Aggregator

根据《个人信息保护法》《个人信息保护合规审计管理办法》等法律法规规章规定，国家互联网信息办公室就开展个人信息保护负责人信息报送工作有关事项公告如下……

Microsoft has shed light on the sophisticated operations of Octo Tempest, a financially motivated cybercriminal group alternatively known as Scattered Spider, Muddled Libra, UNC3944, or 0ktapus. This threat actor has demonstrated a versatile arsenal of tactics, techniques, and procedures (TTPs) in end-to-end attacks targeting organizations across various sectors. Octo Tempest’s methodology typically begins with initial […]

The post Microsoft Uncovers Scattered Spider Tactics, Techniques, and Procedures in Recent Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Mattermost up to 9.11.16/10.5.6/10.7.3/10.8.1. It has been rated as critical. This issue affects some unknown processing of the component Private Channel Handler. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2025-6226. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mattermost up to 9.11.16/10.5.7/10.7.3/10.8.1. It has been declared as critical. This vulnerability affects unknown code of the component JSONL File Import. The manipulation leads to path traversal. This vulnerability was named CVE-2025-6233. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function validToken of the file /wx.php. The manipulation of the argument echostr leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-7803. It is possible to initiate the attack remotely. There is no exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Cybersecurity researchers at Northeastern University and Dartmouth College have unveiled a groundbreaking attack technique that exploits fundamental parsing discrepancies in Web Application Firewalls (WAFs), potentially compromising the security of millions of websites worldwide. The research, dubbed “WAFFLED” (Web Application Firewall Fuzzing through Language Exploitation and Discrepancy), demonstrates how attackers can bypass five major WAF platforms. […]

The post WAFFLED: New Technique Targets Web Application Firewall Weaknesses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

64 миллиона анкет попали в руки посторонних.

Submit #616885 / VDB-316869

Jailbreak, профили конфигурации, Activation Lock и другие скрытые угрозы.

关于爬取*ray面板管理后台代理池的脚本，支持系统状态监控 支持多用户多协议，网页可视化操作

A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument Search leads to cross site scripting. This vulnerability is handled as CVE-2025-7802. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #616740 / VDB-316868

Депутаты хотят навести порядок в кредитных заявках.

更新！6月篇！

👍 👍 👍

A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBas_customPrmSearchDtl.jsp. The manipulation of the argument cstid leads to sql injection. This vulnerability is known as CVE-2025-7801. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Fortinet FortiIsolator up to 2.3.4/2.4.4. Affected is an unknown function of the component HTTP Request Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-32124. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.98/6.12.38/6.15.6/6.16-rc5. This issue affects some unknown processing of the component eventpoll. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-38349. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.