Aggregator

A vulnerability described as problematic has been identified in Linux Kernel up to 6.1.100/6.6.41/6.9.10. Affected by this vulnerability is the function select_req of the component cachefiles. Such manipulation leads to insufficiently random values. This vulnerability is referenced as CVE-2024-41074. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

$38 миллионов отмыли дипфейками: власти ответили беспрецедентным контролем.

“Het officiersdiploma is niet alleen een bekroning op de studieresultaten. Het is ook een bewijs van vertrouwen. In karakter, leidinggevende capaciteiten, fysieke en mentale weerbaarheid en aanpassingsvermogen.” Commandant Koninklijke Militaire Academie (KMA) kolonel Frank Rippens reikte de zogenoemde ‘bullen’ vandaag uit. Op het Kasteel van Breda rondden 151 afgestudeerde officieren daarmee hun opleiding af.

PostgreSQL 数据库项目释出了 v18 版本。主要新特性包括：异步 I/O (AIO) 子系统改进顺序扫描、位图堆扫描、vacuums 清理等操作的性能，基准测试显示在部分情况下性能提升最高 3 倍；pg_upgrade 保留优化器统计信息；支持对多列 B-tree 索引的“跳过扫描”查找；虚拟生成列，改进文本处理，OAuth 身份验证，等等。更多浏览发布公告。

CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra urged GoAnywhere users to upgrade to version 7.8.4 or v7.6.3 (Sustain Release) to fix a deserialization vulnerability in the solution’s License Servlet, which “allows an actor with a validly forged license response signature to deserialize an … More →

The post Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) appeared first on Help Net Security.

​在流量与低价之外，寻找本地生活的第三条路。

watchTowr Labs says hackers exploited the Fortra GoAnywhere MFT flaw CVE-2025-10035 on Sept 10, 2025, a week before public disclosure. Cybersecurity firm watchTowr Labs revealed that it has ‘credible evidence’ that the critical Fortra GoAnywhere MFT flaw CVE-2025-10035 was actively exploited in attacks in the wild as early as September 10, 2025, a week before […]

Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise.

The post Worries mount over max-severity GoAnywhere defect appeared first on CyberScoop.

Как личные конфликты влияют на будущее Linux.

FortiGuard Labs exposes a high-severity phishing campaign impersonating the National Police of Ukraine to deliver Amatera Stealer (data theft) and PureMiner (cryptojacking) to Windows PCs.

Het Rijksvastgoedbedrijf (RVB) gaat in opdracht van Defensie aan de slag met de bouw van de nieuwe kazerne van het Korps Mariniers in Uddel. Vandaag is de aanbesteding voor de bouw gepubliceerd op TenderNed.

A vulnerability classified as critical has been found in Wide Banner Plugin up to 1.0.4 on WordPress. This affects an unknown part. Performing manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-58919. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Quantities and Units for WooCommerce Plugin up to 1.0.13 on WordPress. This vulnerability affects unknown code. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-58917. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as problematic has been reported in Apache Airflow 3.0.3. This impacts an unknown function. Performing manipulation results in permission issues. This vulnerability is reported as CVE-2025-54831. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in Backuply Plugin up to 1.4.8 on WordPress. The affected element is an unknown function. Performing manipulation results in improper authorization. This vulnerability is reported as CVE-2025-10307. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as problematic, has been found in Dylan James Zephyr Project Manager Plugin up to 3.3.202 on WordPress. This affects an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-10490. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as critical has been identified in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown function of the file /admin/team-ontheway-requests.php. Executing manipulation of the argument teamid can lead to sql injection. This vulnerability appears as CVE-2025-7561. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage-incomingvehicle.php. This manipulation of the argument del causes sql injection. This vulnerability is handled as CVE-2025-7492. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in PHPGurukul Vehicle Parking Management System 1.13. Affected is an unknown function of the file /admin/manage-category.php. Executing manipulation of the argument del can lead to sql injection. This vulnerability is handled as CVE-2025-7520. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in PHPGurukul Vehicle Parking Management System 1.13. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7521. The attack is possible to be carried out remotely. Moreover, an exploit is present.