Aggregator

A vulnerability was found in OpenText Advance Authentication up to 6.4. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10865. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.83/5.15.6. It has been declared as critical. Affected by this vulnerability is the function start_cpsch. The manipulation leads to improper initialization. This vulnerability is known as CVE-2021-47551. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Lleidanet PKI eSigna up to 5.4.0 and classified as problematic. This issue affects some unknown processing of the component SignaViewer Component. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2025-4762. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Author/Presenter: Sing Ambikapathi

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – GroundFloor – The Road To Developers’ Hearts appeared first on Security Boulevard.

A stealthy fileless PowerShell attack using Remcos RAT bypassed antivirus by operating in memory

10 mei 1940, 4:30 uur. Twee laagvliegende Messerschmitts 109 beschieten vliegveld De Kooy bij Den Helder. Korporaal radioboordtelegrafist 1e Luchtvaartregiment Leendert Johannes Beerschooten raakt levensgevaarlijk gewond. Toch blijft hij de telefoon bedienen. Net zo lang tot hij bezwijkt. Vandaag is Beerschooten herbegraven op het Militair Ereveld Grebbenberg in Rhenen.

ИИ, который звучит. И даже работает без интернета.

A recently discovered .NET-based multi-stage loader has caught the attention of cybersecurity researchers due to its complex architecture and ability to deploy a range of malicious payloads on Windows systems. Tracked since early 2022 by Threatray, this loader employs a sophisticated three-stage process to deliver commodity stealers, keyloggers, and Remote Access Trojans (RATs) such as […]

The post New .NET Multi-Stage Loader Targets Windows Systems to Deploy Malicious Payloads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Alleged Sale of WatchGuard VPN Checker Tool

Cryptocurrency exchange Coinbase has disclosed that unknown cyber actors broke into its systems and stole account data for a small subset of its customers. "Criminals targeted our customer support agents overseas," the company said in a statement. "They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly

根据本周发表在《Nature Human Behaviour》期刊上的一项研究，宾夕法尼亚大学沃顿商学院的研究人员发现，AI 聊天机器人 ChatGPT 能在头脑风暴中增强个体的创造力，但同时会降低集体的创意多样性。研究人员在一系列实验中让参与者完成创意挑战，有的可以使用 ChatGPT 帮助有的不允许。举例来说，研究人员让参与者提出重新利用网球拍和花园水管的创意。ChatGPT 辅助提出的创意有 20 个包含有洒水器，Web 搜索辅助提出的创意只有 7 个，不使用任何辅助纯由人类提出的创意中包含 12 个。研究结果与此前发表在《Science Advances》期刊上的一项研究基本一致，即 AI 生成的内容趋于同质化。

23 уязвимости — и один шанс их не проверять на себе: апдейт до 7.0 уже вышел.

Cryptocurrency exchange platform Coinbase has suffered a breach, which resulted in attackers acquiring customers’ data that can help them mount social engineering attacks, the company confirmed today by filing a report with the US Securities and Exchange Commission (SEC). The attack did not involve the compromise of company systems or networks. Instead, the data was accessed by a group of malicious support agents. How did the attack happen? According to the US-based company, criminals bribed … More →

The post Coinbase suffers data breach, gets extorted (but won’t pay) appeared first on Help Net Security.

A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php. The manipulation of the argument name/email/mobile leads to cross site scripting. This vulnerability is known as CVE-2025-44183. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in PHPGurukul Vehicle Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /edit-brand.php. The manipulation of the argument bid leads to cross site scripting. This vulnerability is traded as CVE-2025-44180. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WebERP 4.15.2 and classified as critical. This issue affects some unknown processing of the file /StockCounts.php. The manipulation of the argument DEL leads to sql injection. The identification of this vulnerability is CVE-2025-46052. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /sms/admin/?page=receiving/view_receiving&id=1. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-4782. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #572216 / VDB-303268

The critical vulnerability is being exploited by BianLian, RansomwEXX and a Chinese nation-state actor known as Chaya_004

Submit #572199 / VDB-309074