Aggregator

⚡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

The Hackers News
2 months 1 week ago
Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals.
The Hacker News

CVE-2023-39850 | Schoolmate 1.3 DeleteFunctions.php courseid/teacherid sql injection (EUVD-2023-43550)

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as critical, has been found in Schoolmate 1.3. The affected element is an unknown function of the file DeleteFunctions.php. The manipulation of the argument courseid/teacherid leads to sql injection. This vulnerability is uniquely identified as CVE-2023-39850. The attack can only be initiated within the local network. No exploit exists.
vuldb.com

CVE-2023-39841 | Etekcity 3-in-1 Smart Door Lock 1.0 RFID Tag missing encryption (EUVD-2023-43541)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Etekcity 3-in-1 Smart Door Lock 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component RFID Tag. The manipulation leads to missing encryption of sensitive data. This vulnerability is listed as CVE-2023-39841. It is possible to launch the attack on the physical device. There is no available exploit.
vuldb.com

CVE-2023-39842 | Digoo DG-HAMB Smart Home Security System 1.0 RFID Tag missing encryption (EUVD-2023-43542)

Vuldb Updates
2 months 1 week ago
A vulnerability categorized as problematic has been discovered in Digoo DG-HAMB Smart Home Security System 1.0. This affects an unknown part of the component RFID Tag. The manipulation results in missing encryption of sensitive data. This vulnerability is cataloged as CVE-2023-39842. An attack on the physical device is feasible. There is no exploit available.
vuldb.com

CVE-2023-39843 | Suleve 5-in-1 Smart Door Lock 1.0 RFID Tag missing encryption (EUVD-2023-43543)

Vuldb Updates
2 months 1 week ago
A vulnerability identified as problematic has been detected in Suleve 5-in-1 Smart Door Lock 1.0. This vulnerability affects unknown code of the component RFID Tag. This manipulation causes missing encryption of sensitive data. This vulnerability is registered as CVE-2023-39843. It is feasible to perform the attack on the physical device. No exploit is available.
vuldb.com

CVE-2023-39834 | PbootCMS up to 3.1.x create_function command injection (EUVD-2023-43534)

Vuldb Updates
2 months 1 week ago
A vulnerability categorized as critical has been discovered in PbootCMS up to 3.1.x. This vulnerability affects the function create_function. The manipulation results in command injection. This vulnerability is identified as CVE-2023-39834. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2023-39827 | Tenda A18 15.13.07.09 formAddMacfilterRule rule_info stack-based overflow (EUVD-2023-43527)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Tenda A18 15.13.07.09 and classified as critical. The impacted element is the function formAddMacfilterRule. Executing a manipulation of the argument rule_info can lead to stack-based buffer overflow. This vulnerability appears as CVE-2023-39827. The attacker needs to be present on the local network. There is no available exploit.
vuldb.com

CVE-2023-39829 | Tenda A18 15.13.07.09 fromSetWirelessRepeat wpapsk_crypto2_4g stack-based overflow (EUVD-2023-43529)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Tenda A18 15.13.07.09. It has been classified as critical. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. This vulnerability is traded as CVE-2023-39829. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com

CVE-2023-39809 | N.V.K.INTER iBSG 3.5 network-basic.php system_hostname command injection (EUVD-2023-43509)

Vuldb Updates
2 months 1 week ago
A vulnerability categorized as critical has been discovered in N.V.K.INTER iBSG 3.5. The impacted element is an unknown function of the file /manage/network-basic.php. Executing a manipulation of the argument system_hostname can lead to command injection. The identification of this vulnerability is CVE-2023-39809. The attack needs to be done within the local network. There is no exploit available.
vuldb.com

Lazarus Hackers Actively Attacking European Drone Manufacturing Companies

Cyber Security News
2 months 1 week ago

Lazarus, a sophisticated North Korean-aligned hacking group also known as HIDDEN COBRA, has launched a new wave of targeted attacks against European drone manufacturers and defense contractors. The campaign, tracked as Operation DreamJob, emerged in late March 2025 and specifically targets organizations developing unmanned aerial vehicle technology across Central and Southeastern Europe. Researchers have identified […]

The post Lazarus Hackers Actively Attacking European Drone Manufacturing Companies appeared first on Cyber Security News.

Tushar Subhra Dutta

Winning Against AI-Based Attacks Requires a Combined Defensive Approach

The Hackers News
2 months 1 week ago
If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in real-time to evade
The Hacker News

Managed ad