Aggregator

CVE-2021-45930 | Qt up to 6.2.1 Qt SVG growAppend out-of-bounds write (Nessus ID 255205)

3 months 2 weeks ago

A vulnerability was found in Qt up to 6.2.1. It has been rated as critical. The affected element is the function QtPrivate::QCommonArrayOps<QPainterPath::Element>::growAppend of the component Qt SVG. Performing manipulation results in out-of-bounds write. This vulnerability is known as CVE-2021-45930. Access to the local network is required for this attack. No exploit is available. Applying a patch is the recommended action to fix this issue.

vuldb.com

Silk Typhoon hackers hijack network captive portals in diplomat attacks

Bleeping Computer.

3 months 2 weeks ago

State-sponsored hackers linked to the Mustang Panda activity cluster targeted diplomats by hijacking web traffic to redirect to a malware serving website. [...]

Bill Toulas

Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June

CyberScoop

3 months 2 weeks ago

The vendor, which has been widely targeted, said the memory-overflow vulnerability can result in remote-code execution or denial of service.

The post Citrix NetScaler customers hit by third actively exploited zero-day vulnerability since June appeared first on CyberScoop.

Matt Kapko

APT36 Targets Indian BOSS Linux Using Weaponized .desktop Shortcut Files

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

3 months 2 weeks ago

Researchers have unveiled ONEFLIP, a novel inference-time backdoor attack that compromises full-precision deep neural networks (DNNs) by flipping just one bit in the model’s weights, marking a significant escalation in the practicality of hardware-based attacks on AI systems. Unlike traditional backdoor methods that require poisoning training data or manipulating the training process, ONEFLIP operates during […]

The post APT36 Targets Indian BOSS Linux Using Weaponized .desktop Shortcut Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Velociraptor incident response tool abused for remote access

Sophos Threat Research

3 months 2 weeks ago

This approach represents an evolution from threat actors abusing remote monitoring and management tools

Mindi McDowell

CVE-2024-35203 | System Mahara up to 22.10.5/23.04.5/24.04.0 cross site scripting

VulDB Recent Entries

3 months 2 weeks ago

A vulnerability described as problematic has been identified in System Mahara up to 22.10.5/23.04.5/24.04.0. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to cross site scripting. This vulnerability appears as CVE-2024-35203. The attack may be performed from a remote location. There is no available exploit. Upgrading the affected component is recommended.

vuldb.com

CVE-2024-47192 | Mahara 23.04.8/24.04.4 Export permission

VulDB Recent Entries

3 months 2 weeks ago

A vulnerability marked as critical has been reported in Mahara 23.04.8/24.04.4. Affected is an unknown function of the component Export Handler. Performing manipulation results in permission issues. This vulnerability is reported as CVE-2024-47192. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

Farmers Insurance discloses a data breach impacting 1.1M customers

Security Affairs

3 months 2 weeks ago

Farmers Insurance suffered a breach tied to Salesforce attacks, exposing data of 1.1M customers across its nationwide insurance network. Farmers Insurance disclosed a data breach affecting 1,071,172 customers, linked to the recent wave of Salesforce attacks, as per Bleeping Computer. The company is an American insurer group of vehicles, homes and small businesses and also […]

Pierluigi Paganini

Lynx

Dark Feed IO

3 months 2 weeks ago

You must login to view this content

cohenido

Lynx

Dark Feed IO

3 months 2 weeks ago

You must login to view this content

cohenido

When One Hospital Gets Ransomware, Others Feel the Pain

darkreading

3 months 2 weeks ago

Without key security defenses, including backup recovery and multifactor authentication implementation, all parties, including neighboring hospitals and patients, suffer.

Arielle Waldman

Staying Ahead with Advanced NHI Detection?

Security Boulevard

3 months 2 weeks ago

Why is Advanced NHI Detection the Game Changer in Cybersecurity? Have you ever considered how Non-Human Identities (NHIs) impact your organization’s cybersecurity strategy? Protecting your business extends far beyond securing your employees’ credentials. Machine identities, or NHIs, are making their way to the forefront of cybersecurity. This calls for a proactive approach with advanced NHI […]

The post Staying Ahead with Advanced NHI Detection? appeared first on Entro.

The post Staying Ahead with Advanced NHI Detection? appeared first on Security Boulevard.

Alison Mack

Is Your Secrets Vault Truly Impenetrable?

Security Boulevard

3 months 2 weeks ago

Unlocking the Real Value of Secrets Vault Security How much credence does your organization assign to secrets vault security? If you are operating in the cloud, the bulletproof protection of Non-Human Identities (NHIs) and their associated secrets is paramount. Now, more than ever, the need for effective security measures around NHIs is being emphasized due […]

The post Is Your Secrets Vault Truly Impenetrable? appeared first on Entro.

The post Is Your Secrets Vault Truly Impenetrable? appeared first on Security Boulevard.

Alison Mack

AI Agents in Browsers Light on Cybersecurity, Bypass Controls

darkreading

3 months 2 weeks ago

Companies looking to benefit from agentic browsers pause: The services can tap into a user's online accounts and automate tasks but also expose organizational data and systems to myriad threats.

Robert Lemos, Contributing Writer

CVE-2025-9514 | macrozheng mall up to 1.0.3 Registration weak password (Issue 923)

VulDB Recent Entries

3 months 2 weeks ago

A vulnerability labeled as problematic has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. This vulnerability is documented as CVE-2025-9514. The attack can be executed remotely. There is not any exploit available. The vendor deleted the GitHub issue for this vulnerability without and explanation.

vuldb.com

CVE-2025-9513 | editso fuso up to 1.0.4-beta.7 mod.rs PenetrateRsaAndAesHandshake priv_key inadequate encryption

VulDB Recent Entries

3 months 2 weeks ago

A vulnerability identified as problematic has been detected in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate encryption strength. This vulnerability is registered as CVE-2025-9513. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

Submit #635503: macrozheng mall ≤ v1.0.3 CWE-521 [Accepted]

Vuldb Submit

3 months 2 weeks ago

Submit #635503 / VDB-321507

ez-lbz

Submit #635449: editso fuso dev CWE-326: Inadequate Encryption Strength [Accepted]

Vuldb Submit

3 months 2 weeks ago

Submit #635449 / VDB-321506

dev03301

Governments, tech companies meet in Tokyo to share tips on fighting North Korea IT worker scheme

The Record

3 months 2 weeks ago

The U.S. State Department said it worked with the Ministries of Foreign Affairs in Japan and South Korea to organize the forum, which had more than 130 attendees from freelance work platforms, payment service providers, cryptocurrency companies, AI firms and more.

Submit #635424: opengoofy hippo4j <= v1.5.0 Hard-coded Credentials [Duplicate]

Vuldb Submit

3 months 2 weeks ago

Submit #635424 / VDB-320991

A_Groundhog

Aggregator

Managed ad