Aggregator

Cyber threats in 2025 will constantly evolve, with cybercriminals using both new and old vulnerabilities. Here are the risks expected in 2025.

The post Cybersecurity Risks in 2025 appeared first on Security Boulevard.

Every day, we hear about some new digital innovation that can change the world; education technology (EdTech) is a great example. From artificial intelligence (AI)-driven tutors to immersive virtual reality (VR) classrooms, EdTech is reshaping how we learn. But data breaches, system failures, and slowdowns can disrupt...

Red Canary announced new capabilities for Red Canary Security Data Lake, a service that enables IT and security teams to store, search, and access large volumes of infrequently accessed logs—such as firewall, DNS, and SASE data—without overspending on legacy SIEMs. Security teams struggle to balance data retention costs with ensuring they have the relevant logs available when needed for threat investigations and response. In fact, new research surveying 300 IT and security professionals, commissioned by … More →

The post Red Canary expands Security Data Lake to help organizations optimize their SIEM costs appeared first on Help Net Security.

Enterprises can protect their workforce and critical systems without creating unnecessary barriers, striking the perfect balance between security and usability. 

The post Identity Verification — The Front Line to Workforce Security  appeared first on Security Boulevard.

Robust AI governance and threat detection with Mend AI Premium.

The post Introducing Mend AI Premium appeared first on Security Boulevard.

A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. This vulnerability is known as CVE-2025-1953. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Submit #509958 / VDB-298543

Астрологи объявили год увеличения финансовых махинаций.

A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/password-recovery.php. The manipulation of the argument username/mobileno leads to sql injection. This vulnerability is traded as CVE-2025-1952. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of the file /3/ucenter_api/code/register_nodb.php of the component URL Handler. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The identification of this vulnerability is CVE-2025-1949. The attack may be initiated remotely. Furthermore, there is an exploit available.

Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows - CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with

Submit #509957 / VDB-298542

Submit #509955 / VDB-298542

A vulnerability classified as problematic was found in Mozilla Firefox up to 135 on iOS. This vulnerability affects unknown code. The manipulation leads to open redirect. This vulnerability was named CVE-2025-27426. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Firefox up to 135 on iOS. This affects an unknown part of the component HTTP scheme URL Handler. The manipulation leads to open redirect. This vulnerability is uniquely identified as CVE-2025-27424. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 135. It has been rated as problematic. Affected by this issue is the function String.toUpperCase. The manipulation leads to uninitialized pointer. This vulnerability is handled as CVE-2025-1942. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 135 on iOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component QR Code Handler. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2025-27425. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 135. It has been classified as problematic. Affected is an unknown function. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is traded as CVE-2025-1940. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 135 and classified as critical. This issue affects some unknown processing. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-1941. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.