Aggregator

Alleged Data Breach of Agua de Puebla Para Todos

Experts agree there have been subtle improvements, with new laws and applied best practices, but there is still a long way to go.

A recent investigation has revealed that Microsoft employed China-based engineers to maintain and support SharePoint software, the same collaboration platform that was recently compromised by Chinese state-sponsored hackers. This revelation raises significant concerns about cybersecurity practices and potential insider threats within critical infrastructure systems used by hundreds of government agencies and private companies. The cybersecurity […]

The post New Report Claims Microsoft Used China-Based Engineers For SharePoint Support and Bug Fixing appeared first on Cyber Security News.

Cybercriminals unleashed a massive wave of mobile malware attacks during the second quarter of 2025, with security researchers detecting nearly 143,000 malicious installation packages targeting Android and iOS devices. This surge represents a significant escalation in mobile cyber threats, affecting millions of users worldwide through sophisticated attack vectors designed to steal sensitive data, compromise financial […]

The post 143,000 Malware Files Attacked Android and iOS Device Users in Q2 2025 appeared first on Cyber Security News.

A vulnerability was found in Red Hat Keycloak and classified as problematic. The impacted element is an unknown function of the component Message Handler. The manipulation of the argument error_description results in cross site scripting. This vulnerability is identified as CVE-2025-10044. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in Linux Kernel up to 6.6.102/6.12.43/6.16.3 and classified as critical. The affected element is the function qat_4xxx. The manipulation leads to use after free. This vulnerability is referenced as CVE-2025-39721. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.102/6.12.43/6.16.3/6.17-rc2. Impacted is the function ksmbd_conn_releasing of the component ksmbd. Executing manipulation can lead to improper update of reference count. The identification of this vulnerability is CVE-2025-39720. The attack needs to be done within the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.40/6.15.8. This issue affects the function shrink_folio_list. Performing manipulation results in denial of service. This vulnerability was named CVE-2025-39725. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Red Hat Keycloak. This vulnerability affects unknown code of the component Vault Handler. Such manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2025-10043. The attack can be launched remotely. No exploit exists.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.100/6.12.40/6.15.8. This affects the function ism_cmd. This manipulation causes state issue. This vulnerability is handled as CVE-2025-39726. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.43/6.16.3/6.17-rc2. Affected by this issue is the function write_iter of the component netfs. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-39723. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.148/6.6.102/6.12.43/6.16.3. Affected by this vulnerability is the function bno055_get_regmask of the file bno055.c of the component iio. The manipulation of the argument hw_xlate_len leads to out-of-bounds read. This vulnerability is traded as CVE-2025-39719. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.16.3. Affected is the function serial8250_do_startup. Executing manipulation can lead to buffer overflow. This vulnerability appears as CVE-2025-39724. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.12.43/6.16.3. This impacts the function no_page0. Performing manipulation results in state issue. This vulnerability is reported as CVE-2025-39722. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in ericzane Floating Window Music Player Plugin up to 3.4.2 on WordPress. This affects an unknown function. Such manipulation leads to cross-site request forgery. This vulnerability is documented as CVE-2025-48104. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in fullworks Quick Paypal Payments Plugin up to 5.7.46 on WordPress. It has been rated as problematic. The impacted element is an unknown function. This manipulation causes cross-site request forgery. This vulnerability is registered as CVE-2025-27003. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Ecovacs DEEBOT X1, DEEBOT T20, DEEBOT T10 and DEEBOT T30. It has been declared as critical. The affected element is an unknown function. The manipulation results in use of hard-coded cryptographic key . This vulnerability is cataloged as CVE-2025-30200. The attack must originate from the local network. There is no exploit available.

A vulnerability was found in Ecovacs DEEBOT X1, DEEBOT T20, DEEBOT T10 and DEEBOT T30. It has been classified as critical. Impacted is an unknown function of the component Wi-Fi Network Handler. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is listed as CVE-2025-30198. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability was found in VillaTheme HAPPY Plugin up to 1.0.6 on WordPress and classified as problematic. This issue affects some unknown processing. Executing manipulation can lead to missing authorization. This vulnerability is tracked as CVE-2025-53571. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in Google Android 16 and classified as critical. This vulnerability affects unknown code of the component Microphone Privacy Indicator. Performing manipulation results in permission issues. This vulnerability is identified as CVE-2025-26461. The attack is only possible with local access. There is not any exploit available. Applying a patch is the recommended action to fix this issue.