Aggregator

A vulnerability classified as critical was found in RTI Connext Professional up to 5.3.1.44/6.0.1.39/6.1.2.20/7.3.0.4. This affects an unknown part of the component Routing Service/Recording Service/Queuing Service/Observability Collector Service/Cloud Discovery Service. The manipulation results in buffer overflow. This vulnerability is identified as CVE-2024-52060. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in RTI Connext Professional up to 5.2.x/6.1.2.16/7.3.0. This vulnerability affects unknown code of the component Queuing Service. This manipulation causes sql injection. This vulnerability is tracked as CVE-2024-52057. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in RTI Connext Professional up to 6.1.2.18/7.3.0.1. This issue affects some unknown processing of the component System Designer. Such manipulation leads to os command injection. This vulnerability is listed as CVE-2024-52058. The attack must be carried out locally. There is no available exploit. You should upgrade the affected component.

A vulnerability has been found in RTI Connext Professional up to 5.3.1.44/6.0.1.39/6.1.2.20/7.3.0.4 and classified as critical. Impacted is an unknown function of the component Core Libraries/Queuing Service/Recording Service/Routing Service. Performing manipulation results in buffer overflow. This vulnerability is cataloged as CVE-2024-52061. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in RTI Connext Professional up to 5.3.1.44/6.0.1.39/6.1.2.20/7.3.0.4 and classified as critical. The affected element is an unknown function of the component Core Libraries. Executing manipulation can lead to buffer overflow. This vulnerability is registered as CVE-2024-52062. The attack needs to be launched locally. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in RTI Connext Professional up to 6.0.1.39/6.1.2.20/7.3.0.4. Affected is an unknown function of the component Routing Service. Such manipulation leads to buffer overflow. This vulnerability is traded as CVE-2024-52066. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in RTI Connext Professional. It has been rated as problematic. The affected element is an unknown function of the component Core Libraries. The manipulation leads to buffer over-read. This vulnerability is documented as CVE-2025-4582. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in RTI Connext Professional up to 7.5.x. This affects an unknown function of the component Core Libraries. This manipulation causes untrusted pointer dereference. This vulnerability appears as CVE-2025-1255. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

As proud sponsors of Wild West Hackin’ Fest, Red Siege is excited to return to Deadwood for another year of cutting-edge training, engaging talks, and unique experiences. The event is […]

The Confucius cyber-espionage group has shifted its tactics from document-focused stealers to Python-based backdoors like AnonDoor

Japanese beverage giant Asahi is struggling to restore operations following a cyberattack that has disrupted its business for most of the week, raising fears of shortages of the country’s top-selling beer.

Здесь трещат горные породы, бушуют цунами, землетрясения и всё это — по плану

A vulnerability, which was classified as critical, has been found in pi-hole up to 5.18.2. The affected element is the function gravity_DownloadBlocklistFromUrl. This manipulation causes server-side request forgery. This vulnerability is tracked as CVE-2024-34361. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in AMTT Hotel Broadband Operation System 3.0.3.151204. This issue affects some unknown processing of the file manager/conference/calendar_remind.php. The manipulation leads to sql injection. This vulnerability is listed as CVE-2024-39072. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as critical, was found in D-Link DI-7400G+. This vulnerability affects the function sub_478D28 of the file mng_platform.asp of the component jhttpd. Executing manipulation of the argument ac_mng_srv_host can lead to command injection. This vulnerability appears as CVE-2025-57105. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as critical has been reported in Fortinet FortiOS and FortiProxy. Affected by this vulnerability is an unknown functionality of the component Automation Stitch. Performing manipulation results in authentication bypass using alternate channel. This vulnerability is known as CVE-2025-22862. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

Unknown attackers claiming affiliation with the Cl0p extortion gang are hitting business and IT executives at various companies with emails claiming that they have exfiltrated sensitive data from the firms’ Oracle E-Business Suite (EBS). The email campaign According to Google, this high-volume email campaign has been launched from hundreds of compromised accounts in late September 2025. “Our initial analysis confirms that at least one of these accounts has been previously associated with activity from FIN11, … More →

The post Oracle customers targeted with emails claiming E-Business Suite breach, data theft appeared first on Help Net Security.

Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first

Cybersecurity firm Tenable found three critical flaws allowing prompt injection and data exfiltration from Google's Gemini AI. Learn why AI assistants are the new weak link.

Установите обновление как можно скорее — хакеры не станут ждать.