Aggregator

CVE-2025-10584 | Portabilis i-Educar up to 2.10 educar_calendario_anotacao_cad.php nm_anotacao/descricao cross site scripting

Vuldb Updates
15 hours 47 minutes ago
A vulnerability described as problematic has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /intranet/educar_calendario_anotacao_cad.php. Such manipulation of the argument nm_anotacao/descricao leads to cross site scripting. This vulnerability is referenced as CVE-2025-10584. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2025-10188 | The Hack Repair Guys Plugin Archiver Plugin up to 2.0.4 on WordPress /wp-content bulk_remove cross-site request forgery

Vuldb Updates
15 hours 47 minutes ago
A vulnerability described as problematic has been identified in The Hack Repair Guys Plugin Archiver Plugin up to 2.0.4 on WordPress. This affects the function bulk_remove of the file /wp-content. Executing manipulation can lead to cross-site request forgery. The identification of this vulnerability is CVE-2025-10188. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-10125 | Memberlite Shortcodes Plugin up to 1.4 on WordPress Shortcode row cross site scripting

Vuldb Updates
15 hours 47 minutes ago
A vulnerability classified as problematic was found in Memberlite Shortcodes Plugin up to 1.4 on WordPress. Affected is the function row of the component Shortcode Handler. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-10125. The attack can be executed remotely. There is not any exploit available.
vuldb.com

RaccoonO365 Phishing Network Dismantled as Microsoft, Cloudflare Take Down 338 Domains

The Hackers News
15 hours 51 minutes ago
Microsoft's Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials from 94 countries since July 2024. "Using a court order granted by the Southern District of New York, the DCU seized 338
The Hacker News

Bots vs. humans? Why intent is the game-changer

Help Net Security
15 hours 51 minutes ago

In this Help Net Security video, Jérôme Segura, VP of Threat Research at Datadome, explains why intent, not just identifying bots, must be the new focus for cybersecurity teams. He explores how advanced AI agents and sophisticated bots blur the line between human and automated activity and shares strategies for using intent-based detection to protect against fraud and malicious traffic. Learn more: SafeLine Bot Management: Self-hosted alternative to Cloudflare Widely available AI tools signal new … More →

The post Bots vs. humans? Why intent is the game-changer appeared first on Help Net Security.

Help Net Security

CVE-2025-10143 | Catch Dark Mode Plugin up to 2.0 on WordPress Shortcode catch_dark_mode file inclusion (EUVD-2025-29676)

Vuldb Updates
15 hours 59 minutes ago
A vulnerability categorized as critical has been discovered in Catch Dark Mode Plugin up to 2.0 on WordPress. This issue affects the function catch_dark_mode of the component Shortcode Handler. The manipulation results in file inclusion. This vulnerability is known as CVE-2025-10143. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2025-9851 | Appointmind Plugin up to 4.1.0 on WordPress Shortcode appointmind_calendar cross site scripting (EUVD-2025-29675)

Vuldb Updates
15 hours 59 minutes ago
A vulnerability, which was classified as problematic, has been found in Appointmind Plugin up to 4.1.0 on WordPress. Affected by this vulnerability is the function appointmind_calendar of the component Shortcode Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-9851. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2025-9891 | User Sync Plugin up to 1.0.2 on WordPress mo_user_sync_form_handler cross-site request forgery (EUVD-2025-29672)

Vuldb Updates
15 hours 59 minutes ago
A vulnerability marked as problematic has been reported in User Sync Plugin up to 1.0.2 on WordPress. The impacted element is the function mo_user_sync_form_handler. Performing manipulation results in cross-site request forgery. This vulnerability was named CVE-2025-9891. The attack may be initiated remotely. There is no available exploit.
vuldb.com

CVE-2025-10050 | Developer Loggers for Simple History Plugin up to 0.5 on WordPress enabled_loggers file inclusion (EUVD-2025-29674)

Vuldb Updates
15 hours 59 minutes ago
A vulnerability classified as problematic has been found in Developer Loggers for Simple History Plugin up to 0.5 on WordPress. This impacts an unknown function. The manipulation of the argument enabled_loggers leads to file inclusion. This vulnerability is referenced as CVE-2025-10050. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

CVE-2025-9629 | USS Upyun Plugin up to 1.5.0 on WordPress uss_setting_page cross-site request forgery (EUVD-2025-29673)

Vuldb Updates
15 hours 59 minutes ago
A vulnerability was found in USS Upyun Plugin up to 1.5.0 on WordPress and classified as problematic. This vulnerability affects the function uss_setting_page. Executing manipulation can lead to cross-site request forgery. This vulnerability is registered as CVE-2025-9629. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

灌水

不安全
16 hours 7 minutes ago
当前环境异常,需完成验证后继续访问。

Old file types, new tricks: Attackers turn everyday files into weapons

Help Net Security
16 hours 21 minutes ago

Attackers are finding new ways to blend in with everyday business tools, hiding their activity inside formats and processes that workers and IT teams often trust. The latest quarterly Threat Insights Report from HP Wolf Security shows how attackers continue to adapt, making it harder for defenses to keep up. Living off the land to stay hidden One of the most notable campaigns observed in the Q2 of 2025 involved the XWorm remote access trojan. … More →

The post Old file types, new tricks: Attackers turn everyday files into weapons appeared first on Help Net Security.

Anamarija Pogorelec

新型钓鱼即服务平台VoidProxy:瞄准微软365与谷歌账户 可绕过第三方SSO防护

嘶吼
16 hours 22 minutes ago

最近,一款名为VoidProxy的新型钓鱼即服务(PhaaS)平台被发现,其攻击目标包括微软365和谷歌账户,即便这些账户由Okta等第三方单点登录(SSO)服务商提供保护,也难以幸免。

该平台采用AitM攻击手段,可实时窃取用户凭据、多因素认证(MFA)验证码及会话Cookie。VoidProxy由Okta威胁情报团队发现,研究人员称其具备可扩展性强、规避性高且技术复杂的特点。

VoidProxy攻击流程解析

1. 初始钓鱼邮件投递:攻击始于从已攻陷账户(多来自Constant Contact、Active Campaign、NotifyVisitors等邮件服务提供商)发送的钓鱼邮件,邮件中包含短链接——用户点击后会经过多次重定向,最终跳转至钓鱼网站。

2. 恶意网站伪装与防护:钓鱼网站托管在.icu、.sbs、.cfd、.xyz、.top、.home等低成本临时域名上,并通过Cloudflare隐藏真实IP地址。访问者首先会遇到Cloudflare的验证码(CAPTCHA)验证,此举既能过滤机器人流量,又能增强网站“合法性”;同时,平台利用Cloudflare Worker环境过滤流量并加载页面。

在恶意网站上进行Cloudflare验证码步骤

3. 目标定向与页面展示:针对选定目标,平台会展示模仿微软或谷歌登录界面的钓鱼页面;其余非目标访问者则会被引导至无威胁的通用“欢迎”页面,以此降低被察觉的概率。

4. 凭据窃取与SSO绕过:若用户在钓鱼表单中输入凭据,请求会通过VoidProxy的AitM服务器代理至谷歌或微软的官方服务器;

由VoidProxy提供的钓鱼页面

对于使用Okta等SSO服务的联合账户,用户会被重定向至第二阶段钓鱼页面——该页面模仿微软365或谷歌的Okta SSO登录流程,相关请求同样被代理至Okta官方服务器。

5. 实时数据捕获与会话劫持:VoidProxy的代理服务器在受害者与合法服务之间中转流量,同时捕获传输过程中的用户名、密码和MFA验证码;当合法服务生成会话Cookie时,平台会拦截该Cookie并创建副本,攻击者可直接在VoidProxy的管理面板中获取。

防护措施与建议

VoidProxy 的管理面板

Okta指出,已启用Okta FastPass等“防钓鱼认证”功能的用户可抵御VoidProxy攻击,并会收到账户正遭受攻击的警告。

研究人员提出以下防护建议:

·仅限受管理设备访问敏感应用;

·启用基于风险的访问控制;

·对管理类应用采用IP会话绑定;

·要求管理员执行敏感操作时重新进行身份验证。

胡金鱼

Managed ad