Aggregator

CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered deserialization vulnerability enabling an external actor to potentially conduct remote code execution (RCE) against a customer’s Microsoft Internet Information Services (IIS) web server. 

CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. 

CISA strongly encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds. 

Review the following article for more information: 

• Trimble Advisory and IOCs for Vulnerability Affecting Cityworks Deployments 

The Symantec Threat Hunter team, part of Broadcom, contributed to this guidance. 

CISA has added one vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-0994 Trimble Cityworks Deserialization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Программа управления инфраструктурой превратилась в троянского коня.

Windows 11's January 28 optional update has fixed a long-standing issue in Windows 11 24H2 that prevents non-admin users from changing their time zone in Date & Time Settings. [...]

钓鱼邮件依然是当前主要的APT攻击或红队攻击中的主流手段和手法，本文从基础手把手介绍钓鱼邮件测试系统的搭建，作为演示，文章内容介绍不包含邮箱伪造等更精细的手段。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical 0-day vulnerability affecting the popular file compression utility, 7-Zip, to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, identified as CVE-2025-0411, highlights a severe flaw that allows attackers to bypass the Mark-of-the-Web (MotW) security feature and execute arbitrary code on targeted systems. Details […]

The post 7-Zip 0-Day Flaw Added to CISA’s List of Actively Exploited Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Currently trending CVE - hypeScore: 2 - Microsoft Windows VMSwitch Elevation of Privilege Vulnerability

Currently trending CVE - hypeScore: 1 - Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recover

Orange Cyberdefense found that over half of UK financial firms suffered at least one third-party attack in 2024, linked to significant gaps in risk management strategies

Почему за прекращение финансирования отплатят граждане страны?

Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature. In addition, Microsoft is updating the backend of the Downloads UI with performance improvements. [...]

The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.  This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks:

A vulnerability has been found in Elber Communications Equipment and classified as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to authentication bypass using alternate channel. This vulnerability is known as CVE-2025-0674. The attack can be launched remotely. There is no exploit available. It is recommended to replace the affected component with an alternative.

A vulnerability was found in Elber Communications Equipment and classified as critical. Affected by this issue is some unknown functionality of the component Device Configuration Handler. The manipulation leads to backdoor. This vulnerability is handled as CVE-2025-0675. The attack may be launched remotely. There is no exploit available. It is recommended to replace the affected component with an alternative.

A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. This vulnerability is traded as CVE-2025-1082. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is known as CVE-2025-1083. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-1084. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-1085. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.