Aggregator

A vulnerability was found in ELECOM WRC-X3000GS, WRC-X3000GSA and WRC-X3000GSN and classified as critical. Affected by this issue is some unknown functionality of the component Connection Diagnostics Page. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-41427. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Conference Scheduler Plugin up to 2.5.1 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument className leads to cross site scripting. This vulnerability was named CVE-2025-5258. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Apache Airflow Providers Snowflake up to 6.3.x. This vulnerability affects the function CopyFromExternalStageToSnowflakeOperator. The manipulation leads to sql injection. This vulnerability was named CVE-2025-50213. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

American grocery wholesale giant United Natural Foods (UNFI) reports that it has restored its core systems and brought online the electronic ordering and invoicing systems affected by a cyberattack. [...]

A critical pre-authentication vulnerability (CVE-2025-6709) in MongoDB Server enables unauthenticated attackers to trigger denial-of-service (DoS) conditions by exploiting improper input validation in OIDC authentication. The flaw allows malicious actors to crash database servers by sending specially crafted JSON payloads containing specific date values, causing invariant failures and server crashes.  This vulnerability affects MongoDB Server versions […]

The post Pre-Auth Flaw in MongoDB Server Allows Attackers to Cause DoS appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

HackerNoon的Techbeat邮件简报介绍了多篇技术文章，涵盖AI、云存储、编程语言等领域。内容包括构建反向地理编码系统、AI工程原则、Azure AI工具应用等，并提供技术教程和行业趋势分析。

Администраторы призваны срочно проверить BMC в дата-центрах.

A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. This vulnerability is traded as CVE-2025-6768. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the function findDoctorByCondition of the file DoctorServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. The identification of this vulnerability is CVE-2025-6767. The attack may be initiated remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been declared as critical. This vulnerability affects the function getOfficeName of the file OfficeServiceImpl.java. The manipulation of the argument officesName leads to sql injection. This vulnerability was named CVE-2025-6766. The attack can be initiated remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Submit #601081 / VDB-314082

Submit #600547 / VDB-314081

Submit #600529 / VDB-314080

当前环境出现异常，系统提示需完成验证后方可继续访问。

据报道，被逮捕的五名威胁者参与了该网站新版本的运营。

A vulnerability was found in TrendMakers Sight Bulb Pro. It has been classified as critical. This affects an unknown part of the component Service Port 16668. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-6522. The attack needs to be done within the local network. There is no exploit available.

当前环境异常，需完成验证后方可继续访问。

随着工业4.0的深化推进，智能制造、数字工厂和自动化产线的加速落地，制造业正经历前所未有的数字化转型。然而，技术升级的同时，企业的网络攻击面也急剧扩大，安全威胁持续升级。从传统的工控系统漏洞到针对数字孪生的新型网络攻击，制造业的网络安全面临全新挑战。 嘶吼安全产业研究院基于《2025网络安全产业图谱》调研，通过对400+典型解决方案与案例的深度分析，从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。 调研分析发现，制造业网络安全呈现出三个新特征：首先是防护对象的变化，从保护单一设备转向保护整个智能制造业务流。其次是防御理念的升级，从被动响应转向预测性防护。最后是安全责任的延伸，从企业自身安全扩展到供应链生态安全。同时，值得注意的是，工业数字孪生技术的安全防护和制造工艺知识产权的保护，正成为行业新的关注焦点。 基于这些发现，我们将重点展示多个在汽车制造、电子代工、工业生产等领域，以及一些通用能力具有示范价值的优秀安全解决方案，为制造业数字化转型中的安全建设提供实践参考。 PS：解决方案展示排名不分先后，按企业简称首字母排序。 往期回顾： 2025中国网络安全「政务行业」优秀解决方案汇编 2025中国网络安全「金融行业」优秀解决方案汇编 2025中国网络安全「能源行业」优秀解决方案汇编

In this Help Net Security interview, Michal Tresner, CEO of ThreatMark, discusses how cybercriminals are weaponizing AI, automation, and social engineering to industrialize money mule operations. He looks at how these networks have changed and how behavioral intelligence is helping to catch fraud. Tresner also shares practical tips for CISOs trying to stop mule activity before it gets out of hand. How are cybercriminals using automation, AI, or social engineering to scale mule recruitment and … More →

The post Money mule networks evolve into hierarchical, business-like criminal enterprises appeared first on Help Net Security.