Aggregator

CVE-2025-21073 | Samsung Devices USB Connection Mode insecure default initialization of resource

VulDB Recent Entries
3 months 1 week ago
A vulnerability has been found in Samsung Devices and classified as critical. This vulnerability affects unknown code of the component USB Connection Mode. Performing manipulation results in insecure default initialization of resource. This vulnerability is reported as CVE-2025-21073. The attacker must have access to the local network to execute the attack. No exploit exists.
vuldb.com

CVE-2025-64151 | Roboticsware FA-Panel6/BA-Panel6/PA-Panel6/FA-Server6 Windows Service unquoted search path

VulDB Recent Entries
3 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Roboticsware FA-Panel6, BA-Panel6, PA-Panel6 and FA-Server6. Affected by this issue is some unknown functionality of the component Windows Service. This manipulation causes unquoted search path. This vulnerability is registered as CVE-2025-64151. The attack needs to be launched locally. No exploit is available.
vuldb.com

CVE-2025-21079 | Samsung Members 2.4.25/3.9.10.11/4.2.005/5.0.00.11/5.2.00.12 input validation

VulDB Recent Entries
3 months 1 week ago
A vulnerability classified as problematic was found in Samsung Members 2.4.25/3.9.10.11/4.2.005/5.0.00.11/5.2.00.12. Affected by this vulnerability is an unknown functionality. The manipulation results in improper input validation. This vulnerability is cataloged as CVE-2025-21079. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-6027 | Ace User Management Plugin up to 2.0.3 on WordPress Password Reset Token password recovery

VulDB Recent Entries
3 months 1 week ago
A vulnerability described as critical has been identified in Ace User Management Plugin up to 2.0.3 on WordPress. This impacts an unknown function of the component Password Reset Token Handler. Executing manipulation can lead to weak password recovery. This vulnerability is tracked as CVE-2025-6027. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2025-11072 | MelAbu WP Download Counter Button Plugin up to 1.8.6.7 on WordPress information disclosure

VulDB Recent Entries
3 months 1 week ago
A vulnerability marked as problematic has been reported in MelAbu WP Download Counter Button Plugin up to 1.8.6.7 on WordPress. This affects an unknown function. Performing manipulation results in information disclosure. This vulnerability is identified as CVE-2025-11072. The attack can be initiated remotely. There is not any exploit available.
vuldb.com

CVE-2025-10873 | ElementInvader Addons for Elementor Plugin up to 1.4.0 on WordPress authorization

VulDB Recent Entries
3 months 1 week ago
A vulnerability labeled as critical has been found in ElementInvader Addons for Elementor Plugin up to 1.4.0 on WordPress. The impacted element is the function elementinvader_addons_for_elementor_forms_send_form. Such manipulation leads to missing authorization. This vulnerability is referenced as CVE-2025-10873. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

Google 移除安娜的档案 7.49 亿网址

Solidot
3 months 1 week ago
根据 Google 的透明度报告,版权持有者要求移除安娜的档案(Anna's Archive)7.84 亿个网址,Google 满足了绝大部分的要求,移除了 7.49 亿网址,少数被驳回是因为 Google 没有索引相关链接。安娜的档案的网址占到了 Google 收到的所有版权移除请求数的 5%。自 2012 年首次公布透明度报告以来,版权持有者向 Google 报告了 151 亿个涉嫌侵权的网址。Penguin Random House 和 John Wiley & Sons 是针对安娜的档案的最活跃图书出版商,版权持有者平均每周向 Google 报告约 1000 万个安娜的档案新网址。

AI can flag the risk, but only humans can close the loop

Help Net Security
3 months 1 week ago

In this Help Net Security interview, Dilek Çilingir, Global Forensic & Integrity Services Leader at EY, discusses how AI is transforming third-party assessments and due diligence. She explains how machine learning and behavioral analytics help organizations detect risks earlier, improve compliance, and strengthen accountability. As oversight grows, Çilingir explains why human judgment still matters in every AI-supported decision. When a third-party breach occurs, the forensic investigation often uncovers weak points that AI could have flagged … More →

The post AI can flag the risk, but only humans can close the loop appeared first on Help Net Security.

Mirko Zorz

Nine arrested in €600M crypto laundering bust across Europe

Security Affairs
3 months 1 week ago
A coordinated Eurojust-led operation led to nine arrests in Cyprus, Spain, and Germany for laundering €600M in crypto fraud. Authorities in France, Belgium, and Cyprus arrested nine people in a coordinated Eurojust-led operation against a crypto money laundering ring that stole over €600 million. The group ran dozens of fake crypto investment sites that promised […]
Pierluigi Paganini

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

The Hackers News
3 months 1 week ago
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to
The Hacker News

麒麟勒索软件滥用 WSL 在 Windows 中运行 Linux 加密器

Solidot
3 months 1 week ago
麒麟(Qilin)勒索软件被发现滥用 Windows Subsystem for Linux(WSL)在 Windows 操作系统中执行 Linux 加密器以逃避传统安全工具的检测。麒麟勒索软件最初的名字叫 Agenda,2022 年 9 月改名为麒麟,沿用至今,它是目前最活跃的勒索软件之一。安全公司趋势科技和思科 Talos 报告,麒麟勒索软件组织今年至今攻击了 62 个国家的逾 700 名受害者,2025 年下半年每月新增受害者逾 40。趋势科技的安全研究员报告,麒麟勒索软件组织利用 WinSCP 将 Linux ELF 加密器传输到入侵的设备,然后通过 Splashtop 远程管理软件 (SRManager.exe) 直接在 Windows 系统中启动加密器。该加密器无法直接在 Windows 中运行,必须通过 WSL 子系统。WSL 允许用户直接在 Windows 系统中安装和运行 Linux 发行版,攻击者在获得设备的访问权限之后,会启用或安装 WSL,然后执行加密器,绕过传统的 Windows 安全软件。

Managed ad