Aggregator

As enterprises continue to shift their operations to the browser, security teams face a growing set of cyber challenges. In fact, over 80% of security incidents now originate from web applications accessed via Chrome, Edge, Firefox, and other browsers. One particularly fast-evolving adversary, Scattered Spider, has made it their mission to wreak havoc on enterprises by specifically targeting

For the latest discoveries in cyber research for the week of 1st September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American consumer credit reporting agency TransUnion has suffered a data breach that resulted in the exposure of sensitive personal information for over 4.4 million individuals in the United States. The leaked data […]

The post 1st September – Threat Intelligence Report appeared first on Check Point Research.

A vulnerability classified as problematic has been found in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. This vulnerability is handled as CVE-2025-9797. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A vulnerability described as problematic has been identified in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-9796. It is possible to launch the attack remotely. Furthermore, an exploit is available. Upgrading the affected component is recommended.

Submit #641127 / VDB-322112

本文是对Docker Desktop逃逸漏洞（CVE-2025-9074）的简要分析。

A vulnerability marked as critical has been reported in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. This vulnerability is traded as CVE-2025-9795. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #641125 / VDB-322111

A vulnerability labeled as critical has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. This vulnerability appears as CVE-2025-9794. The attack may be performed from remote. In addition, an exploit is available. Other parameters might be affected as well.

Submit #641122 / VDB-322110

Пекин выпустил операционку для цифровой независимости.

Submit #642559 / VDB-322109

Submit #641103 / VDB-322109

In recent months, Trustwave SpiderLabs—a LevelBlue company renowned for its threat intelligence and incident response services—has observed a marked uptick in phishing campaigns that leverage legitimate email marketing platforms to cloak malicious links. By hijacking established infrastructure and URL redirectors, attackers are evading traditional defenses and duping recipients into divulging sensitive information. To combat these […]

The post Hackers Exploit Email Marketing Platforms to Deliver Hidden Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed critical vulnerability in the Next.js framework, tracked as CVE-2025-29927, allows unauthenticated attackers to bypass middleware-based authorization checks by exploiting improper handling of the x-middleware-subrequest HTTP header. This flaw impacts all versions of Next.js that rely on this header to differentiate between internal subrequests and external traffic, risking exposure of protected routes and administrative interfaces. […]

The post Critical Next.js Flaw Lets Attackers Bypass Authorization Controls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Amazon has disrupted a Russian APT29 watering hole campaign that used compromised sites to target Microsoft authentication with…

Cyberattacks in the United States aren’t slowing down. From billion-dollar ransomware hits to stealthy supply chain breaches, every month brings a new headline. And the cost is staggering. The average...

The post Top 10 Cybersecurity Companies in United States (2025 Ranking) appeared first on Strobes Security.

The post Top 10 Cybersecurity Companies in United States (2025 Ranking) appeared first on Security Boulevard.

关键词网络诈骗一对 YouTube 搞笑博主与反诈骗内容创作者协助美国执法部门，成功摧毁了一个跨国诈骗网络。

关键词网络犯罪美国与荷兰执法部门联合宣布，已成功查封 VerifTools ——一个向全球网络犯罪分子兜售伪造