Whispers of XZ Utils Backdoor Live on in Old Docker Images
Developers maintaining the images made the "intentional choice" to leave the artifacts available as "a historical curiosity," given the improbability they'd be exploited.
Aggregator
Infamous XZ Backdoor Found Hidden in Docker Images for Over a Year
6 months ago
Security researchers at Binarly have discovered that the sophisticated supply chain hack still exists in publicly accessible Docker images on Docker Hub, more than a year after the startling revelation of the XZ Utils backdoor in March 2024. The backdoor, attributed to a pseudonymous developer known as ‘Jia Tan’ who infiltrated the XZ Utils project […]
The post Infamous XZ Backdoor Found Hidden in Docker Images for Over a Year appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
Qilin
6 months ago
You must login to view this content
cohenido
New ‘Curly’ threat actor found targeting sensitive organizations in Georgia, Moldova
6 months ago
Researchers observed a threat actor advancing Russian interests by targeting state organizations and an energy supplier in Georgia and Moldova.
F5 security advisory (AV25-509)
6 months ago
Canadian Centre for Cyber Security
That 16 Billion Password Story (AKA "Data Troll")
6 months ago
Spoiler: I have data from the story in the title of this post, it's mostly what I expected it to be, I've just added it to HIBP where I've called it "Data Troll", and I'm going to give everyone a
Troy Hunt
Emerging AI-Driven Phishing Trends Reshape Cybercrime Tactics
6 months ago
Artificial intelligence (AI) in advances and adaptive social engineering techniques have led to a significant revolution in phishing and scams within the continually changing realm of cybercrime. Cybercriminals are leveraging neural networks and large language models (LLMs) to craft hyper-realistic deceptive content, exploiting current events and personal data to target individuals and organizations more effectively. […]
The post Emerging AI-Driven Phishing Trends Reshape Cybercrime Tactics appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
New York lawsuit against Zelle creator alleges features allowed $1 billion in thefts
6 months ago
New York's attorney general filed a lawsuit accusing the Zelle payment system of not doing enough to fight fraud, echoing allegations that the Biden administration had made against the platform's operator.
CVE-2025-9013 | PHPGurukul Online Shopping Portal Project 2.0 password-recovery.php emailid sql injection
6 months ago
A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0 and classified as critical. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection.
This vulnerability was named CVE-2025-9013. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-9012 | PHPGurukul Online Shopping Portal Project 2.0 bill-ship-addresses.php billingpincode sql injection
6 months ago
A vulnerability, which was classified as critical, was found in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the argument billingpincode leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-9012. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-9011 | PHPGurukul Online Shopping Portal Project 2.0 /shopping/signup.php emailid sql injection
6 months ago
A vulnerability, which was classified as critical, has been found in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection.
This vulnerability is handled as CVE-2025-9011. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
Windows 11 24H2 updates failing again with 0x80240069 errors
6 months ago
The KB5063878 Windows 11 24H2 cumulative update, released earlier this week, fails to install on some systems according to widespread reports from Windows administrators. [...]
Sergiu Gatlan
Там, где медицина опустила руки, вмешался ИИ. PepMLM нашел путь к нелечебному раку
6 months ago
Новый алгоритм помогает создавать пептиды для борьбы с раком, болезнью Хантингтона и смертельными вирусами.
Submit #629553: PHPGurukul Online Shopping Portal Project V2.0 SQL Injection [Accepted]
6 months ago
Submit #629553 / VDB-320044
Device
Submit #629456: PHPGurukul Online Shopping Portal Project V2.0 SQL Injection [Accepted]
6 months ago
Submit #629456 / VDB-320043
Device
Submit #629438: PHPGurukul Online Shopping Portal Project V2.0 SQL Injection [Accepted]
6 months ago
Submit #629438 / VDB-320042
Device
HPE security advisory (AV25-508)
6 months ago
Canadian Centre for Cyber Security
CVE-2025-9010 | itsourcecode Online Tour and Travel Management System 1.0 booking_report.php from_date sql injection
6 months ago
A vulnerability classified as critical was found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/booking_report.php. The manipulation of the argument from_date leads to sql injection.
This vulnerability is known as CVE-2025-9010. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-9009 | itsourcecode Online Tour and Travel Management System 1.0 /admin/email_setup.php Name sql injection
6 months ago
A vulnerability classified as critical has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation of the argument Name leads to sql injection.
This vulnerability is traded as CVE-2025-9009. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-9008 | itsourcecode Online Tour and Travel Management System 1.0 /admin/sms_setting.php uname sql injection
6 months ago
A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/sms_setting.php. The manipulation of the argument uname leads to sql injection.
The identification of this vulnerability is CVE-2025-9008. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com