Aggregator

A vulnerability was found in Progress MOVEit Transfer up to 2023.1.11/2024.0.7/2024.1.1. It has been declared as critical. This vulnerability affects unknown code of the component SFTP Module. The manipulation leads to improper privilege management. This vulnerability was named CVE-2025-2324. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A vulnerability was found in Beta80 Life 1st Identity Manager 1.5.2.14234. It has been classified as problematic. This affects an unknown part of the component REST API. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-26485. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in reviewdog action-setup and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to embedded malicious code. This vulnerability is handled as CVE-2025-30154. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Dell Secure Connect Gateway Appliance 5.26.00.20 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exposure.c. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is known as CVE-2025-23382. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Dell Secure Connect Gateway Appliance 5.26.00.20. Affected is an unknown function of the component Live-Restore Setting. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-26475. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Emlog Pro 2.5.7. This issue affects some unknown processing of the file /views/plugin.php of the component PHP File Handler. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2025-29401. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in vLLM up to 0.7.x. This vulnerability affects unknown code of the component ZMQ/TCP. The manipulation leads to deserialization. This vulnerability was named CVE-2025-29783. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code. Cybersecurity company

新式内存驻留的实现利用COM对象内存共享特性，在多个合法进程间拆分shellcode，通过事件同步触发重组执行接下来我将使用Rust代码来实现这一技术，该代码融合了Windows COM组件和内存共享技术，实现了跨进程的隐蔽Shellcode执行use winapi::{ ctypes::{c_void, c_char}, shared::guiddef::GUID, um

A Europol report says nation-state actors are increasingly working with organized crime networks to achieve geopolitical goals, including the destabilization of the EU.

In a significant discovery, PRODAFT’s security research team has identified two critical vulnerabilities in the mySCADA myPRO Manager, a widely used Supervisory Control and Data Acquisition (SCADA) management solution. These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially leading to severe operational disruptions and financial losses. The vulnerabilities are classified as […]

The post mySCADA myPRO Manager RCE Vulnerabilities Allow Remote Attackers to Take Control of ICS Devices appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

As cyber threats evolve, Identity Attack Surface Management (IASM) emerges as a critical approach that unifies existing security frameworks to protect digital identities. Discover how this convergence strengthens your security posture against unauthorized access and credential theft.

The post Identity Attack Surface Management (IASM): The Convergence of Identity Security Frameworks appeared first on Security Boulevard.

Threat actors have increasingly been leveraging legitimate remote monitoring and management (RMM) software to infiltrate and navigate through networks undetected. RMM tools, such as AnyDesk, Atera Agent, MeshAgent, NetSupport Manager, Quick Assist, ScreenConnect, Splashtop, and TeamViewer, are widely used by organizations for essential IT tasks like system updates, asset management, and endpoint troubleshooting. However, their […]

The post Hackers Use RMM Tools to Maintain Persistence and Navigate Networks Undetected appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Google 上周发布的 Gemini 2.0 Flash(Image Generation) Experimental 新模型过去几天吸引了越来越多的关注，该模型通过 Google AI Studio 提供给用户使用。它允许任何人通过输入提示词去修改和编辑图像，让任何人都能像专业人士那样处理图像或者叫 PS。Gemini 2.0 Flash 可以添加对象、删除对象、修改场景、更改灯光、更改图像角度、放大或缩小等操作。它支持对话式图像编辑，允许用户通过自然语言对话在多个连续提示中迭代优化图像。

Threat actors have recently been exploiting legacy drivers to bypass certificate validation, leveraging a technique known as “Legacy Driver Exploitation.” This method involves using vulnerable drivers to evade security measures and distribute malware, as highlighted in a recent security advisory. The attack primarily utilizes the Gh0stRAT malware to remotely control infected systems and cause further […]

The post Threat Actors Leverage Legacy Drivers to Circumvent TLS Certificate Validation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In a stark revelation of the escalating cyber threat landscape, Flashpoint’s latest intelligence report highlights the alarming rise in compromised credentials and malware infections. In 2024, threat actors managed to steal an unprecedented 3.2 billion login credentials, marking a 33% increase from the previous year. This staggering figure underscores the growing reliance of cybercriminals on […]

The post Threat Actors Steal 3.2 Billion Login Credentials and Infect 23 Million Devices Worldwide appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Currently trending CVE - Hype Score: 1 - TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password for the root account which can be obtained via a brute force attack.