Aggregator

Один заговор — и целая индустрия пошла под воду.

Enterprises typically “modernize” access patterns for an application by enabling industry standard protocols like OIDC or SAML to provide single sign-on (SSO) for legacy apps via a cloud identity provider (IDP). That’s a major step towards better user experience, improved credential hygiene, and centralized authentication, but it is not enough. Most modernization projects stop at the authentication layer, believing that identity transformation is complete once SAML or OIDC is wired up. What’s often overlooked is … More →

The post Why app modernization can leave you less secure appeared first on Help Net Security.

A vulnerability, which was classified as critical, was found in Property Plugin 1.0.5/1.0.6 on WordPress. This affects the function property_package_user_role. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-5117. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Gibbon up to 28.x. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-26211. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in SIGB PMB. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-48744. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in SIGB PMB. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-48743. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SIGB PMB. It has been rated as critical. This issue affects some unknown processing of the component Installer. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2025-48742. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in codelibs fess up to 14.19.1. It has been declared as problematic. This vulnerability affects the function createTempFile of the component org.codelibs.fess.helper.SystemHelper. The manipulation leads to incorrect permission assignment. This vulnerability was named CVE-2025-48382. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in radashi up to 12.5.0. It has been classified as critical. This affects the function Set. The manipulation of the argument path leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is uniquely identified as CVE-2025-48054. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Controller and Cognos Controller 11.0.0/11.0.1/11.1.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to unprotected storage of credentials. This vulnerability is handled as CVE-2025-33079. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in vBulletin 6.0.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to improper protection of alternate path. This vulnerability is known as CVE-2025-48828. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in vBulletin up to 5.7.5/6.0.3. Affected is an unknown function of the file /api.php?method=protectedMethod. The manipulation leads to improper protection of alternate path. This vulnerability is traded as CVE-2025-48827. It is possible to launch the attack remotely. There is no exploit available.

在这个数字化时代，网络空间已成为各国角力的新战场。而朝鲜，这个神秘而又封闭的国度，最近在网络战领域掀起了一场

После громкой зачистки Lumma ожил и начал сливать новые пароли

In this Help Net Security interview, Michael Metzler, Vice President Horizontal Management Cybersecurity for Digital Industries at Siemens, discusses the cybersecurity implications of deploying AI agents in industrial environments. He talks about the risks that come with AI agents making semi-autonomous decisions, and why a layered security approach like Defense-in-Depth is key to keeping industrial systems safe. What are the implications of an AI agent being compromised in a critical infrastructure environment, such as an … More →

The post How AI agents reshape industrial automation and risk management appeared first on Help Net Security.

A vulnerability was found in Apache Tika up to 1.28.1/2.3.x. It has been rated as problematic. This issue affects the function StandardsText. The manipulation leads to incorrect regular expression. The identification of this vulnerability is CVE-2022-30126. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache Tika 1.28.2. It has been declared as problematic. This vulnerability affects the function StandardsText of the component Incomplete Fix CVE-2022-30126. The manipulation leads to incorrect regular expression. This vulnerability was named CVE-2022-30973. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Primavera Unifier up to 21.12. Affected by this issue is some unknown functionality of the component Document Management. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-30126. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle WebCenter Portal 12.2.1.3.0/12.2.1.4.0 and classified as critical. Affected by this issue is some unknown functionality of the component Security Framework. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-30126. Attacking locally is a requirement. There is no exploit available.