Aggregator

A vulnerability labeled as critical has been found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. This vulnerability is known as CVE-2025-8935. The attack can be launched remotely. Furthermore, there is an exploit available.

Creator, Author and Presenter: Erin Barry

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Round And Around We Go: Interviews, What Do You Know? appeared first on Security Boulevard.

为了更好地培养学生掌握先进的数据挖掘与分析方法，锻炼学生敏锐的情报洞察力，为将来投身于开源情报领域的工作奠定坚实的基础。特举办“第三届全国大学生开源情报数据采集与分析大赛”。

以色列的情报机构。

A sophisticated new phishing campaign targeting Gmail users through a multi-layered attack that uses legitimate Microsoft Dynamics infrastructure to bypass security measures and steal login credentials. The attack begins with deceptive “New Voice Notification” emails that appear to come from legitimate voicemail services. These emails contain spoofed sender information and feature prominent “Listen to Voicemail” […]

The post New Gmail Phishing Attack With Weaponized Login Flow Steals Credentials appeared first on Cyber Security News.

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. [...]

Microsoft recently revealed that it's currently enhancing protection against dangerous file types and malicious URLs in Teams chats and channels. [...]

Security researchers have uncovered four serious vulnerabilities in ImageMagick, one of the world’s most widely used open-source image processing software suites, potentially exposing millions of users to security risks. The vulnerabilities, discovered by researcher “urban-warrior” and published three days ago, include two high-severity flaws that could allow attackers to execute malicious code through specially crafted […]

The post Multiple ImageMagick Vulnerabilities Cause Memory Corruption and Integer Overflows appeared first on Cyber Security News.

Rotherham hacker Al-Tahery Al-Mashriky jailed for 20 months after global cyberattacks, stealing millions of logins and targeting government…

F5 Networks has disclosed a new HTTP/2 vulnerability affecting multiple BIG-IP products that could allow remote attackers to launch denial-of-service attacks against corporate networks. The security flaw, designated CVE-2025-54500 and dubbed the “HTTP/2 MadeYouReset Attack,” was published on August 13, 2025, with updates released on August 15. The vulnerability exploits malformed HTTP/2 control frames to […]

The post F5 Fixes HTTP/2 Vulnerability Enabling Massive DoS Attacks appeared first on Cyber Security News.

Researchers at Hunt.io have made a significant discovery in the cybersecurity field by obtaining and analyzing the complete source code of ERMAC V3.0. This advanced Android banking trojan targets over 700 financial applications worldwide. This unique insight into an active malware-as-a-service platform offers a valuable understanding of modern cybercriminal operations and highlights critical vulnerabilities that could assist […]

The post ERMAC v3.0 Banking Malware Source Code Exposed via Weak Password ‘changemeplease’ appeared first on Cyber Security News.

数据显示，今年前七个月电动汽车销量逾 1070 万辆，同比增长 27%。其中中国销量 650 万辆同比增长 29%， 欧洲 230 万辆增长 30%，北美 100 万辆增长 2%，其它地区总销量 90 万辆增长 42%。欧洲地区的德国、英国和意大利销量都有强劲增长，欧洲地区的纯电增长 30% 插电混动增长 32%。美国的电动汽车市场则因为政策阻力而销售疲软。

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.39/6.15.7. Impacted is the function rtnl_lock of the component virtio-net. Performing manipulation results in deadlock. This vulnerability is identified as CVE-2025-38551. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This issue affects the function cifs_oplock_break of the component smb. Such manipulation leads to use after free. This vulnerability is referenced as CVE-2025-38527. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.15.7. This vulnerability affects the function local_bh_enable of the file kernel/softirq.c. This manipulation causes stack-based buffer overflow. The identification of this vulnerability is CVE-2025-38525. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This affects the function bpf_trace_printk in the library lib/vsprintf.c of the component bpf. The manipulation of the argument fmt[] results in format string. This vulnerability was named CVE-2025-38528. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.99/6.12.39/6.15.7. Affected by this issue is the function ice_lag_is_switchdev_running. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-38526. The attack can only be initiated within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.6.99/6.12.39/6.15.7. Affected by this vulnerability is the function user_mutex of the file net/rxrpc/recvmsg.c. Executing manipulation can lead to race condition. This vulnerability is handled as CVE-2025-38524. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.15.7. Affected is the function update_locked_rq. Performing manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-38522. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.