Aggregator

A vulnerability, which was classified as problematic, has been found in Pnetlab 5.3.11. This issue affects some unknown processing of the component URL Handler. The manipulation leads to open redirect. The identification of this vulnerability is CVE-2024-51112. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in tgstation-server up to 6.12.2. This vulnerability affects unknown code. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-21611. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in StarCitizenTools mediawiki-extensions-TabberNeue up to 2.7.1. This affects an unknown part of the file TabberTransclude.php. The manipulation of the argument page name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-21612. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Sterling B2B Integrator Standard Edition up to 6.1.2.5/6.2.0.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-31914. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Sterling B2B Integrator Standard Edition up to 6.1.2.5/6.2.0.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-31913. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A Threat Actor Claims to Have Leaked the Data of Zhejiang Hengyi Group Co., Ltd.

As we kick off 2025, software's role in our daily lives has never been more apparent, and the integrity of our open source components has never been more important. We have the privilege of working with organizations around the world to secure their software supply chains, and the new year provides an opportunity for us to celebrate those customers who have put their trust in us.

The post Sonatype customers leading with innovation in the new year appeared first on Security Boulevard.

Systemadminbd Defaced the Website of State Appellate Authority

A new supply chain attack targets Ethereum tools, exploiting npm packages to steal sensitive data

RipperSec Targeted the Website of National Institute of Psychobiology in Israel

Rey of HELLCAT Ransomware Claims to have Leaked the Data of Car Care Plan (CCP)

《The 2024 Global Water Monitor Report》报告称，气候危机正在严重破坏地球水循环，数十亿人受到洪水和干旱的影响。报告由来自澳大利亚、沙特阿拉伯、中国、德国等国的大学组成的国际研究团队完成，利用了数千个地面站和卫星数据评估降雨、土壤湿度、河流流量和洪水等重要水变量。研究团队发现，创纪录降雨的频率越来越高。2024 年月降雨量创纪录的频率比 2000 年高出 27%，日降雨量创纪录的频率高出 52%。5 月到 7 月，中国南方的长江和珠江洪水淹没了很多城镇，数万人流离失所，农作物损失数亿美元。8 月孟加拉国遭遇强季风降雨，洪水影响了 600 万人，毁掉了至少 100 万吨大米。研究人员认为，2025 年的情况可能会恶化。

NoName Targeted Many Websites in Poland

有把小刀，不知从哪儿来的

Author/Presenter: Lukas McCullough

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Physical OSINT appeared first on Security Boulevard.