Aggregator

A vulnerability was found in Shanghai Fanwei Network e-cology up to 8.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file getdata.jsp. The manipulation of the argument sql leads to sql injection. This vulnerability is handled as CVE-2025-34038. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Sapido BR071n, BR261c, BR270n, BR476n, BRC70n, BRC70x, BRC76n, BRD70n, BRE70n, BRE71n, BRF61c and BRF71n. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-6559. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in bocaletto-luca elixir-system-monitor up to 1.0.0. It has been classified as critical. Affected is an unknown function of the file /read. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-52574. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sapido BR071n, BR261c, BR270n, BR476n, BRC70n, BRC70x, BRC76n, BRD70n, BRE70n, BRE71n, BRF61c and BRF71n and classified as problematic. This issue affects some unknown processing. The manipulation leads to unprotected storage of credentials. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2025-6560. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in mbuesch letmein up to 10.2.0 and classified as problematic. This vulnerability affects unknown code of the component letmeind/letmeinfwd. The manipulation leads to improper control of interaction frequency. This vulnerability was named CVE-2025-52570. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Mitel OpenScape Accounting Management up to V5 R1.1.0. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-23092. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Advantech Wireless Sensing and Equipment A2.01 B00. Affected by this issue is some unknown functionality of the component Modbus TCP Packet Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-48466. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Advantech Wireless Sensing and Equipment A2.01 B00. Affected by this vulnerability is an unknown functionality of the component Session Cookie Handler. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2025-48461. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Gogs up to 0.13.2. Affected is an unknown function of the component Incomplete Fix CVE-2024-39931. The manipulation leads to files or directories accessible. This vulnerability is traded as CVE-2024-56731. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Beijing Zhiyuan Internet OA up to 8.0sp2. It has been rated as critical. This issue affects some unknown processing of the component wpsAssistServlet Interface. The manipulation of the argument realFileType/fileId leads to unrestricted upload. The identification of this vulnerability is CVE-2025-34040. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Shenzhen TVT CCTV-DVR. It has been declared as very critical. This vulnerability affects unknown code of the file /language/[lang]/index.html of the component Cross Web Server. The manipulation leads to os command injection. This vulnerability was named CVE-2025-34036. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in EnGenius EnShare IoT Gigabit Cloud Service up to 1.4.11. It has been classified as critical. This affects an unknown part of the file usbinteract.cgi. The manipulation of the argument path leads to os command injection. This vulnerability is uniquely identified as CVE-2025-34035. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in 5VTechnologies Blue Angel Software Suite and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. This vulnerability is handled as CVE-2025-34034. The attack may be launched remotely. Furthermore, there is an exploit available.

这使得攻击者可以利用URL处理不一致来提供恶意插件，从而修改用户的电子邮件地址，从而通过重置密码来劫持帐户。

金融行业作为数字化浪潮中的核心领域，正面临前所未有的安全挑战。高频交易、开放银行、跨境支付等新业态的兴起，使得攻击面持续扩大，金融欺诈、数据泄露、供应链攻击等风险加剧。与此同时，随着《数据安全法》、《金融行业网络安全等级保护指南》等相关监管制度越来越完善，推动了金融机构从“合规基线”向“业务安全韧性”不断升级。 嘶吼安全产业研究院基于《2025网络安全产业图谱》调研，通过对400+典型解决方案与案例的深度分析，从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。 调研分析发现，当前金融行业的安全建设呈现出几点显著特征：防御模式升级，从静态防护转向动态感知+智能响应，基于AI的异常交易监测、实时反欺诈系统成为标配。数据安全优先，金融数据跨境流动、隐私计算等技术应用加速，兼顾合规与业务效率的解决方案需求激增。生态协同防御，金融机构与第三方安全厂商、威胁情报机构共建联防联控体系，应对供应链APT攻击。云原生安全重构，伴随金融云普及，容器安全、微服务API防护等技术的落地成熟度成为选型关键指标。 基于这些发现，我们将重点展示几个具有代表性的金融行业优秀安全解决方案，为金融行业的安全建设提供可借鉴的实践经验。 PS：解决方案展示排名不分先后，按企业简称首字母排序。 往期回顾： 2025中国网络安全「政务行业」优秀解决方案汇编

A vulnerability has been found in 5VTechnologies Blue Angel Software Suite and classified as critical. Affected by this vulnerability is an unknown functionality of the file webctrl.cgi of the component GET Request Handler. The manipulation of the argument ping_addr leads to os command injection. This vulnerability is known as CVE-2025-34033. The attack can be launched remotely. Furthermore, there is an exploit available.

A sophisticated China-linked cyber espionage campaign has emerged, targeting over 1,000 Small Office/Home Office (SOHO) devices worldwide through an advanced Operational Relay Box (ORB) network dubbed “LapDogs.” This covert infrastructure operation, active since September 2023, represents a significant evolution in nation-state cyber warfare tactics, utilizing compromised devices not for disruptive attacks but as stealthy, long-term […]

The post LapDogs Hackers Leverages 1,000 SOHO Devices Using a Custom Backdoor to Act Covertly appeared first on Cyber Security News.

A vulnerability, which was classified as very critical, was found in nekernel up to 0.0.2. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-52568. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Yonyou UFIDA NC up to 6.5. This issue affects some unknown processing of the component JAR Component Handler. The manipulation of the argument bsh.script leads to os command injection. The identification of this vulnerability is CVE-2025-34039. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as very critical was found in Linksys E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000 and E900. This vulnerability affects unknown code of the file /tmUnblock.cgi of the component Service Port 8080. The manipulation of the argument ttcp_ip leads to os command injection. This vulnerability was named CVE-2025-34037. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.