Aggregator

A vulnerability, which was classified as critical, was found in Microsoft 365 Copilot Business Chat. Affected is an unknown function. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-53787. It is possible to launch the attack remotely. There is no exploit available. This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves.

Currently trending CVE - Hype Score: 18 - Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this ...

Currently trending CVE - Hype Score: 9 - StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.

VexTrio, a sophisticated threat actor known for operating a massive traffic distribution system (TDS), has expanded its malicious activities by deploying fake VPN applications on major app stores, including Google Play and the Apple App Store. Originating from a merger between Italian spammers and Eastern European developers around 2020, VexTrio’s TDS facilitates the redirection of […]

The post VexTrio TDS Deploys Malicious VPN Apps on Google Play and App Store appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

За фемтосекунды до смерти молекула выдала свои квантовые секреты.

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. This vulnerability was named CVE-2025-8752. The attack can be initiated remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A vulnerability was found in VMware ESXi, Workstation, Fusion and Cloud Foundation. It has been declared as problematic. This vulnerability affects unknown code of the component GuestInfo. The manipulation leads to denial of service. This vulnerability was named CVE-2020-3999. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEAS_AlarmResult/GetAlarmResultProcessList of the component Analysis Conclusion Query Module. The manipulation of the argument resultId leads to sql injection. The identification of this vulnerability is CVE-2025-8704. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetTargetConfig of the component Energy Overview Module. The manipulation of the argument BP_ProID leads to sql injection. This vulnerability is traded as CVE-2025-8705. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /CommonSolution/CreateFunctionLog of the component Energy Overview Module. The manipulation of the argument MM_MenID leads to sql injection. This vulnerability is known as CVE-2025-8706. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #623679 / VDB-319246

A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. It has been classified as problematic. This affects an unknown part of the component Block Page. The manipulation of the argument Category leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8751. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

半年融资 3 个亿，前地平线、理想高管做了一只机器狗。

U.S. authorities have announced the successful dismantling of the BlackSuit ransomware operation, a notorious group linked to attacks on more than 450 organizations worldwide. The operation, led by Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI), involved seizing servers, domains, and digital assets used for deploying ransomware, extorting victims, and laundering illicit profits. BlackSuit, […]

The post US Confirms Shutdown of BlackSuit Ransomware That Hacked Over 450 Organizations appeared first on Cyber Security News.

Submit #623677 / VDB-319245

Радио с шифром — а враг уже в эфире.

The threat actor group dubbed GreedyBear has orchestrated an industrial-scale operation blending malicious browser extensions, executable malware, and phishing infrastructure to siphon over $1 million in cryptocurrency from victims. This coordinated assault, uncovered by Koi Security researchers, leverages a staggering 650 hacking tools comprising 150 weaponized Firefox extensions and nearly 500 malicious Windows executables demonstrating […]

The post Record-Breaking GreedyBear Attack Uses 650 Hacking Tools to Steal $1M from Victims appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new, coordinated cybercrime campaign called "GreedyBear" has stolen over $1 million from crypto users. Learn how the group uses malicious extensions, malware, and fake websites in an industrial-scale attack uncovered by Koi Security.

A vulnerability was found in Mobile Industrial Robots MiR Robots and MiR Fleet up to 2.x and classified as critical. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-8748. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Cisco Talos’ Vulnerability Discovery & Research team has disclosed a total of 12 critical security vulnerabilities across three popular software platforms, highlighting significant security risks that could potentially impact millions of users worldwide. The disclosure includes seven vulnerabilities in WWBN AVideo, four in MedDream PACS Premium, and one in Eclipse ThreadX FileX, all of which […]

The post Multiple Security Vulnerabilities Found in WWBN AVideo, MedDream, and Eclipse ThreadX appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.