Aggregator

CVE-2025-49979 | slui Media Hygiene Plugin up to 4.0.1 on WordPress authorization (EUVD-2025-18948)

7 months 3 weeks ago

A vulnerability has been found in slui Media Hygiene Plugin up to 4.0.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-49979. The attack can be launched remotely. There is no exploit available.

vuldb.com

CVE-2025-6510 | Netgear EX6100 1.0.2.28_1.1.138 sub_415EF8 stack-based overflow (EUVD-2025-18952)

Vuldb Updates

7 months 3 weeks ago

A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-6510. The attack may be launched remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2025-49978 | eyecix JobSearch Plugin up to 2.9.0 on WordPress authorization (EUVD-2025-18947)

Vuldb Updates

7 months 3 weeks ago

A vulnerability classified as problematic has been found in eyecix JobSearch Plugin up to 2.9.0 on WordPress. This affects an unknown part. The manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2025-49978. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent

Trend Micro Research, News and Perspectives

7 months 3 weeks ago

A single SQL injection bug in Anthropic’s SQLite MCP server—forked over 5,000 times—can seed stored prompts, exfiltrate data, and hand attackers the keys to entire agent workflows. This entry unpacks the attack chain and lays out concrete fixes to shut it down.

Sean Park

IDC认证三连冠！威努特工业防火墙蝉联中国市场份额第一

威努特工控安全

7 months 3 weeks ago

国际权威认证！

Daily Dose of Dark Web Informer - 23rd of June 2025

Dark Web Informer - Cyber Threat Intelligence

7 months 3 weeks ago

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Dark Web Informer - Cyber Threat Intelligence

Threat Attack Daily - 23rd of June 2025

Dark Web Informer - Cyber Threat Intelligence

7 months 3 weeks ago

Threat Attack Daily - 23rd of June 2025

Dark Web Informer - Cyber Threat Intelligence

Bulletproof Security Workflows with Grip’s Jira Integration

Security Boulevard

7 months 3 weeks ago

See how Grip’s Jira integration automates SaaS security workflows, removes manual gaps, streamlines follow-up, and helps teams stay efficient and ahead of risk.

The post Bulletproof Security Workflows with Grip’s Jira Integration appeared first on Security Boulevard.

Grip Security Blog

Asana Fixes Security Flaw in AI Data Integration Tool

Ransomware DataBreachToday.com

7 months 3 weeks ago

MCP Server Paused for Days After Bug Risked Data Leakage Between Users
Asana patched a vulnerability in an artificial intelligence integration feature that could have allowed users to view data from other organizations. The time management company paused the use of Asana Model Context Protocol for nearly two weeks to apply the fix.

How US Cyber Ops May Have Assisted the Midnight Hammer Strike

Ransomware DataBreachToday.com

7 months 3 weeks ago

Analysts Say CYBERCOM Likely Played a Major Role in Strike on Iranian Nuclear Sites
The United States' "Midnight Hammer" missile strike that hit three key Iranian nuclear sites likely involved significant support from U.S. Cyber Command, analysts told Information Security Media Group, after officials credited the unit for taking part in the military operation.

HHS, Insurers Pledge to Simply Preauthorization Processes

Ransomware DataBreachToday.com

7 months 3 weeks ago

Frustrations Over Preauthorization Denials Have Led to 'Violence in Streets'
A dozen health insurance giants that provide coverage for about 80% of Americans with Medicare, Medicaid and commercial plans have agreed to work the U.S. Department of Health and Human Services to voluntarily streamline and improve their preauthorization processes.

Warnings Ratchet Over Iranian Cyberattack

Ransomware DataBreachToday.com

7 months 3 weeks ago

Proxies Prioritize Psychological Effects Over Real Life Effects in Cyberspace
Warnings about Iranian hacking following the United States' Saturday bombing of Iranian nuclear weapon development sites ratcheted sharply upward even after weeks of admonitions that Iran could respond to ongoing missile strikes with virtual assaults.

等保三级密评实施与行业加密挑战、MCP安全风险剖析及服务器LAST_ACK连接优化：网络安全维护的重要议题探讨。｜总第291周

君哥的体历

7 months 3 weeks ago

本期周报简介：1、等保三级要求下，银行与基金行业在密评实施中面临哪些加密挑战和策略选择？ 2、MCP安全问题中，身份验证及命令执行存在哪些隐患，如何有效应对？ 3、针对服务器LAST_ACK连接积压问题，有哪些优化技术可以提升系统性能？

Ransomware Attack Update for the 23rd of June 2025

Dark Web Informer - Cyber Threat Intelligence

7 months 3 weeks ago

Ransomware Attack Update for the 23rd of June 2025

Dark Web Informer - Cyber Threat Intelligence

某景人事管理系统漏洞挖掘与分析

先知技术社区

7 months 3 weeks ago

某景未公开的前台任意用户密码读取+后台文件读取漏洞

Salt Typhoon Targets Telecoms via Router Flaws, Warn FBI and Canada

Hack Read

7 months 3 weeks ago

Salt Typhoon, a China-linked group, is exploiting router flaws to spy on global telecoms, warns a joint FBI and Canadian advisory issued in June 2025.

Waqas

Heightened Cyber Threat from Iran Sparks Urgent Calls for Vigilance and Mitigation

Security Boulevard

7 months 3 weeks ago

Following last week’s U.S. airstrikes targeting Iranian nuclear sites, cybersecurity experts and government officials are now warning of a possible digital retaliation, a surge in cyber threats originating from Iran. On June 22, the Department of Homeland Security (DHS) issued a National Terrorism Advisory System Bulletin warning of a “heightened threat environment” in the United..

The post Heightened Cyber Threat from Iran Sparks Urgent Calls for Vigilance and Mitigation appeared first on Security Boulevard.

George V. Hulme

APT28 hackers use Signal chats to launch new malware attacks on Ukraine

Bleeping Computer.

7 months 3 weeks ago

The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. [...]

Bill Toulas

Qilin

Dark Feed IO

7 months 3 weeks ago

You must login to view this content

cohenido

China-linked LapDogs Campaign Drops ShortLeash Backdoor with Fake Certs

Hack Read

7 months 3 weeks ago

ShortLeash backdoor, used in the China-linked LapDogs campaign since 2023, enables stealth access, persistence, and data theft via compromised SOHO routers and fake certs.

Deeba Ahmed

Aggregator

Managed ad