Aggregator

CVE-2025-3697 | SourceCodester Web-based Pharmacy Product Management System 1.0 /edit-product.php ID sql injection

9 months ago

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-product.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-3697. The attack may be initiated remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2025-3764 | SourceCodester Web-based Pharmacy Product Management System 1.0 /edit-product.php Avatar unrestricted upload

Vuldb Updates

9 months ago

A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the file /edit-product.php. The manipulation of the argument Avatar leads to unrestricted upload. This vulnerability was named CVE-2025-3764. The attack can be initiated remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2025-3765 | SourceCodester Web-based Pharmacy Product Management System 1.0 /edit-photo.php Avatar unrestricted upload

Vuldb Updates

9 months ago

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument Avatar leads to unrestricted upload. The identification of this vulnerability is CVE-2025-3765. The attack may be initiated remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2025-2907 | Order Delivery Date Plugin up to 12.3.0 on WordPress Setting cross-site request forgery

Vuldb Updates

9 months ago

A vulnerability has been found in Order Delivery Date Plugin up to 12.3.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-2907. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-3817 | SourceCodester Online Eyewear Shop 1.0 Master.php?f=delete_stock ID sql injection

Vuldb Updates

9 months ago

A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /oews/classes/Master.php?f=delete_stock. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-3817. The attack may be initiated remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2025-3314 | SourceCodester Apartment Visitor Management System 1.0 /forgotpw.php secode sql injection

Vuldb Updates

9 months ago

A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /forgotpw.php. The manipulation of the argument secode leads to sql injection. This vulnerability is known as CVE-2025-3314. The attack can be launched remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2025-3315 | SourceCodester Apartment Visitor Management System 1.0 /view-report.php fromdate/todate sql injection

Vuldb Updates

9 months ago

A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-report.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is handled as CVE-2025-3315. The attack may be launched remotely. Furthermore, there is an exploit available.

vuldb.com

Purpling Your Ops

TrustedSec

9 months ago

<p>How does one Purple Team? TAC Practice Lead Megan Nilsen shares open-source tools, techniques, and tips for security practitioners exploring Purple Teaming, along with advice to boost offensive and defensive skills.</p>

Megan Nilsen

感染超数千台路由器的僵尸网络被强制拆除

嘶吼

9 months ago

近期，美执法部门捣毁了一个僵尸网络，该网络在过去20年里感染了数千台路由器，建立了两个名为Anyproxy和5socks的住宅代理网络。

在这次被称为“月球登陆者行动”的联合行动中，美国当局与荷兰国家警察、荷兰公诉署和泰国皇家警察的检察官和调查人员以及Lumen Technologies的黑莲花实验室（Black Lotus Labs）的分析师合作。

相关文件显示，至少从2004年起，这个现已被拆除的僵尸网络就用恶意软件感染了全球范围内较旧的无线互联网路由器，允许未经授权访问受感染的设备，这些设备可以作为代理服务器在Anyproxy.net和5socks.net上出售。这两个域名由弗吉尼亚州的一家公司管理，并托管在全球的服务器上。

僵尸网络控制者需要加密货币进行支付。用户无需身份验证就可以直接与代理连接，正如之前的案例所记录的那样，这可能导致广泛的恶意分子获得免费访问权限。

考虑到来源范围，只有大约10%的病毒在流行的工具（如VirusTotal）中被检测到是恶意的，这意味着它们一直在高度成功地避开网络监控工具。此类代理旨在帮助隐藏一系列非法活动，包括广告欺诈、DDoS攻击、暴力破解或利用受害者数据。

据悉，他们的用户根据所要求的服务，每月支付9.95美元到110美元不等的订阅费。该网站的口号是”从2004年开始工作！“表明这项服务确实已经提供了20多年。

这四名被告在包括一些网络犯罪分子使用的网站在内的多个网站上，将这两种服务（推广了 7000 多个代理）宣传为住宅代理服务，据称他们通过出售提供访问 Anyproxy 僵尸网络中受感染路由器权限的订阅服务，非法获利超过 4600 万美元。

他们利用在俄罗斯互联网托管服务提供商 JCS Fedora Communications 注册并托管的服务器运营 Anyproxy.net 和 5socks.net 这两个网站。他们还使用荷兰、土耳其及其他地区的服务器来管理 Anyproxy 僵尸网络以及这两个网站。

5Socks.net查封的横幅

针对EoL路由器

联邦调查局还发布了一份flash公告和一份公共服务公告，称这个僵尸网络的目标是带有TheMoon恶意软件变种的补丁终了路由器。

联邦调查局警告说，攻击者正在安装代理，以便在网络犯罪租赁活动、加密货币盗窃攻击和其他非法行动中逃避检测。

通常被僵尸网络攻击的设备列表包括Linksys和Cisco路由器型号，包括：

·Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550

·Linksys WRT320N, WRT310N, WRT610N

·Cisco M10 and Cradlepoint E100

根据最新发现，一些使用寿命即将结束的路由器被发现受到了新版TheMoon恶意软件的攻击，这些路由器开启了远程管理功能。这种恶意软件允许恶意分子在毫无戒心的受害者路由器上安装代理，并匿名进行网络犯罪。

这种住宅代理服务对犯罪黑客在实施网络犯罪时提供匿名服务特别有用；与商业ip地址相反，住宅ip地址通常被互联网安全服务认为更有可能是合法的流量。通过这种方式，同谋者从出售被入侵路由器的访问权中获得了私人经济利益。

胡金鱼

Hardening Windows Servers – Top Strategies to Prevent Exploits in 2025

Cyber Security News

9 months ago

As organizations face sophisticated cyber threats in 2025, securing Windows Server environments has become more critical than ever. With the release of Windows Server 2025, Microsoft has introduced enhanced security features and hardening capabilities designed to protect against the latest attack vectors. This article explores the most effective strategies for hardening Windows Server 2025 deployments […]

The post Hardening Windows Servers – Top Strategies to Prevent Exploits in 2025 appeared first on Cyber Security News.

CISO Advisory

CVE-2025-3605 | Frontend Login and Registration Blocks Plugin up to 1.0.7 on WordPress Setting flr_blocks_user_settings_handle_ajax_callback Remote Code Execution (EDB-52291)

Vuldb Updates

9 months ago

A vulnerability has been found in Frontend Login and Registration Blocks Plugin up to 1.0.7 on WordPress and classified as critical. This vulnerability affects the function flr_blocks_user_settings_handle_ajax_callback of the component Setting Handler. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2025-3605. The attack can be initiated remotely. Furthermore, there is an exploit available.

vuldb.com

迪奥确认数据泄露，已波及中韩客户

HackerNews

9 months ago

HackerNews 编译，转载请注明出处：法国奢侈品牌迪奥（通常简称为Dior）确认了一起暴露客户信息的网络安全事件。该公司发言人向BleepingComputer表示，此次事件影响迪奥时装与配饰（Dior Fashion and Accessories）客户，网络安全专家正在调查事件范围。 “迪奥近期发现未经授权的外部方访问了我们为迪奥时装与配饰客户保存的部分数据，”发言人表示，“我们立即采取措施遏制此事件。迪奥团队在顶尖网络安全专家的支持下，持续调查并应对此事。” 迪奥向BleepingComputer澄清，此次事件未暴露账户密码或支付卡信息，因为这些数据存储在另一个未受影响的数据库中。 “受事件影响的数据库中不包含任何密码或支付信息，包括银行账户或支付卡信息。” “我们正在根据适用法律通知相关监管机构和客户。” “客户数据的保密性和安全性是迪奥的绝对优先事项。我们对此次事件可能给客户带来的担忧或不便深表歉意。” 尽管迪奥未具体说明受影响客户数量及地区，但已有一份通知确认其韩国网站受影响。另有一些报告称中国客户收到了该品牌的泄露通知。根据网络上分享的通知截图，该事件发现于5月7日，涉及未经授权的人员访问，并暴露以下信息：全名性别电话号码电子邮箱邮寄地址购买记录迪奥韩国官网发布的公告也将泄露日期定为2025年5月7日，表明这是一起具有国际影响的网络安全事件。但在该案例中，只有联系方式、购买数据以及客户与品牌共享的偏好信息被标记为可能暴露。与此同时，韩国媒体报道称，迪奥因未向该国所有适用监管机构通报数据泄露事件而面临法律审查。迪奥建议客户对要求提供个人信息的钓鱼尝试保持警惕，并立即联系他们举报品牌仿冒行为。目前，受影响客户数量及国家细节尚未公开披露。消息来源：bleepingcomputer；本文由 HackerNews.cc 翻译整理，封面来源于网络；转载请注明“转自 HackerNews.cc”并附上原文

hackernews

美国钢铁巨头纽柯遭遇网络攻击，多地运营中断

HackerNews

9 months ago

HackerNews 编译，转载请注明出处：美国最大钢铁制造商纽柯钢铁公司（Nucor Corporation）近日披露遭遇网络攻击事件，导致部分系统断网隔离，多地工厂暂停生产。该公司通过向美国证券交易委员会（SEC）提交的8-K文件（重大事件报告）通报称，发现第三方未经授权访问其部分IT系统，已启动事件响应计划并采取隔离、修复措施。纽柯钢铁在美国、墨西哥和加拿大拥有32,000名员工，今年第一季度营收达78.3亿美元，主营钢材生产及废金属回收业务，是美国建筑、桥梁、道路等基础设施用钢筋的主要供应商。此次攻击导致多地生产线临时中断，目前正逐步恢复运营。公司表示已通报执法部门并聘请外部网络安全专家协助调查，但尚未透露攻击发生时间、具体类型及是否涉及数据窃取或加密。截至发稿，尚无勒索组织宣称对此事件负责。BleepingComputer已联系纽柯钢铁获取更多细节，尚未收到回复。消息来源：bleepingcomputer；本文由 HackerNews.cc 翻译整理，封面来源于网络；转载请注明“转自 HackerNews.cc”并附上原文

hackernews

Google Chrome 0-Day Vulnerability Exploited in the Wild – Update Now

Cyber Security News

9 months ago

Google has released an urgent security update for Chrome to patch a critical vulnerability that hackers are actively exploiting in the wild. The tech giant announced yesterday that Chrome’s Stable channel has been updated to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux to address four security issues, including a high-severity zero-day flaw. […]

The post Google Chrome 0-Day Vulnerability Exploited in the Wild – Update Now appeared first on Cyber Security News.

Guru Baran

GOP Targets State AI Regulation and Export Restrictions

Ransomware DataBreachToday.com

9 months ago

US House Republicans Back Decade Pause of State AI Statutes
Republicans in the executive and legislative branches made moves Tuesday to loosen regulations on artificial intelligence by championing a decade-long ban on state AI regulation and undoing a rule that would have limited exports of advanced chip and model weights.

Meta Faces More European Legal Hurdles Over AI Data Training

Ransomware DataBreachToday.com

9 months ago

All Risk, No Reward: Meta's Ongoing Legal Issues in Europe
Social media giant Meta is likely to face more legal hurdles over its plans to use the personal data of European Facebook and Instagram users to train artificial intelligence models. Meta paused efforts to train AI with European data in June 2024.

North Korea's Hidden IT Workforce Exposed in New Report

Ransomware DataBreachToday.com

9 months ago

Report Finds North Koreans Embedded in Top Blockchain and Web3 Projects
A new report details how North Korea's cybercrime network is infiltrating global tech firms with fake IT workers who exploit trusted access to steal millions in cryptocurrency, launder funds through international fronts and channel proceeds into weapons development and espionage missions.

CISA Cancels $2.4 Billion Cybersecurity Procurement

Ransomware DataBreachToday.com

9 months ago

It's Me, Not You: CISA Withdraws Leidos Cyber Offer Last Second
A multi-billion dollar vision by the Cybersecurity and Infrastructure Security Agency for its government-wide network intrusion detection and prevention system went kaput on Friday, court documents show. It withdrew an offer to contractor Leidos to support the National Cybersecurity Protection System.

JVN: Pgpool-IIにおける認証回避の脆弱性

統合版 JPCERT/CC

9 months ago

PgPool Global Development Groupが提供するPgpool-IIには、認証回避の脆弱性が存在します。

CVE-2025-2651 | SourceCodester Online Eyewear Shop 1.0 /oews/admin/ exposure of information through directory listing

Vuldb Updates

9 months ago

A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /oews/admin/. The manipulation leads to exposure of information through directory listing. This vulnerability is traded as CVE-2025-2651. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to change the configuration settings. Multiple sub-directories are affected.

vuldb.com

Aggregator

Managed ad