Aggregator

A vulnerability marked as problematic has been reported in magicmonty bash-git-prompt up to 2.7.1. This issue affects some unknown processing of the file /tmp/git-index-private$$. Performing manipulation results in insecure temporary file. This vulnerability was named CVE-2025-61659. The attack needs to be approached locally. There is no available exploit.

A vulnerability labeled as problematic has been found in hay-kot Mealie up to 3.0.1. This vulnerability affects unknown code of the file /api/recipes/. Such manipulation of the argument note/text leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-56795. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.

A vulnerability identified as problematic has been detected in Nanda AT_NA2000. This affects an unknown part of the component Sequence Number Handler. This manipulation causes insufficiently random values. This vulnerability is handled as CVE-2025-56234. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in Mongoose up to 7.17. Affected by this issue is some unknown functionality of the component WebSocket. The manipulation results in integer overflow. This vulnerability is known as CVE-2025-51495. Access to the local network is required for this attack. No exploit is available. A patch should be applied to remediate this issue.

A vulnerability was found in Openindiana 5.11. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component Sequence Number Handler. The manipulation leads to insufficiently random values. This vulnerability is traded as CVE-2025-56233. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in VMware VCF operations, Tools, Aria Operations, Cloud Foundation, Telco Cloud Platform and Telco Cloud Infrastructure. It has been declared as critical. Affected is an unknown function. Executing manipulation can lead to privilege defined with unsafe actions. This vulnerability appears as CVE-2025-41244. The attack requires local access. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in VMware Aria Operations, Cloud Foundation, Telco Cloud Platform and Telco Cloud Infrastructure up to 8.18.4. It has been classified as problematic. This impacts an unknown function. Performing manipulation results in insecure default initialization of resource. This vulnerability is reported as CVE-2025-41245. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in danny-avila librechat up to 0.7.8 and classified as problematic. This affects an unknown function of the component Request Body Handler. Such manipulation of the argument author/access_level/isCollaborative/projectIds leads to dynamically-determined object attributes. This vulnerability is documented as CVE-2025-7104. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in VMware Tools on Windows and classified as critical. The impacted element is an unknown function. This manipulation causes incorrect authorization. This vulnerability is registered as CVE-2025-41246. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

Dutch authorities arrest two teens recruited by pro-Russian hackers for spying missions. Learn how Russia is using disposable agents for sabotage across Europe.

Authorities arrested 260 cybercrime suspects during a two-week operation spanning 14 African countries, Interpol announced Friday. The globally coordinated summertime crackdown dubbed “Operation Contender 3.0” targeted criminal networks that facilitated romance scams and sextortion, officials said.  Interpol said total losses attributed to the scam syndicates amounted to about $2.8 million, involving almost 1,500 victims. Authorities […]

The post Interpol operation disrupts romance scam and sextortion networks in Africa appeared first on CyberScoop.

Threat actors claiming to represent the Medusa ransomware gang tempted a BBC correspondent to become an insider threat by offering a significant amount of money. [...]

Точные возможности нового стелс-истребителя пока держатся в секрете.

A sophisticated cyber campaign is exploiting the trust users place in popular collaboration software, tricking them into downloading a weaponized version of Microsoft Teams to gain remote access to their systems. Threat actors are using search engine optimization (SEO) poisoning and malicious advertisements to lure unsuspecting victims to fraudulent download pages, a tactic that closely […]

The post Hackers Trick Users into Download Weaponized Microsoft Teams to Gain Remote Access appeared first on Cyber Security News.

Name: SunshineCTF 2025 (an SunshineCTF event.)
Date: Sept. 27, 2025, 2 p.m. — 29 Sept. 2025, 14:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://sunshinectf.org/
Rating weight: 51.65
Event organizers: Knightsec

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘’Biology Department” appeared first on Security Boulevard.

The digital privacy nonprofit noyb says a Lithuania-based data broker has a "very shady business model" that runs afoul of European data privacy laws.

100% роста в стране, где у 25 млн. человек нет интернета.

Luxury department store Harrods has disclosed a significant data breach affecting approximately 430,000 customer records after a third-party provider was compromised. The hackers behind the attack have contacted the retailer, but Harrods has stated it will not engage with the threat actor, suggesting a potential ransom demand was made. The breach, which Harrods first communicated […]

The post New Harrods Data Breach Exposes 430,000 Customer Personal Records appeared first on Cyber Security News.

Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide. According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region.