. The technique has been

A vulnerability identified as problematic has been detected in Extensible Choice Parameter Plugin up to 239.v5f5c278708cf on Jenkins. Impacted is an unknown function. Performing manipulation results in cross-site request forgery. This vulnerability was named CVE-2025-64133. The attack may be initiated remotely. There is no available exploit.

A vulnerability categorized as problematic has been discovered in JDepend Plugin up to 1.3.1 on Jenkins. This issue affects some unknown processing of the component XML Parser. Such manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2025-64134. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Publish to Bitbucket Plugin up to 0.4 on Jenkins. It has been rated as problematic. This vulnerability affects unknown code. This manipulation causes cross-site request forgery. This vulnerability is handled as CVE-2025-64149. The attack can be initiated remotely. There is not any exploit available.

Russian actors, likely linked to Sandworm, targeted Ukrainian firms using LotL tactics and dual-use tools to steal data and stay hidden, says Symantec and Carbon Black. Russian threat actors, likely linked to the APT Sandworm, targeted Ukrainian organizations to steal sensitive data and maintain long-term network access, Symantec Threat Hunter Team and Carbon Black report. […]

The npm ecosystem faces a sophisticated new threat as ten malicious packages have emerged, each designed to automatically execute during installation and deploy a comprehensive credential harvesting operation. This attack campaign represents a significant evolution in supply chain compromises, combining multiple layers of obfuscation with cross-platform compatibility to target developers across Windows, Linux, and macOS […]

The post 10 Malicious npm Packages with Auto-Run Feature on Install Deploys Multi-Stage Credential Harvester appeared first on Cyber Security News.

A vulnerability was found in Curseforge Publisher Plugin up to 1.0 on Jenkins. It has been declared as problematic. This affects an unknown part of the component Job Configuration Form Handler. The manipulation results in information disclosure. This vulnerability is known as CVE-2025-64147. Access to the local network is required for this attack. No exploit is available.

A vulnerability was found in ByteGuard Build Actions Plugin up to 1.0 on Jenkins. It has been classified as problematic. Affected by this issue is some unknown functionality of the component Job Configuration Form Handler. The manipulation leads to missing encryption of sensitive data. This vulnerability is traded as CVE-2025-64145. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Nexus Task Runner Plugin up to 0.9.2 on Jenkins and classified as problematic. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to cross-site request forgery. This vulnerability appears as CVE-2025-64141. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in Start Windocks Containers Plugin up to 1.4 on Jenkins and classified as critical. Affected is an unknown function. Performing manipulation results in permission issues. This vulnerability is reported as CVE-2025-64139. The attacker must have access to the local network to execute the attack. No exploit exists.

A vulnerability, which was classified as critical, was found in Themis Plugin up to 1.4.1 on Jenkins. This impacts an unknown function. Such manipulation leads to permission issues. This vulnerability is documented as CVE-2025-64137. The attack requires being on the local network. There is not any exploit available.

A vulnerability, which was classified as critical, has been found in Blu-Castle BCUM221E 1.0.0P2205. This affects an unknown function of the component Phddns Client. This manipulation of the argument Password causes stack-based buffer overflow. This vulnerability is registered as CVE-2024-45162. The attack requires access to the local network. No exploit is available.

A vulnerability classified as critical was found in Publish to Bitbucket Plugin up to 0.4 on Jenkins. The impacted element is an unknown function. The manipulation results in permission issues. This vulnerability is cataloged as CVE-2025-64150. The attack must originate from the local network. There is no exploit available.

A vulnerability classified as critical has been found in Publish to Bitbucket Plugin up to 0.4 on Jenkins. The affected element is an unknown function. The manipulation leads to permission issues. This vulnerability is listed as CVE-2025-64148. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability described as problematic has been identified in Evope Collector 1.1.6.9.0. Impacted is an unknown function in the library wtsapi32.dll of the file Evope.Service.exe. Executing manipulation can lead to uncontrolled search path. This vulnerability is tracked as CVE-2025-61161. The attack is restricted to local execution. No exploit exists.

A vulnerability marked as critical has been reported in Curseforge Publisher Plugin up to 1.0 on Jenkins. This issue affects some unknown processing of the component Controller File System Handler. Performing manipulation results in permission issues. This vulnerability is identified as CVE-2025-64146. The attack can only be performed from the local network. There is not any exploit available.