Aggregator

A vulnerability classified as critical has been found in CubeWP Plugin up to 1.1.23 on WordPress. Affected is the function update_user_meta. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-4315. It is possible to launch the attack remotely. There is no exploit available.

A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable. Dubbed Hydroph0bia, this flaw enables pre-boot execution of unsigned code, posing severe risks to enterprise and consumer devices. Insecure NVRAM Variable Handling The vulnerability stems from the improper use […]

The post Insyde UEFI Flaw Enables Digital Certificate Injection via NVRAM Variable appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

В Купертино обновили всё на свете — и всё равно остались уязвимы.

Telegram 创始人兼 CEO Pavel Durov 今年早些时候声称，在该应用 12 年历史中从未披露一字节私人消息。但 Telegram 并非端对端加密，要获取其私人消息，也许只要中间人并不需要 Telegram 的“配合”？IStories 的调查发现，45 岁的俄罗斯网络工程师 Vladimir Vedeneev 控制着 Telegram 的网络基础设施，法庭文件显示，他被赋予了对部分 Telegram 服务器的独家访问权限，甚至还能代表 Telegram 签署合同（以首席财务官的身份）。没有证据表明他的公司与俄罗斯合作或向其提供数据。但与 Vedeneev 有密切联系的两家公司其客户之一是俄罗斯联邦安全局（FSB）。匿名乌克兰 IT 专家声称俄罗斯军方在控制了 Telegram 的网络基础设施之后能对乌克兰进行中间人级别的监控。他表示俄罗斯对用户的通信内容不感兴趣，元数据——IP 地址、用户位置和通信联络人——的分析能透露更多情报。Telegram 用户之间的聊天默认并不启用端对端加密，即使启用了，该应用使用的 MTProto 协议在加密消息前都会添加一个未加密字段 auth_key_id。这一字段让识别特定用户设备成为可能。

Пока другие шумят про ИИ, Apple просто делает тихую революцию.

Currently trending CVE - Hype Score: 12 - Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability

Google Chrome’s Stable channel is being updated to version 137.0.7151.103 for Windows and Mac, with Linux receiving version 137.0.7151.103 as well. The rollout will take place gradually over the coming days and weeks, ensuring smooth deployment and minimal disruption for users. The official changelog provides a detailed breakdown of all modifications and enhancements included in […]

The post Multiple Chrome Flaws Enable Remote Code Execution by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

相关恶意网址和恶意IP归属地主要涉及：美国、德国、荷兰、法国、瑞士、哥伦比亚、新加坡、越南。

Poseidon的AppleScript代码显示，它可以收集浏览器数据，其中包括来自基于Chrome的浏览器和钱包的特定扩展数据。

OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It offers a controlled and extensible framework for running these tests. What it does Nettacker scans networks to find weaknesses. It maps out live hosts, open ports, services, and basic misconfigurations. It can also run some … More →

The post OWASP Nettacker: Open-source scanner for recon and vulnerability assessment appeared first on Help Net Security.

Ubuntu 桌面团队成员 Jean Baptiste Lallement 宣布，即将于今年 10 月推出的下个版本 Ubuntu 25.10 其桌面环境 GNOME 将停止支持 X11。GNOME 项目已计划在 GNOME 49 中移除对 X11 的支持，而 GNOME 49 计划于 9 月发布，Ubuntu 此举旨在未雨绸缪，为下个 LTS（长期支持）版本 Ubuntu 26.04 做好准备。Ubuntu 25.10 是 26.04 前的一个过渡版本，让 25.10 和 26.04 保持一致有助于减少碎片化，让开发者和用户有更多时间准备和适应。

A vulnerability was found in Adobe Experience Manager up to 6.5.22. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-47071. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.22 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-47115. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Experience Manager up to 6.5.22 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-47092. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Adobe Experience Manager up to 6.5.22. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-47087. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe Experience Manager up to 6.5.22. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-47116. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe Experience Manager up to 6.5.22. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-47117. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Adobe Experience Manager up to 6.5.22. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-47114. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.22. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-47093. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.