Aggregator

A vulnerability, which was classified as problematic, has been found in OpenID Connect. Affected by this issue is some unknown functionality of the component IETF OAuth 2.0. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2025-27371. The attack may be launched remotely. There is no exploit available.

A Threat Actor Claims to be Selling Admin Access to a Magento 2-Based Online Store in the UK

Submit #505736 / VDB-298408

A vulnerability classified as problematic was found in mavo 0.3.2. Affected by this vulnerability is an unknown functionality of the component HTML Element Handler. The manipulation leads to HTML injection. This vulnerability is known as CVE-2024-53388. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in umeditor 1.2.3. Affected is an unknown function of the component HTML Element Handler. The manipulation leads to HTML injection. This vulnerability is traded as CVE-2024-53387. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Advanced eMarketing Platform 6.8.3.0. It has been rated as critical. This issue affects some unknown processing of the component OpenLogFile Endpoint. The manipulation of the argument filename leads to path traversal. The identification of this vulnerability is CVE-2023-49031. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in OpenID Connect up to 1.0 errata set 2. It has been declared as problematic. This vulnerability affects unknown code of the component private_key_jwt. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-27370. The attack can be initiated remotely. There is no exploit available.

Submit #505525 / VDB-276807

A vulnerability was found in tsup 8.3.4. It has been classified as problematic. This affects the function document.currentScript of the file cjs_shims.js. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-53384. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in RustCrypto AEADs up to 0.4.2 and classified as problematic. Affected by this issue is some unknown functionality of the component aes-gcm. The manipulation leads to improper verification of cryptographic signature. This vulnerability is handled as CVE-2025-27498. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in ttop32 MouseTooltipTranslator up to 0.1.127 and classified as critical. Affected by this vulnerability is an unknown functionality of the file viewer.html of the component URL Parameter Handler. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2025-25303. The attack can be launched remotely. There is no exploit available.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Giants’ appeared first on Security Boulevard.

Новые метаповерхности смогут не только передавать данные, но и наблюдать за изменениями в пространстве.

Cybersecurity researchers have uncovered a surge in the use of Advanced Encryption Standard (AES) encryption by threat actors to shield malicious payloads from detection. This technique, combined with code virtualization and staged payload delivery, is being employed by malware families such as Agent Tesla, XWorm, and FormBook/XLoader to evade static analysis tools and sandbox environments. […]

The post Threat Actors Exploiting AES Encryption for Stealthy Payload Protection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kaspersky’s latest report on mobile malware evolution in 2024 reveals a significant increase in cyber threats targeting mobile devices. The security firm’s products blocked a staggering 33.3 million attacks involving malware, adware, or unwanted mobile software throughout the year. Mobile Malware Landscape Evolves with New Distribution Schemes Adware continued to dominate the mobile threat landscape, […]

The post 33.3 Million Cyber Attacks Targeted Mobile Devices in 2024 as Threats Surge appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. [...]

In a concerning trend, the frequency of scanning attacks targeting Internet of Things (IoT) devices and network routers has surged dramatically, reaching unprecedented levels. According to recent data from F5 Labs, the total number of scanning events increased by 91% in 2024 compared to the previous year, with a staggering 8.7 million events recorded. This […]

The post Routers Under Attack as Scanning Attacks on IoT and Networks Surge to Record Highs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Как им удалось сжать время до квадриллионной доли секунды?

The Trump Administration's orders to the DoD and CISA to halt cyber operations and investigations against Russia is a gift to the United States' longtime foreign adversary and makes the country less safe, according to cybersecurity professionals.

The post Security Pros Push Back as Trump Orders Halt to Cyber Ops vs. Russia appeared first on Security Boulevard.

A newly uncovered ClickFix phishing campaign is tricking victims into executing malicious PowerShell commands that deploy the Havok post-exploitation framework for remote access to compromised devices. [...]