Aggregator

A vulnerability was found in code-projects Food Ordering System 1.0. It has been classified as critical. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing manipulation of the argument itemID results in sql injection. This vulnerability is known as CVE-2025-12314. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A sophisticated new Android malware family called GhostGrab is actively targeting mobile users with a dual-monetization strategy that combines covert cryptocurrency mining with comprehensive financial data theft. GhostGrab functions as a multifaceted threat that systematically harvests banking credentials, debit card details, personal identification information, and one-time passwords through SMS interception. According to analysis by CYFIRMA, […]

The post New GhostGrab Android Malware Silently Steals Banking Login Details and Intercept SMS for OTPs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

中国共产党第二十届中央委员会第四次全体会议深入分析国际国内形势，就制定国民经济和社会发展“十五五”规划提出以下建议。

习近平：关于《中共中央关于制定国民经济和社会发展第十五个五年规划的建议》的说明

The September attack on the embassy of a European nation in New Delhi has exposed the scale of

The post Stealth APT: SideWinder Uses PDF Exploit to Target South Asian Diplomats appeared first on Penetration Testing Tools.

阿尔巴尼亚总理 Edi Rama 在柏林举行的 Global Dialogue (BGD) 上宣称，该国的 AI 部长 Diella 怀孕了，而且怀了 83 个 AI 孩子。Rama 是在上个月宣布了旨在打击腐败、负责公共采购的新部长 Diella。Diella 在阿尔巴尼亚语中意思是“太阳”，它是在今年 1 月首次作为虚拟助手在 e-Albania 平台上线，其形象是一位身穿传统服饰的女性。Rama 称 Diella 的 83 个孩子将担任执政党社民党的 83 名议员的虚拟助手。

Midway through this year, specialists at Arctic Wolf uncovered a sprawling malicious campaign that spread across South America,

The post The Invisible Threat: Caminho Loader Hides Malware in Image Pixels appeared first on Penetration Testing Tools.

The Coveware report on ransomware activity for the third quarter of 2025 paints a paradoxical picture. On one

The post The Ransomware Paradox: Payments Plummet to 23% as Insider Bribery Surges appeared first on Penetration Testing Tools.

OpenAI привлекла 170 психологов, чтобы модель не советовала ерунду при суицидальных мыслях и мании.

The widespread confidence among companies in their own cyber resilience is colliding with a new wave of threats

The post Cyber-Confidence Crisis: 95% of Firms Confident, Yet Only 15% Fully Recover from Ransomware appeared first on Penetration Testing Tools.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.154/6.6.108/6.12.49/6.16.9. Affected by this issue is some unknown functionality of the component af_alg. Executing manipulation can lead to privilege escalation. This vulnerability is registered as CVE-2025-40022. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.6.108/6.12.49/6.16.9. It has been declared as problematic. The impacted element is the function vhost_task_create. Executing manipulation can lead to privilege escalation. This vulnerability is handled as CVE-2025-40024. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.15.194/6.1.156/6.6.112/6.12.53/6.17.3 and classified as critical. This issue affects the function essiv_aead_crypt of the component crypto. This manipulation causes privilege escalation. This vulnerability appears as CVE-2025-40019. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.16.9 and classified as critical. Impacted is an unknown function of the component PC CAN FD Interface. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-40020. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.16.9. It has been classified as critical. The affected element is the function dynamic_events of the component tracing. Performing manipulation results in privilege escalation. This vulnerability is known as CVE-2025-40021. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.41/6.4.6. Affected by this vulnerability is an unknown functionality of the component cls_u32. Performing manipulation results in privilege escalation. This vulnerability is cataloged as CVE-2023-53733. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2. This vulnerability affects the function __ip_vs_ftp_exit of the component ipvs. The manipulation results in use after free. This vulnerability is reported as CVE-2025-40018. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

A large-scale phishing campaign targeting LastPass users and clients of major cryptocurrency exchanges began in mid-October, spreading under

The post LastPass ‘Death Hoax’ Phishing Targets Crypto: New CryptoChameleon Scam appeared first on Penetration Testing Tools.

Along the Myanmar–Thailand border, a swift and tangled drama is unfolding around one of the region’s most notorious

The post Chaos at the Border: Thousands Flee KK Park Scam Hub After Military Raid appeared first on Penetration Testing Tools.