Aggregator

A vulnerability classified as problematic has been found in Ultra Addons for Contact Form 7 Plugin up to 3.5.21 on WordPress. This affects the function UACF7_CUSTOM_FIELDS of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-6756. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Dear Flipbook Plugin up to 2.3.65 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument pdf-source leads to cross site scripting. This vulnerability is handled as CVE-2025-5314. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in LizardByte Sunshine 0.16/0.17/0.18.0/0.23.0/2025.118.151840. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-53095. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

DigitalOcean announced expanded capabilities for its identity management offerings with custom roles, the newest Role-Based Access Control (RBAC) offering for its cloud platform. This offering allows customers to create roles that are specifically tailored to the job responsibilities of their team members. As a result, custom roles allow organizations to apply the principle of least privilege, which helps to reduce security risks and strengthen the security of their cloud resources. Custom roles can reduce security … More →

The post DigitalOcean boosts identity management offerings with custom roles appeared first on Help Net Security.

A vulnerability was found in Trellix Endpoint Security HX 10.0.4. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument Malware Scan Name leads to cross site scripting. This vulnerability is traded as CVE-2025-5967. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in bitcoinjs tiny-secp256k1 up to 1.1.6 and classified as critical. This issue affects the function verify of the component Global Buffer Handler. The manipulation leads to improper verification of cryptographic signature. The identification of this vulnerability is CVE-2024-49365. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

The U.S. Department of Justice (DOJ) has announced a major crackdown on North Korea’s covert use of remote information technology (IT) workers to siphon millions from American companies and fund its weapons programs. The coordinated law enforcement actions, resulted in the arrest of a New Jersey man, the seizure of 29 financial accounts, 21 fraudulent […]

The post U.S. DOJ Cracks Down on North Korean Remote IT Workforce Operating Illegally appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Electron up to 30.0.4/31.0.0-alpha.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper validation of integrity check value. This vulnerability was named CVE-2024-46992. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

Nearly three out of four European IT and cybersecurity professionals say staff are already using generative AI at work, up ten points in a year, but just under a third of organizations have put formal policies in place, according to new ISACA research. The use of AI is becoming more prevalent within the workplace, and so regulating its use is best practice. Yet 31% of organizations have a formal, comprehensive AI policy in place, highlighting … More →

The post GenAI is everywhere, but security policies haven’t caught up appeared first on Help Net Security.

A vulnerability, which was classified as problematic, was found in LizardByte Sunshine 0.16/0.17/0.18.0/0.23.0/2025.118.151840. This affects an unknown part of the component Sunshine Interface. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is uniquely identified as CVE-2025-53096. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in bitcoinjs tiny-secp256k1 up to 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to insufficiently protected credentials. This vulnerability is handled as CVE-2024-49364. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Red Hat Ansible Automation Platform. Affected by this vulnerability is an unknown functionality of the component EDA Component. The manipulation leads to code injection. This vulnerability is known as CVE-2025-49521. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Konica Minolta bizhub 227 Multifunction Printer up to GCQ-Y3. Affected is an unknown function of the component LDAP. The manipulation leads to insufficiently protected credentials. This vulnerability is traded as CVE-2025-6081. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Electron up to 28.3.1/29.3.2/30.0.2. It has been rated as critical. This issue affects the function nativeImage.createFromPath/nativeImage.createFromBuffer. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2024-46993. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Red Hat Ansible Automation Platform. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to argument injection. This vulnerability was named CVE-2025-49520. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in JanssenProject jans up to 1.7.x. It has been classified as problematic. This affects an unknown part of the component Config API. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-53003. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome and classified as critical. Affected by this issue is some unknown functionality of the component V8. The manipulation leads to type confusion. This vulnerability is handled as CVE-2025-6554. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM System Storage Virtualization Engine TS7700 8.54.2.17/8.60.0.115/8.60.0.115 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-36056. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM System Storage Virtualization Engine TS7700 8.54.2.17/8.60.0.115/8.60.0.115. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-2141. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in DataEase up to 2.10.10. This issue affects some unknown processing of the component PostgreSQL Data Source JDBC Connection Handler. The manipulation leads to improper neutralization of substitution characters. The identification of this vulnerability is CVE-2025-53005. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.