Aggregator

Non-Dilutive Funding From General Catalyst Supports Global Go-to-Market Push
Backed by $280 million in growth financing from General Catalyst, Chainguard plans to scale global go-to-market efforts and invest in its open-source security platform. The non-dilutive funding structure allows for targeted investment based on customer acquisition.

Больница выставила оверпрайс, но тут пришёл ИИ и сказал: "Нет, ребят, так не пойдёт".

Cybersecurity authorities are raising urgent alarms as threat actors continue to exploit a critical vulnerability in Cisco IOS XE devices, deploying a malicious implant known as BADCANDY across networks worldwide. The Australian Signals Directorate (ASD) has confirmed that over 150 devices remain compromised in Australia alone as of late October 2025, despite ongoing remediation efforts […]

The post Cisco IOS XE Vulnerability Being Abused in the Wild to Plant BADCANDY appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability labeled as problematic has been found in Restaurant Brands International Assistant Platform up to 2025-09-06. This affects an unknown part of the component JWT Handler. The manipulation results in incorrect authorization. This vulnerability was named CVE-2025-62647. The attack may be performed from remote. There is no available exploit. This product is provided as a managed service, meaning users do not have the ability to maintain vulnerability countermeasures themselves.

A vulnerability, which was classified as critical, has been found in Restaurant Brands International Assistant Platform up to 2025-09-06. Affected is an unknown function of the component Drive Thru Speaker Audio Volume Handler. This manipulation causes incorrect authorization. This vulnerability is tracked as CVE-2025-62648. The attack is possible to be carried out remotely. No exploit exists. This product is a managed service. This means that users cannot maintain vulnerability countermeasures themselves.

A vulnerability has been found in Restaurant Brands International Assistant Platform up to 2025-09-06 and classified as problematic. This vulnerability affects unknown code of the component Anyone Can Join This Party Signup API. Performing manipulation results in missing authorization. This vulnerability is reported as CVE-2025-62642. The attack is possible to be carried out remotely. No exploit exists. This product is a managed service, indicating that users are not permitted to maintain vulnerability countermeasures themselves.

A vulnerability was found in Restaurant Brands International Assistant Platform up to 2025-09-06. It has been rated as critical. Impacted is an unknown function of the component Diagnostic Screen. This manipulation causes use of client-side authentication. This vulnerability appears as CVE-2025-62650. The attack may be initiated remotely. There is no available exploit. This product is a managed service, which means users themselves cannot handle vulnerability countermeasures.

A vulnerability labeled as problematic has been found in Restaurant Brands International Assistant Platform up to 2025-09-06. This affects an unknown function of the component Equipment Order Submission Handler. Executing manipulation can lead to use of client-side authentication. This vulnerability is handled as CVE-2025-62649. The attack can be executed remotely. There is not any exploit available. This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves.

A vulnerability was found in Restaurant Brands International Assistant Platform up to 2025-09-06. It has been declared as problematic. This impacts an unknown function of the component Conversation Handler. Such manipulation leads to incorrect resource transfer. This vulnerability is traded as CVE-2025-62646. The attack may be launched remotely. There is no exploit available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves.

A vulnerability classified as problematic was found in Restaurant Brands International Assistant Platform up to 2025-09-06. This impacts an unknown function of the component E-Mail Message Handler. The manipulation results in cleartext transmission of sensitive information. This vulnerability is identified as CVE-2025-62643. The attack can be executed remotely. There is not any exploit available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves.

A vulnerability was found in Restaurant Brands International Assistant Platform up to 2025-09-06. It has been classified as problematic. This vulnerability affects unknown code of the component Global Store Directory. The manipulation leads to exposure of private personal information to an unauthorized actor. This vulnerability is documented as CVE-2025-62644. The attack can be initiated remotely. There is not any exploit available. This product is a managed service, indicating that users are not permitted to maintain vulnerability countermeasures themselves.

A vulnerability has been found in elunez eladmin up to 2.7 and classified as problematic. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. This vulnerability is documented as CVE-2025-9239. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in elunez eladmin up to 2.7 and classified as problematic. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in information disclosure. This vulnerability is reported as CVE-2025-9240. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in elunez eladmin up to 2.7. It has been classified as problematic. This affects the function exportUser. This manipulation causes csv injection. This vulnerability appears as CVE-2025-9241. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as critical has been found in ponaravindb Hospital Management System 1.0. This impacts an unknown function of the file /func3.php. This manipulation of the argument username1 causes sql injection. This vulnerability appears as CVE-2025-6339. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. The impacted element is the function goodsSearch of the file GoodsCustController.java. The manipulation of the argument keyword results in cross site scripting. This vulnerability was named CVE-2025-8221. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

A vulnerability identified as problematic has been detected in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This affects an unknown function of the file GoodsController.java. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-8222. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Multiple endpoints are affected.

A vulnerability labeled as problematic has been found in jerryshensjf JPACookieShop 蛋糕商城JPA版 up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This impacts an unknown function of the file AdminTypeCustController.java. Such manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2025-8223. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

A vulnerability classified as critical was found in Salesforce Tableau Server on Windows/Linux. The impacted element is an unknown function of the component Data Source Module. Such manipulation leads to server-side request forgery. This vulnerability is documented as CVE-2025-52453. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Salesforce Tableau Server on Windows/Linux. This affects an unknown function of the component Amazon S3 Connector Module. Performing manipulation results in server-side request forgery. This vulnerability is reported as CVE-2025-52454. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.