Qilin
You must login to view this content
Aggregator
CVE-2025-5958 | Google Chrome up to 137.0.7151.68 Media use after free (ID 420150 / EUVD-2025-18072)
3 months ago
A vulnerability classified as critical was found in Google Chrome. This vulnerability affects unknown code of the component Media. The manipulation leads to use after free.
This vulnerability was named CVE-2025-5958. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
LockBit panel data leak shows Chinese orgs among the most targeted
3 months ago
The LockBit ransomware-as-a-service (RaaS) operation has netted around $2.3 million USD within 5 months, the data leak stemming from the May 2025 hack of a LockBit affiliate panel has revealed. From that sum, the operators took their 20% cut (approximately USD 456,000), and they additionally “earned” some $10,000-$11,000 USD from affiliates that registered through the panel. “What this leak truly shows is the complex and ultimately less glamorous reality of their illicit ransomware activities. While … More →
The post LockBit panel data leak shows Chinese orgs among the most targeted appeared first on Help Net Security.
Zeljka Zorz
G.O.S.S.I.P 阅读推荐 2025-06-12 虚拟化混淆,看你七十二变?
3 months ago
虚拟化混淆技术的祛魅之旅
Turning Up the Heat on ATT&CK Heatmaps to Address Residual Risk
3 months ago
Stepping into a time machine and traveling back to the past, during the last half of my nearly 20 year career at MITRE I served in a variety of roles that spanned the evolution of MITRE ATT&CK®. I started as a detection engineer / hunter when ATT&CK was just a flicker in the eye of Blake Strom, who is now a Tidal Cyber Advisory Board member. As one of the earliest practitioners as ATT&CK gained popularity, I turned into an ATT&CK evangelist and I was tasked with increasing ATT&CK adoption across the vendor community. This eventually led to me creating ATT&CK Evaluations to keep marketing teams honest and provide vendors with an opportunity for self-reflection on how to improve coverage.
The post Turning Up the Heat on ATT&CK Heatmaps to Address Residual Risk appeared first on Security Boulevard.
Frank Duff
Foundations of Cybersecurity: Reassessing What Matters
3 months ago
To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands.
Brent Stackhouse
CVE-2012-4768 | Mikejolley Download Monitor up to 3.3.5.6 dlsearch cross site scripting (EDB-37787 / XFDB-78422)
3 months ago
A vulnerability, which was classified as problematic, has been found in Mikejolley Download Monitor up to 3.3.5.6. This issue affects some unknown processing. The manipulation of the argument dlsearch leads to cross site scripting.
The identification of this vulnerability is CVE-2012-4768. The attack may be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
MS Office 的版本控制从 Source Depot 迁移到 Git
3 months ago
本世纪初,微软面临一大难题:Windows 操作系统日益复杂,代码行数数以百万计,迫切需要某种版本控制系统。Git 当时还不存在。Subversion(SVN)才走出 CVS 的影子,商业版本控制系统 Perforce 则过于昂贵。微软毕竟是微软,它决定基于 Perforce 构建自己的系统。于是 Source Depot 诞生了。相比今天流行的 Git,Source Depot 在很多方面都更为繁琐,它不是分布式架构,而是集中式的,断网就意味着可以休息了。如果是远程办公,你需要 VPN 以及祈祷。尽管如此,它为微软可靠服务了很多年。但今天它也是呈现老态了。修补和维护日益昂贵。数百名微软工程师耗时数年终于将版本控制从 Source Depot 迁移到了 Git。四千名工程师工作的 MS Office 办公软件项目切换到了 Git。
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
3 months ago
Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's (LLM) safety and content moderation guardrails with just a single character change.
"The TokenBreak attack targets a text classification model's tokenization strategy to induce false negatives, leaving end targets vulnerable to attacks that the implemented
The Hacker News
CVE-2017-7064 | Apple Safari up to 10.1.1 WebKit Memory input validation (HT207921 / EDB-42375)
3 months ago
A vulnerability has been found in Apple Safari up to 10.1.1 and classified as problematic. This vulnerability affects unknown code of the component WebKit. The manipulation leads to improper input validation (Memory).
This vulnerability was named CVE-2017-7064. The attack can be initiated remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2017-7064 | Apple iOS up to 10.3.2 WebKit Memory input validation (HT207923 / EDB-42375)
3 months ago
A vulnerability was found in Apple iOS up to 10.3.2 and classified as problematic. Affected by this issue is some unknown functionality of the component WebKit. The manipulation leads to improper input validation (Memory).
This vulnerability is handled as CVE-2017-7064. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-46052 | WebERP 4.15.2 /StockCounts.php DEL sql injection
3 months ago
A vulnerability was found in WebERP 4.15.2 and classified as critical. This issue affects some unknown processing of the file /StockCounts.php. The manipulation of the argument DEL leads to sql injection.
The identification of this vulnerability is CVE-2025-46052. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-46053 | WebERP 4.15.2 ReportCreator.php ReplaceReportID sql injection
3 months ago
A vulnerability classified as critical has been found in WebERP 4.15.2. This affects an unknown part of the file /reportwriter/admin/ReportCreator.php. The manipulation of the argument ReplaceReportID leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-46053. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-48051 | Lichess Lila powertip.ts cross site scripting (GHSA-9xhx-p3c5-p4v6 / EUVD-2025-15174)
3 months ago
A vulnerability was found in Lichess Lila. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file powertip.ts. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2025-48051. The attack can be launched remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-47888 | DingTalk Plugin up to 2.7.3 on Jenkins TLS Certificate certificate validation (EUVD-2025-14888)
3 months ago
A vulnerability was found in DingTalk Plugin up to 2.7.3 on Jenkins. It has been declared as problematic. This vulnerability affects unknown code of the component TLS Certificate Handler. The manipulation leads to certificate with host mismatch.
This vulnerability was named CVE-2025-47888. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-47886 | Cadence vManager Plugin up to 4.0.1-286.v9e25a_740b_a_48 on Jenkins cross-site request forgery (EUVD-2025-14890)
3 months ago
A vulnerability was found in Cadence vManager Plugin up to 4.0.1-286.v9e25a_740b_a_48 on Jenkins. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery.
This vulnerability is uniquely identified as CVE-2025-47886. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-47889 | WSO2 Oauth Plugin 1.0 on Jenkins improper authentication (EUVD-2025-14885)
3 months ago
A vulnerability, which was classified as critical, was found in WSO2 Oauth Plugin 1.0 on Jenkins. This affects an unknown part. The manipulation leads to improper authentication.
This vulnerability is uniquely identified as CVE-2025-47889. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-47887 | Cadence vManager Plugin up to 4.0.1-286.v9e25a_740b_a_48 on Jenkins URL permission (EUVD-2025-14883)
3 months ago
A vulnerability was found in Cadence vManager Plugin up to 4.0.1-286.v9e25a_740b_a_48 on Jenkins and classified as critical. This issue affects some unknown processing of the component URL Handler. The manipulation leads to permission issues.
The identification of this vulnerability is CVE-2025-47887. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com
CVE-2025-4541 | LmxCMS 1.41 POST Request ZtAction.class.php manageZt sortid sql injection
3 months ago
A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file c\admin\ZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to sql injection.
This vulnerability is traded as CVE-2025-4541. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity
3 months ago
Microsoft has addressed multiple critical issues affecting Windows Server 2025 domain controllers through its June 2025 Patch Tuesday updates, resolving authentication failures and network connectivity problems that have plagued administrators since April. The fixes come as part of update KB5060842, which addresses vulnerabilities that were causing significant operational disruptions across enterprise environments. Kerberos Authentication Problems […]
The post Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Anupriya