Aggregator

Currently trending CVE - Hype Score: 4 - The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible for ...

NIST and the University of Colorado Boulder have created a public service that delivers random numbers using quantum mechanics. Called the Colorado University Randomness Beacon (CURBy), the system offers a daily stream of certifiable random numbers generated through a process that no one can predict or manipulate. Instrumentation for the quantum random number generator (Source: NIST) For security professionals, randomness is essential. But most systems use pseudo-random numbers, which are generated by algorithms and can … More →

The post CURBy: A quantum random number generator you can verify appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Alexander Staalgaard' was reported to the affected vendor on: 2025-06-17, 65 days ago. The vendor is given until 2025-10-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-06-17, 79 days ago. The vendor is given until 2025-10-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-06-17, 79 days ago. The vendor is given until 2025-10-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-06-17, 79 days ago. The vendor is given until 2025-10-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Maher Azzouzi' was reported to the affected vendor on: 2025-06-17, 79 days ago. The vendor is given until 2025-10-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind." The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice notes, and text for 24 hours. These efforts are "rolling out gradually," per the company. The social

Cybersecurity threats are growing more complex, and domain-based attacks are at the center of this shift. CSC’s CISO Outlook 2025 report, based on a survey of 300 security leaders, reveals a rising sense of urgency as organizations confront both established and emerging threats. 70 percent of respondents expect an increase in cyber threats in 2025, and 98 percent believe risks will continue rising over the next three years. Domain-related threats, such as cybersquatting, DNS hijacking, … More →

The post CISOs brace for a surge in domain-based cyber threats appeared first on Help Net Security.

本文提出了Oscar框架，一种面向多标签网页浏览场景的精细化网页指纹识别方法。

A vulnerability was found in Apache NuttX RTOS up to 12.8.x. It has been rated as problematic. Affected by this issue is some unknown functionality of the component bdf-converter. The manipulation leads to infinite loop. This vulnerability is handled as CVE-2025-47868. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Apache NuttX RTOS up to 12.8.x. This affects an unknown part of the component xmlrpc. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-47869. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig/departmentsetting.php. The manipulation of the argument gblOrgID leads to sql injection. This vulnerability is known as CVE-2025-6132. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads to cross site scripting. This vulnerability is traded as CVE-2025-6131. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Commerce Alphabank Redirect up to 1.0.2 on Drupal. This vulnerability affects unknown code. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-48446. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Commerce Eurobank up to 2.1.0 on Drupal and classified as critical. This issue affects some unknown processing. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2025-48445. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mozilla Firefox up to 139.0.3. Affected is the function OrderedHashTable of the component JavaScript Engine. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2025-49710. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 139.0.3. It has been rated as critical. This issue affects some unknown processing of the component Canvas Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2025-49709. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

CISO Nightfall AI | USA | On-site – View job details As a CISO, you will own and continuously evolve Nightfall’s overall security strategy, ensuring the organization remains ahead of emerging threats and adheres to industry standards. You will lead enterprise risk management, compliance initiatives, audit readiness, and security operations. Additionally, you will oversee the information security architecture, secure software development lifecycle (SDLC), and incident response processes. Cloud Security Engineer SMBC Group | Ireland | … More →

The post Cybersecurity jobs available right now: June 17, 2025 appeared first on Help Net Security.

<p>Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known vulnerability by targeting two headers used in some JWT setups.</p>