Play
You must login to view this content
Aggregator
CVE-2025-8866 | YugabyteDB prior 2025.x API Endpoint /metamaster/universe information disclosure
4 months 2 weeks ago
A vulnerability classified as problematic was found in YugabyteDB. This vulnerability affects unknown code of the file /metamaster/universe of the component API Endpoint. The manipulation leads to information disclosure.
This vulnerability was named CVE-2025-8866. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Play
4 months 2 weeks ago
You must login to view this content
cohenido
CVE-2025-54063 | CherryHQ cherry-studio up to 1.5.0 URL code injection
4 months 2 weeks ago
A vulnerability classified as critical has been found in CherryHQ cherry-studio up to 1.5.0. This affects an unknown part of the component URL Handler. The manipulation leads to code injection.
This vulnerability is uniquely identified as CVE-2025-54063. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Эпоха «уязвимости — личная проблема компании» закончилась. Теперь это вопрос национальной безопасности
4 months 2 weeks ago
Уязвимость как мягкая сила и инструмент политического торга.
CVE-2025-45146 | ModelCache for LLM up to 0.2.0 /manager/data_manager.py deserialization
4 months 2 weeks ago
A vulnerability was found in ModelCache for LLM up to 0.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manager/data_manager.py. The manipulation leads to deserialization.
This vulnerability is handled as CVE-2025-45146. Access to the local network is required for this attack. There is no exploit available.
vuldb.com
CVE-2025-38499 | Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.2 clone_private_mnt privilege escalation
4 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.2. It has been declared as problematic. Affected by this vulnerability is the function clone_private_mnt. The manipulation leads to privilege escalation.
This vulnerability is known as CVE-2025-38499. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
WinRAR zero-day exploited in espionage attacks against high-value targets
4 months 2 weeks ago
The attacks used spearphishing campaigns to target financial, manufacturing, defense, and logistics companies in Europe and Canada, ESET research finds
Endpoint Security Policy: Why It Matters and How to Get It Right
4 months 2 weeks ago
This post first appeared on blog.netwrix.com and was written by Jeremy Moskowitz.
A strong endpoint security policy protects devices like laptops, phones, and servers from cyber threats. It enforces least privilege, device control, encryption, and access management to prevent breaches and ensure compliance. With tools like Netwrix, organizations can automate enforcement, monitor compliance, and adapt to evolving risks across all endpoints. Your biggest security risk isn’t your … Continued
A strong endpoint security policy protects devices like laptops, phones, and servers from cyber threats. It enforces least privilege, device control, encryption, and access management to prevent breaches and ensure compliance. With tools like Netwrix, organizations can automate enforcement, monitor compliance, and adapt to evolving risks across all endpoints. Your biggest security risk isn’t your … Continued
Jeremy Moskowitz
Details emerge on WinRAR zero-day attacks that infected PCs with malware
4 months 2 weeks ago
Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads. [...]
Bill Toulas
Qilin
4 months 2 weeks ago
You must login to view this content
cohenido
Researchers Warn of 'Hidden Risks' in Passwordless Account Recovery
4 months 2 weeks ago
Passwordless authentication is becoming more common, but account recovery poses increased risks that can lead to account takeovers. It's especially dangerous because even low-skilled attackers can achieve success.
Arielle Waldman
Win-DoS’ Zero-Click Exploit Could Weaponize Windows Infrastructure for DDoS Attacks
4 months 2 weeks ago
Security researchers have uncovered a “zero-click” denial-of-service chain that can silently turn thousands of Microsoft Windows Domain Controllers (DCs) into a globe-spanning botnet, raising fresh alarms in a year already defined by record-breaking distributed-denial-of-service (DDoS) activity. DDoS attacks climbed 56% year-over-year in late-2024 according to Gcore’s latest Radar report, and Cloudflare’s network has already blocked […]
The post Win-DoS’ Zero-Click Exploit Could Weaponize Windows Infrastructure for DDoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Gurubaran
House lawmakers seek better tech for Commerce in fight against foreign powers
4 months 2 weeks ago
A bipartisan bill from Reps. Crow and Kean would give the Bureau of Industry and Security IT upgrades to help keep U.S. dual-use technologies away from Russia, China and others.
The post House lawmakers seek better tech for Commerce in fight against foreign powers appeared first on CyberScoop.
mbracken
WinRAR 更新:零日路径遍历漏洞(CVE-2025-8088)被大肆利用投递恶意软件
4 months 2 weeks ago
安全客
Hackers Extradited to US Over $100 Million Romance Scams and Other Frauds
4 months 2 weeks ago
United States Attorney for the Southern District of New York, Jay Clayton, alongside FBI Assistant Director in Charge Christopher G. Raia, announced the unsealing of a federal indictment against four Ghanaian nationals implicated in a sophisticated international fraud network. The defendants, identified as Isaac Oduro Boateng (alias “Kofi Boat”), Inusah Ahmed (alias “Pascal”), Derrick Van […]
The post Hackers Extradited to US Over $100 Million Romance Scams and Other Frauds appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
特斯拉放弃Dojo超级计算机项目,转向新AI战略
4 months 2 weeks ago
安全客
研究人员揭露针对100多款戴尔笔记本中ControlVault3固件的ReVault攻击
4 months 2 weeks ago
安全客
AgroFair Benelux Falls Victim to Qilin Ransomware
4 months 2 weeks ago
AgroFair Benelux Falls Victim to Qilin Ransomware
Dark Web Informer
Pear
4 months 2 weeks ago
You must login to view this content
cohenido