Aggregator

A vulnerability has been found in freescout-help-desk freescout up to 1.8.177 and classified as problematic. Affected by this vulnerability is the function Set. The manipulation leads to deserialization. This vulnerability is known as CVE-2025-48389. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in freescout-help-desk freescout up to 1.8.178. Affected is an unknown function. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-48471. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in freescout-help-desk freescout up to 1.8.177. This issue affects the function file_exists of the file tools.php. The manipulation of the argument php_path leads to code injection. The identification of this vulnerability is CVE-2025-48390. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

中国于 5 月 29 日在西昌卫星发射中心用长征三号乙Y110运载火箭成功发射了行星探测工程天问二号探测器。天问二号任务长达十年，主要有两大目标：对小行星 2016HO3 进行伴飞、取样并返回地球；对主带彗星311P开展科学探测。小行星 2016HO3 在 2016 年由夏威夷望远镜首次发现，直径 40-100 米左右，被认为保留着太阳系诞生之初的原始信息。如果成功取样并送回地球，中国将继美国和日本之后成为完成小行星取样的第三个国家。天问二号预计在 2026 年 7 月飞到小行星附近，取样目标是收集至少 100 克岩石和尘埃，任务预计在 2027 年末完成，然后开始将样本送回地球分析。天问二号将尝试多种方式收集样本，其中一种方法是探测器靠近小行星表面，配合小行星自转，伸出机械臂采集样本。主带彗星311P 位于火星和木星轨道之间的小行星带，它既像小行星般沿固定轨道行进，又像彗星一样喷发尘埃，被称为“活跃的小行星”。

我们为安全建立的孤岛、特殊流程和神秘评分正在让软件变得更不安全。

Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan

适用于 macOS + OrbStack/Docker 环境 1. 安装前准备 1.1 系统要求 1.2 环境验证 2. 初始安装步骤 2.1 创建项目目录 2 […]

The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. [...]

Cybersecurity researchers have uncovered a sophisticated phishing campaign that leveraged the legitimate infrastructure of Nifty[.]com, a popular project management platform, to conduct targeted attacks against organizations worldwide. The campaign, which remained active for several months before detection, demonstrates an evolving trend where threat actors exploit trusted web services to bypass traditional security measures and establish […]

The post Threat Actors Abused Nifty[.]com Infrastructure for Sophisticated Phishing Attack appeared first on Cyber Security News.

Alleged data leak of Pengadilan Negeri Pekanbaru

A vulnerability classified as problematic was found in WPCHURCH Plugin up to 2.7.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-31642. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in DZS Video Gallery Plugin up to 12.25 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-32300. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Formulario de Contacto SalesUp Plugin up to 1.0.14 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-48143. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in DZS Video Gallery Plugin up to 12.25 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-47553. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in DZS Video Gallery Plugin up to 12.25 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to deserialization. This vulnerability is known as CVE-2025-47552. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Netwrix Directory Manager up to 10.0.7784.0 and classified as problematic. This issue affects some unknown processing. The manipulation leads to use of hard-coded password. The identification of this vulnerability is CVE-2025-48748. The attack needs to be done within the local network. There is no exploit available.

The firm’s remote monitoring management tool, ScreenConnect, has reportedly been patched