Aggregator

CVE-2025-33045 | AMI AptioV up to 5.039 write-what-where condition

8 months 3 weeks ago

A vulnerability was found in AMI AptioV up to 5.039. It has been classified as critical. Affected is an unknown function. Performing manipulation results in write-what-where condition. This vulnerability was named CVE-2025-33045. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is recommended.

vuldb.com

New Obex Tool Blocks EDR Dynamic Libraries From Loading at Runtime

Cyber Security News

8 months 3 weeks ago

A new proof-of-concept (PoC) tool named Obex has been released, offering a method to prevent Endpoint Detection and Response (EDR) and other monitoring solutions’ dynamic-link libraries (DLLs) from loading into processes. The tool, created by a researcher known as “dis0rder0x00,” is designed to block specified DLLs both during the initial startup of a process and […]

The post New Obex Tool Blocks EDR Dynamic Libraries From Loading at Runtime appeared first on Cyber Security News.

Guru Baran

Google Mandiant: Emails Sent to Corporate Execs Claiming Oracle Data Theft

Security Boulevard

8 months 3 weeks ago

Corporate executives at multiple organizations are receiving malicious emails from threat actors saying they are associated with the Cl0p ransomware group and have sensitive data a stolen from the targets' Oracle E-Business Suite accounts. Google and Mandiant researchers are investigating, saying that it's too early to attribute the emails to a particular bad actor.

The post Google Mandiant: Emails Sent to Corporate Execs Claiming Oracle Data Theft appeared first on Security Boulevard.

Jeffrey Burt

Allianz Life data breach impacted 1.5 Million people

Security Affairs

8 months 3 weeks ago

Allianz Life breach exposed data of 1.5M people, including names, addresses, birth dates, and Social Security numbers stolen from a cloud CRM. In July, Allianz Life disclosed a breach where hackers stole data from a cloud database, affecting most of its customers and staff. In August, the data breach notification site Have I Been Pwned reported 1.1M impacted, […]

Pierluigi Paganini

How to Build Secure and Scalable Web Applications

Security Boulevard

8 months 3 weeks ago

Learn how to build secure, scalable web applications with best practices in architecture, API security, authentication, monitoring, and performance.

The post How to Build Secure and Scalable Web Applications appeared first on Security Boulevard.

SSOJet - Enterprise SSO & Identity Solutions

Akira

Dark Feed IO

8 months 3 weeks ago

You must login to view this content

cohenido

Akira

Dark Feed IO

8 months 3 weeks ago

You must login to view this content

cohenido

CVE-2024-38513 | gofiber up to 2.52.4 session_id session fixiation (GHSA-98j2-3j3p-fw2v)

Vuldb Updates

8 months 3 weeks ago

A vulnerability has been found in gofiber fiber up to 2.52.4 and classified as critical. This vulnerability affects unknown code. The manipulation of the argument session_id leads to session fixiation. This vulnerability is traded as CVE-2024-38513. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

vuldb.com

CVE-2024-52064 | RTI Connext Professional up to 5.3.1.44/6.0.1.39/6.1.2.20/7.3.0.1 Core Libraries buffer overflow

Vuldb Updates

8 months 3 weeks ago

A vulnerability was found in RTI Connext Professional up to 5.3.1.44/6.0.1.39/6.1.2.20/7.3.0.1. It has been declared as critical. This affects an unknown function of the component Core Libraries. The manipulation results in buffer overflow. This vulnerability is reported as CVE-2024-52064. The attack requires a local approach. No exploit exists. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-52065 | RTI Connext Professional up to 5.3.1.40/6.1.2.20/7.3.0.1 on Non-Windows Persistence Service buffer overflow

Vuldb Updates

8 months 3 weeks ago

A vulnerability was found in RTI Connext Professional up to 5.3.1.40/6.1.2.20/7.3.0.1 on Non-Windows. It has been rated as critical. This impacts an unknown function of the component Persistence Service. This manipulation causes buffer overflow. This vulnerability appears as CVE-2024-52065. The attack requires local access. There is no available exploit. Upgrading the affected component is advised.

vuldb.com

Akira

Dark Feed IO

8 months 3 weeks ago

You must login to view this content

cohenido

$20 YoLink IoT Gateway Vulnerabilities Put Home Security at Risk

Hack Read

8 months 3 weeks ago

Four critical zero-day flaws found in the $20 YoLink Smart Hub allow remote physical access, threatening your home security. See the urgent steps you must take now.

Deeba Ahmed

Хакеры превратили 4G-роутеры в SMS-пушки — Швеция, Италия и Бельгия под атакой

Securitylab.ru

8 months 3 weeks ago

Неожиданная особенность бизнес-оборудования стала ключом к массовым атакам.

CVE-2025-11241 | Yoast SEO Premium Plugin 25.7/25.8/25.9 on WordPress cross site scripting

VulDB Recent Entries

8 months 3 weeks ago

A vulnerability was found in Yoast SEO Premium Plugin 25.7/25.8/25.9 on WordPress. It has been declared as problematic. Impacted is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-11241. The attack may be performed from remote. There is no available exploit.

vuldb.com

CVE-2025-53881 | openSUSE Tumbleweed 1.0.2/1.083/1.2.3/1.2.4/2.11.29 Exim Logrotate Config symlink

VulDB Recent Entries

8 months 3 weeks ago

A vulnerability was found in openSUSE Tumbleweed 1.0.2/1.083/1.2.3/1.2.4/2.11.29. It has been classified as critical. This issue affects some unknown processing of the component Exim Logrotate Config. This manipulation causes symlink following. This vulnerability is tracked as CVE-2025-53881. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.

vuldb.com

PoC exploit Released for VMware Workstation guest-to-host escape Vulnerability

Cyber Security News

8 months 3 weeks ago

A proof-of-concept (PoC) exploit has been released for a critical vulnerability chain in VMware Workstation that allows an attacker to escape from a guest virtual machine and execute arbitrary code on the host operating system. The exploit successfully chains together an information leak and a stack-based buffer overflow vulnerability to achieve a full guest-to-host escape, […]

The post PoC exploit Released for VMware Workstation guest-to-host escape Vulnerability appeared first on Cyber Security News.

Guru Baran

Security Lessons For All From GitHub’s Hardened Package Publication For npm

Security Boulevard

8 months 3 weeks ago

GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.

The post Security Lessons For All From GitHub’s Hardened Package Publication For npm appeared first on Security Boulevard.

Dwayne McDaniel

CVE-2025-41064 | GTT OpenSIAC 1.0 Cl@ve improper authentication

VulDB Recent Entries

8 months 3 weeks ago

A vulnerability was found in GTT OpenSIAC 1.0 and classified as critical. This vulnerability affects unknown code of the component Cl@ve. The manipulation results in improper authentication. This vulnerability is identified as CVE-2025-41064. The attack can be executed remotely. There is not any exploit available.

vuldb.com

Your Service Desk is the New Attack Vector—Here's How to Defend It.

Bleeping Computer.

8 months 3 weeks ago

Service desks are prime targets. A practical, NIST-aligned workflow for help desk user verification that stops social engineering without slowing support. Learn how role- & points-based verification workflows stop attackers cold. [...]

Phishing Is Moving From Email to Mobile. Is Your Security?

darkreading

8 months 3 weeks ago

With SMS, voice, and QR-code phishing incidents on the rise, it's time to take a closer look at securing the mobile user.

Jim Dolce

Aggregator

Managed ad