Aggregator

A vulnerability was found in spytrap-org spytrap-adb up to 0.3.4. It has been classified as problematic. Affected is an unknown function of the file scan.rs of the component Interactive User Interface. The manipulation leads to omission of security-relevant information. This vulnerability is traded as CVE-2025-52926. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job. About the authors Omar Santos is a Distinguished Engineer at Cisco focusing on AI security, research, incident response, and vulnerability disclosure. Savannah Lazzara is a Security Engineer at Amazon, and co-lead of Red Team Village. Wesley Thurner is a Principal Security Engineer at Intuit. Inside the book The … More →

The post Review: Redefining Hacking appeared first on Help Net Security.

A vulnerability has been found in Photo Gallery 1.2.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2014-9312. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in spytrap-org spytrap-adb up to 0.3.4. It has been classified as problematic. Affected is an unknown function of the file scan.rs of the component Interactive User Interface. The manipulation leads to omission of security-relevant information. This vulnerability is traded as CVE-2025-52926. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

本文约3592字，预计阅读时间11分钟。2025年6月21日午夜，一场代号为"午夜之锤"的军事行动悄然改变了中东地缘政治的天平。

A vulnerability was found in Microsoft Word. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is known as CVE-2025-47957. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

CoinMarketCap, the globally recognized cryptocurrency data aggregator, experienced a significant security incident when a vulnerability in its homepage doodle image was exploited to inject malicious code, leading to a phishing campaign targeting user wallets. Incident Overview The breach originated from a seemingly innocuous doodle image featured on CoinMarketCap’s homepage. Threat actors manipulated the backend API […]

The post CoinMarketCap Doodle Image Vulnerability Lets Attackers Run Malicious Code via API Call appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

对于职业 FPS 玩家而言，精确瞄准至关重要，是决定其表现及胜负的关键。上海体育学院的研究人员在《Computers in Human Behavior》期刊上发表了一篇论文，探讨了有经验 FPS 玩家的瞄准优势。研究人员收集了 63 人的眼动数据，这 63 人包括 28 名有经验 FPS 玩家和 35 名非 FPS 玩家。结果显示，有经验 FPS 玩家的执行时间更快，眼动模式更高效。他们更频繁地表现出 0-注视-1-扫视模式，扫视一次但没有注视，同时表现出更少的多次校准调整模式。视觉搜索和眼手协调效率的改进可能是他们表现出众的原因。研究还发现，目标距离和出现延迟会显著影响任务表现和眼动行为。距离越远和时间不确定性越高，会对表现产生负面影响，时空相互作用在眼睛视网膜中央凹附近区域影响最大。

A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /php_action/changePassword.php. The manipulation of the argument user_id leads to sql injection. This vulnerability was named CVE-2025-6502. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/fetchSelectedCategories.php. The manipulation of the argument categoriesId leads to sql injection. The identification of this vulnerability is CVE-2025-6503. The attack may be initiated remotely. Furthermore, there is an exploit available.

A new report from the Cyber Threat Alliance warns that the era of quantum risk is already underway, and security teams need to stop treating it like a problem for tomorrow. The report, Approaching Quantum Dawn: Closing the Cybersecurity Readiness Gap Before It’s Too Late, urges companies to prepare for a world where today’s encryption could be broken by quantum computers. But it’s not all doom and gloom. The report focuses on what can be … More →

The post Quantum risk is already changing cybersecurity appeared first on Help Net Security.

A vulnerability was found in Fernando Soares Com Mamboleto 2.0. It has been declared as critical. This vulnerability affects unknown code of the file mamboleto.php. The manipulation of the argument mosConfig_absolute_path leads to code injection. This vulnerability was named CVE-2009-4604. The attack can be initiated remotely. Furthermore, there is an exploit available.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]' was reported to the affected vendor on: 2025-06-23, 10 days ago. The vendor is given until 2025-10-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-06-23, 80 days ago. The vendor is given until 2025-10-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-06-23, 79 days ago. The vendor is given until 2025-10-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-06-23, 80 days ago. The vendor is given until 2025-10-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-06-23, 80 days ago. The vendor is given until 2025-10-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-06-23, 80 days ago. The vendor is given until 2025-10-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Andrea Micalizzi aka rgod (@rgod777)' was reported to the affected vendor on: 2025-06-23, 79 days ago. The vendor is given until 2025-10-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Andrea Micalizzi aka rgod (@rgod777)' was reported to the affected vendor on: 2025-06-23, 79 days ago. The vendor is given until 2025-10-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.