Aggregator

A vulnerability, which was classified as critical, has been found in Mitsubishi Electric MELSEC-Q Q03UDVCPU, MELSEC-Q Q04UDVCPU, MELSEC-Q Q06UDVCPU, MELSEC-Q Q13UDVCPU, MELSEC-Q Q26UDVCPU, MELSEC-Q Q04UDPVCPU, MELSEC-Q Q06UDPVCPU, MELSEC-Q Q13UDPVCPU and MELSEC-Q Q26UDPVCPU. Impacted is an unknown function. Performing manipulation results in improper handling of length parameter inconsistency. This vulnerability is identified as CVE-2025-8531. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as problematic was found in WisdomGarden Tronclass up to 1.74. This issue affects some unknown processing. Such manipulation leads to authorization bypass. This vulnerability is referenced as CVE-2025-10719. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in Webull Investing & Trading App 11.2.5.63 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The identification of this vulnerability is CVE-2025-10721. The attack can only be executed locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #645019 / VDB-325015

Submit #645014 / VDB-325010

A vulnerability classified as problematic has been found in Mozilla Firefox up to 142. The impacted element is an unknown function. This manipulation causes authentication bypass by spoofing. This vulnerability appears as CVE-2025-10530. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mozilla Firefox up to 142. Affected is an unknown function. Executing manipulation can lead to authentication bypass using alternate channel. This vulnerability is handled as CVE-2025-10531. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 142. This impacts an unknown function. Performing manipulation results in improper check for unusual conditions. This vulnerability is known as CVE-2025-10532. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability described as problematic has been identified in Mozilla Firefox up to 142. The affected element is an unknown function. The manipulation results in permissive cross-domain policy with untrusted domains. This vulnerability is reported as CVE-2025-10529. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in Mozilla Firefox up to 142. This issue affects some unknown processing. Executing manipulation can lead to use after free. This vulnerability is registered as CVE-2025-10527. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

Luxury jeweler Tiffany and Company has confirmed a data breach that exposed the personal information of 2,590 customers. The company discovered unauthorized access to an external system on September 9, 2025, but determined the incident first occurred on May 12, 2025. Tiffany notified affected customers in writing on September 16, 2025, and filed a breach notification […]

The post Luxury Jeweler Tiffany Reports Data Breach Exposing User Personal Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Две незаметные проблемы в Microsoft едва не создали «уязвимость судного дня».

The Atlantic Council has published its second annual report: “Mythical Beasts: Diving into the depths of the global spyware market.”

Too much good detail to summarize, but here are two items:

First, the authors found that the number of US-based investors in spyware has notably increased in the past year, when compared with the sample size of the spyware market captured in the first Mythical Beasts project. In the first edition, the United States was the second-largest investor in the spyware market, following Israel. In that edition, twelve investors were observed to be domiciled within the United States—­whereas in this second edition, twenty new US-based investors were observed investing in the spyware industry in 2024. This indicates a significant increase of US-based investments in spyware in 2024, catapulting the United States to being the largest investor in this sample of the spyware market. This is significant in scale, as US-based investment from 2023 to 2024 largely outpaced that of other major investing countries observed in the first dataset, including Italy, Israel, and the United Kingdom. It is also significant in the disparity it points to ­the visible enforcement gap between the flow of US dollars and US policy initiatives. Despite numerous US policy actions, such as the addition of spyware vendors on the ...

The post Surveying the Global Spyware Market appeared first on Security Boulevard.

关键词网络攻击网络安全研究人员发现，两个与俄罗斯联邦安全局（FSB）关联的黑客组织 Gamaredon 与 T

关键词网络攻击英国国家犯罪调查局（NCA）宣布，两名少年因涉嫌参与 2024 年 9 月对伦敦交通局（TfL）

关键词网络攻击俄罗斯地区航空公司 克拉斯诺亚尔斯克航空（KrasAvia） 确认，其官方网站及多项核心系统于当

Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. The workflow we are highlighting streamlines security alert handling by automatically identifying and executing the appropriate Standard

U.K. police arrested two teens from the Scattered Spider group for their role in the August 2024 cyberattack on Transport for London. U.K. law enforcement authorities arrested two teenagers who are members of the notorious Scattered Spider hacking group in connection with their role in the cyber attack that hit Transport for London (TfL). Transport for London (TfL) […]

UK law enforcement agencies have arrested two individuals linked to the notorious Scattered Spider cybercriminal group. The arrests, announced on Tuesday, pertain to a sophisticated attack on London’s transport systems. Authorities say the suspects infiltrated critical infrastructure networks, demanding ransom payments and causing widespread disruption. Details of the Arrests and Charges On Sept. 16, officers […]

The post UK Police Arrest Two Scattered Spider Hackers Over London Transport Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.