Aggregator

CISO Tammy Klotz Discusses the Value of Peer Support in Advance of ManuSec 2025
Manufacturers face many challenges in securing OT and IT systems, from legacy technology to managing vulnerabilities. Tammy Klotz, CISO at Trinseo and last year's ManuSec Summit event chair, discusses the value of sharing firsthand insights with a cybersecurity community.

开学季促销活动推出23款正版软件特价优惠，涵盖Windows、macOS、iOS等多平台学习办公工具，部分软件低至6折起，活动限时至2025年9月12日。

月圆之夜，正是挖洞好时节，让我们在代码的海洋中追寻别样的月圆人团圆！

Submit #637028 / VDB-321862

A vulnerability classified as problematic was found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. This vulnerability is referenced as CVE-2025-9653. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability classified as problematic has been found in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. The identification of this vulnerability is CVE-2025-9652. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Windows 11 更新 KB5063878 可能导致硬盘故障。用户可通过修改注册表将暂停更新时间从 1 周延长至 500 周。

Submit #636957 / VDB-321861

Submit #636956 / VDB-321860

A vulnerability described as critical has been identified in shafhasan chatbox up to 156a39cde62f78532c3265a70eda12c70907e56f. This impacts an unknown function of the file /chat.php. The manipulation of the argument user_id results in sql injection. This vulnerability was named CVE-2025-9651. The attack may be performed from a remote location. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

日本爱知县(Aichi)丰明（Toyoake）市政府议员正在讨论一项提案，将其 6.9 万居民的智能手机使用时间限制在两小时内，此举引发了手机上瘾的激烈讨论。该提案被认为是日本首例，丰明市长表示，该提案并不会严格执行，只是为了鼓励居民更好地管理屏幕时间。违反两小时限制的人并不会受到惩罚。市长在一份声明中表示，两小时限制只是一个指导方针，并不意味着限制居民的权利或施加义务。

A sophisticated new Mac malware campaign has emerged that exploits users’ trust in free online PDF conversion tools, demonstrating how cybercriminals continue to evolve their tactics to bypass modern security measures. Cybersecurity firm Mosyle has exclusively disclosed the discovery of JSCoreRunner, a previously unknown Mac malware strain that achieved zero detections on VirusTotal at the […]

The post Mac Malware ‘JSCoreRunner’ Abuses Online PDF Tool to Spread appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #636884 / VDB-321859

A vulnerability marked as critical has been reported in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads to path traversal. This vulnerability is uniquely identified as CVE-2025-9650. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery

A vulnerability labeled as critical has been found in Red Hat Satellite. The impacted element is an unknown function of the file /api/graphql of the component GraphQL Endpoint. Executing manipulation can lead to permission issues. This vulnerability is handled as CVE-2025-9572. The attack can be executed remotely. There is not any exploit available.

A vulnerability identified as problematic has been detected in Konica Minolta bizhub. The affected element is an unknown function of the component SMIME Email Certificate Handler. Performing manipulation results in uncaught exception. This vulnerability is known as CVE-2025-54777. Access to the local network is required for this attack. No exploit is available.

Submit #636624 / VDB-321858

Запрет на «хакерский контент» могут закрепить в законе «Об информации».

A vulnerability categorized as problematic has been discovered in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. This vulnerability is traded as CVE-2025-9649. An attack has to be approached locally. Furthermore, there is an exploit available. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3."

Submit #630494 / VDB-321855