Aggregator

CVE-2025-25984 | Macro-video V380E6_C1 IP Camera 1020302 UART Component hard-coded password (EUVD-2025-11900)

Vuldb Updates
7 months 2 weeks ago
A vulnerability has been found in Macro-video V380E6_C1 IP Camera 1020302 and classified as problematic. This vulnerability affects unknown code of the component UART Component. The manipulation leads to use of hard-coded password. This vulnerability was named CVE-2025-25984. It is possible to launch the attack on the physical device. There is no exploit available.
vuldb.com

North Korean Hackers Pose as Recruiters, Target Developers with 35 New Malicious npm Packages

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
7 months 2 weeks ago

A new cyber campaign orchestrated by North Korean threat actors has been exposed by the Socket Threat Research Team, revealing a sophisticated supply chain attack targeting software developers through the npm registry. Linked to the Contagious Interview operation, these adversaries have published 35 malicious npm packages across 24 accounts, with six still active on the […]

The post North Korean Hackers Pose as Recruiters, Target Developers with 35 New Malicious npm Packages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CISA Is Shrinking: What Does It Mean for Cyber?

darkreading
7 months 2 weeks ago
Dark Reading Confidential Episode 7: Cyber experts Tom Parker and Jake Williams offer their views on the practical impact of cuts to the US Cybersecurity and Infrastructure Security Agency.
Dark Reading Staff

Hackers deploy fake SonicWall VPN App to steal corporate credentials

Security Affairs
7 months 2 weeks ago
Hackers spread a trojanized version of SonicWall VPN app to steal login credentials from users accessing corporate networks. Unknown threat actors are distributing a trojanized version of SonicWall NetExtender SSL VPN app to steal user credentials. The legitimate NetExtender app lets remote users securely access and use company network resources as if they were on-site. […]
Pierluigi Paganini

CookieShop商城代码审计小结

先知技术社区
7 months 2 weeks ago
蛋糕商城JPA版本是一个开源的CMS系统,它主要基于Spring Boot 3.4.0进行开发,采用MariaDB数据库,涉及Jakarta Servlet、JSP、JSTL,同时使用了Java通用代码生成器来生成后台界面,使用方可以按需定制页面并对项目进行二开,总体是一个对使用者很友好的产品

CVE-2019-6693 | Fortinet FortiOS up to 5.6.10/6.0.6/6.2.0 Configuration Backup hard-coded credentials (FG-IR-19-007 / Nessus ID 209820)

Vuldb Updates
7 months 2 weeks ago
A vulnerability was found in Fortinet FortiOS up to 5.6.10/6.0.6/6.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Configuration Backup. The manipulation leads to hard-coded credentials. This vulnerability is known as CVE-2019-6693. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

The Era of Agentic Security with Microsoft Security Copilot

Security Boulevard
7 months 2 weeks ago

In the evolving landscape of cyber threats, security teams often find themselves overwhelmed. They are constantly battling an unrelenting barrage of incidents with limited resources. Traditional automation falls short. The dynamic and unpredictable nature of modern attacks keeps threat actors one step ahead of defenders. This is where Microsoft Security Copilot steps in. It’s not..

The post The Era of Agentic Security with Microsoft Security Copilot appeared first on Security Boulevard.

Tom Hollingsworth

CVE-2025-48467 | Advantech Wireless Sensing and Equipment A2.01 B00 denial of service (EUVD-2025-18990)

Vuldb Updates
7 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Advantech Wireless Sensing and Equipment A2.01 B00. This affects an unknown part. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-48467. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com

Managed ad