Aggregator

A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been classified as critical. This affects the function searchByPage of the file /book/searchByPage. The manipulation of the argument sort leads to sql injection. This vulnerability is uniquely identified as CVE-2025-3856. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Michelson Realty Company LLC Falls Victim to Qilin Ransomware

A vulnerability was found in CodeCanyon RISE Ultimate Project Manager 3.8.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php/team_members/save_profile_image/ of the component Profile Picture Handler. The manipulation of the argument profile_image_file leads to improper control of resource identifiers. This vulnerability is handled as CVE-2025-3855. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. This vulnerability was named CVE-2024-0545. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #557011 / VDB-305781

A vulnerability has been found in Sonos api.sonos.com up to 2025-04-21 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login/v3/oauth of the component RFC 6819 Handler. The manipulation of the argument redirect_uri leads to use of non-canonical url paths for authorization decisions. This vulnerability is known as CVE-2025-43916. The attack can be launched remotely. There is no exploit available. This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves.

Submit #556871 / VDB-305780

Recent research has unveiled a concerning vulnerability within the realm of containerized applications, where threat actors are leveraging stolen certificates and private keys to infiltrate organizations. This tactic not only allows hackers to bypass security measures but also potentially permits them to remain undetected for extended periods, posing significant risks to corporate security. The Stealth […]

The post Hackers Exploit Stolen Certificates and Private Keys to Breach Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Павел Дуров заявил о принципиальной позиции.

Cybersecurity researchers at Guardio Labs have unveiled a troubling new trend dubbed “VibeScamming,” where cybercriminals are using AI tools to create sophisticated phishing campaigns with unprecedented ease. This development, which allows even novice hackers to craft convincing scams, marks a significant shift in the cyber threat landscape, facilitated by the democratization of AI technology. The […]

The post VibeScamming: Hackers Leverage AI to Craft Phishing Schemes and Functional Attack Models appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to buffer overflow. This vulnerability is traded as CVE-2025-3854. The attack needs to be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. Other functions might be affected as well.

In an era where cybersecurity has become paramount, the banking and financial sectors are facing an alarming escalation in ransomware attacks. According to recent findings, each ransomware attack costs banks an average of $6.08 million, excluding the additional expenses on cybersecurity upgrades and regulatory fines. These cyber threats not only drain finances but also cause […]

The post Ransomware Attacks Cost Banks $6.08 Million on Average, Triggering Downtime and Reputation Damage appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new variant of the FOG ransomware has been identified, with attackers exploiting the name of the Department of Government Efficiency (DOGE) to mislead victims. This operation, which came to light through the analysis of nine malware samples uploaded to VirusTotal between March 27 and April 2, demonstrates a cunning approach to ransomware distribution. Infiltration […]

The post Cybercriminals Deploy FOG Ransomware Disguised as DOGE via Malicious Emails appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #556616 / VDB-305778

Submit #556617 / VDB-305778

Submit #556618 / VDB-305778

Submit #556615 / VDB-305778

Submit #556614 / VDB-305778

A vulnerability was found in Apple iOS and iPadOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component App Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2023-40400. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.