Aggregator

A vulnerability was found in Mattermost up to 10.10.1. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component Channel Membership Handler. Performing manipulation results in missing authorization. This vulnerability is known as CVE-2025-9076. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in chaos-mesh up to 2.7.2 and classified as critical. Affected is an unknown function of the component Chaos Controller Manager. Such manipulation leads to os command injection. This vulnerability is traded as CVE-2025-59359. The attack may be launched remotely. There is no exploit available. It is best practice to apply a patch to resolve this issue.

​Microsoft has confirmed that the September 2025 Windows security updates are causing connection issues to Server Message Block (SMB) v1 shares. [...]

A vulnerability has been found in chaos-mesh up to 2.7.2 and classified as critical. This impacts an unknown function of the component Chaos Controller Manager. This manipulation causes os command injection. This vulnerability appears as CVE-2025-59361. The attack may be initiated remotely. There is no available exploit. Applying a patch is the recommended action to fix this issue.

A vulnerability, which was classified as critical, was found in chaos-mesh up to 2.7.2. This affects an unknown function of the component Chaos Controller Manager. The manipulation results in os command injection. This vulnerability is reported as CVE-2025-59360. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.

For the latest discoveries in cyber research for the week of 15th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Panama’s Ministry of Economy and Finance (MEF) was hit by a ransomware attack that resulted in the theft of more than 1.5TB of data, including emails, financial documents, and budgeting details. The […]

The post 15th September – Threat Intelligence Report appeared first on Check Point Research.

A vulnerability categorized as problematic has been discovered in Payoneer Checkout Plugin up to 3.4.0 on WordPress. This affects an unknown part. The manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-58795. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Campcodes Computer Sales and Inventory System 1.0. It has been rated as critical. The impacted element is an unknown function of the file /pages/sup_searchfrm.php?action=edit. This manipulation of the argument ID causes sql injection. The identification of this vulnerability is CVE-2025-10436. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. This vulnerability is listed as CVE-2025-10440. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. This vulnerability is cataloged as CVE-2025-10441. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. This vulnerability is documented as CVE-2025-10443. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /advancesearch.php. Performing manipulation of the argument Username results in sql injection. This vulnerability is reported as CVE-2025-10444. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Genians observed the Kimsuky group impersonate a defense institution in a spear-phishing attack, leveraging ChatGPT to create fake military ID cards

A vulnerability identified as critical has been detected in JCcorp URLshrink 1.3.1. The affected element is an unknown function of the file createurl.php. This manipulation of the argument formurl causes file inclusion. The identification of this vulnerability is CVE-2007-1416. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in JCcorp URLshrink 1.3.1. This impacts an unknown function. This manipulation causes improper privilege management. This vulnerability is registered as CVE-2007-1795. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability identified as problematic has been detected in Jeeblestechnology Jeebles Directory 2.9.60. This issue affects some unknown processing of the file download.php. The manipulation leads to path traversal. This vulnerability is documented as CVE-2007-5706. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in Browser. Affected is an unknown function. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2007-1156. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Jax Jax Petition Book 1.0.3.06. The impacted element is an unknown function of the file jax_petitionbook.php. The manipulation of the argument languagepack leads to path traversal. This vulnerability is documented as CVE-2007-0335. The attack can be initiated remotely. Additionally, an exploit exists.

New research from Red Canary and Zscaler shows phishing lures now drop RMM tools like ITarian and Atera,…

SSL/TLS certificates are no longer just a technical detail, they’re now a strategic driver of crypto agility. With certificate lifespans shortening to just 47 days by 2029, organizations must adopt automation, certificate visibility, and lifecycle management to stay secure. This shift, alongside the coming impact of quantum computing, forces leadership to treat certificate agility as a core business priority for resilience, compliance, and post-quantum readiness.

The post Why 47-day SSL/TLS certificates can be used as a driver for crypto agility appeared first on Security Boulevard.