Aggregator

A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. This vulnerability was named CVE-2025-0734. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

Google has released a critical update for the Chrome browser, addressing three high-severity security vulnerabilities. This patch, part of the latest Stable channel release, ensures users remain protected from potential threats. The new version rolled out progressively, underscores Chrome’s commitment to providing a secure browsing environment. Users are urged to update their browsers promptly to […]

The post Chrome Security Update – Patch for 3 High-Severity Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #482823 / VDB-293512

A now-patched vulnerability could have enabled threat actors to remotely control Subaru cars

A vulnerability, which was classified as problematic, was found in Postman up to 11.20 on Windows. This affects an unknown part in the library profapi.dll. The manipulation leads to untrusted search path. This vulnerability is uniquely identified as CVE-2025-0733. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #481185 / VDB-293511

I wanted to share some exciting news about Cisco's recent addition to their certification

A vulnerability, which was classified as problematic, has been found in Discord up to 1.0.9177 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to untrusted search path. This vulnerability is handled as CVE-2025-0732. The attack needs to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

Among the many issues faced in identifying and managing cyber risk, perhaps none is more challen

A modern EASM solution offers more by incorporating meaningful first-party and third-party cyber risk insights than conventional TPRM solutions.

The post Are Third-Party Risk Management Solutions Effective Enough?   appeared first on Security Boulevard.

Хакеры по крупицам обчистили платформу.

Submit #481209 / VDB-293510

Threat actors who send out phishing messages have long ago learned that zero-width characters and u

,  Monday, 27 January 2025 10:45:00 (UTC/GMT)

Over 90 percent of all web traffic is encrypted nowadays, which is great of course. However, as HTTP and DNS traffic gets encrypted, defenders have a more difficult time blocking malicious network traffic. One solution to this problem is to use a TLS firewall, which effectively blocks encrypted conn[...]

A vulnerability classified as problematic was found in INW Krbyyyzo 25.2002. Affected by this vulnerability is an unknown functionality of the file /gbo.aspx of the component Daily Huddle Site. The manipulation of the argument s leads to resource consumption. This vulnerability is known as CVE-2024-12345. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to disable the affected component. Other endpoints might be affected as well.

Researchers have unveiled SCAVY, a novel framework designed to automate t

Researchers have unveiled SCAVY, a novel framework designed to automate the discovery of memory corruption targets in the Linux kernel.  This discovery aims to address critical gaps in the detection and prevention of privilege escalation exploits, which often leverage memory-corruption vulnerabilities to gain unauthorized access to system resources. Kernel privilege-escalation exploits typically exploit memory corruption […]

The post SCAVY – Framework to Detect Memory Corruption in Linux Kernel for Privilege Escalation appeared first on Cyber Security News.

Researchers have identified a sophisticated phishing tactic leveraging Cloudflare’s workers.dev, a free domain name service, to execute credential theft campaigns. The modus operandi involves a generic phishing page that can impersonate any brand, with significant technical ingenuity aimed at deceiving unsuspecting users and evading detection. The phishing page, hosted on the URL “workers-playground-broken-king-d18b.supermissions.workers.dev,” is designed […]

The post New Phishing Framework Attack Multiple Brands Login Pages To Steal Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request method with sensitive query strings. This vulnerability is traded as CVE-2025-0730. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.