Aggregator

A vulnerability was found in ThemeMakers Visual Content Composer Plugin up to 1.5.8 on WordPress. It has been rated as critical. This vulnerability affects unknown code. This manipulation causes deserialization. The identification of this vulnerability is CVE-2025-53299. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WPDeveloper Templately Plugin up to 3.2.7 on WordPress. It has been declared as problematic. This affects an unknown part. The manipulation results in insertion of sensitive information into sent data. This vulnerability was named CVE-2025-49408. The attack may be performed from a remote location. There is no available exploit.

A vulnerability was found in themifyme Themify Builder Plugin up to 7.6.7 on WordPress. It has been classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-49396. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in DexignZone JobZilla Plugin up to 2.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to cross-site request forgery. This vulnerability is handled as CVE-2025-49382. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in Pik Online Yazılım Çözümleri Pik Online up to 3.1.4 and classified as problematic. Affected is an unknown function. Performing manipulation results in authorization bypass. This vulnerability is known as CVE-2025-5261. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, has been found in Mobile Industrial Robots MiR Robots and MiR Fleet up to 2.x. This affects an unknown function. This manipulation causes information exposure through error message. This vulnerability appears as CVE-2025-9229. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in magepeopleteam Taxi Booking Manager for WooCommerce Plugin up to 1.3.0 on WordPress. This impacts an unknown function. Such manipulation leads to authentication bypass using alternate channel. This vulnerability is traded as CVE-2025-54713. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in FunnelKit Funnel Builder Plugin up to 3.11.1 on WordPress. The impacted element is an unknown function. The manipulation results in improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is reported as CVE-2025-54750. The attack can be launched remotely. No exploit exists.

苹果正在印度而不是中国组装更多新款 iPhone 17 手机，且首次所有 iPhone 新机型在印度组装出货。苹果正在开发 iPhone 16E 后续机型，计划由印度组装。为了减少对中国制造的依赖，苹果正将 iPhone 大部分的组装转移到印度。苹果预计本季度将缴纳 11 亿美元的关税，而目前从印度向美国出口的 iPhone 可享受关税豁免。分析师称，iPhone 的组件仍然主要在中国生产，然后运往印度进行最终组装。

North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025. The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting invites

Microsoft has issued an emergency patch to fix Windows recovery problems for some users

首个无需伪造基站的5G通信流量实时嗅探框架

Хакер так хотел славы, что оставил полиции свой имейл, адрес и номер телефона.

TrafficGPT是一种基于生成式预训练和线性注意力的模型，将token长度扩展至12,032，在五个公开数据集上分类性能优于现有方法，并能生成高度逼真的网络流量，突破了长流量分析与生成的瓶颈。

安全重构，智启未来 ！期待您的声音，与我们一同勾勒安全防御的未来图景！

XSSky：融合动静态分析，精准狙击XSS漏洞的新一代“利剑”

A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. This vulnerability is identified as CVE-2025-5497. The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to upgrade the affected component.

A sophisticated campaign uncovered where adversaries are exploiting CVE-2023-46604, a critical remote code execution vulnerability in Apache ActiveMQ, to compromise cloud-based Linux systems. In this case, attackers are patching the very vulnerability they exploited to maintain exclusive access and evade detection, demonstrating advanced operational security practices typically reserved for nation-state actors. Key Takeaways1. Attackers exploit […]

The post Hackers Exploiting Apache ActiveMQ Vulnerability to Gain Access to Cloud Linux Systems appeared first on Cyber Security News.