Aggregator

A vulnerability classified as problematic has been found in Liferay Portal and DXP. This affects an unknown part. The manipulation of the argument _com_liferay_users_admin_web_portlet_UsersAdminPortlet_assetTagNames leads to cross site scripting. This vulnerability is referenced as CVE-2025-43741. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as problematic has been identified in Liferay Portal and DXP. Affected by this issue is some unknown functionality of the component Web Contents Handler. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-43742. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in Touch Lebanon Mobile App 2.20.2. Affected by this vulnerability is an unknown functionality of the component OTP Handler. Performing manipulation results in weak password recovery. This vulnerability was named CVE-2025-50503. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability labeled as critical has been found in Tenda AC6 V02.03.01.110. Affected is an unknown function of the component HTTP Header Parser. Such manipulation leads to missing release of resource. This vulnerability is uniquely identified as CVE-2025-30256. The attack can be launched remotely. No exploit exists.

A vulnerability identified as problematic has been detected in Liferay Portal and DXP. This impacts the function document_library of the component Form Handler. This manipulation causes files or directories accessible. This vulnerability is handled as CVE-2025-43749. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Tenda AC6 02.03.01.110. This affects an unknown function of the component Cloud API. The manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2025-32010. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in Tenda AC6 02.03.01.110. It has been rated as problematic. The impacted element is an unknown function of the component Firmware Update Handler. The manipulation leads to download of code without integrity check. This vulnerability is traded as CVE-2025-31355. It is possible to initiate the attack remotely. There is no exploit available.

Microsoft’s comprehensive suite of online services, including the central Office.com portal, is currently experiencing a significant and widespread outage, leaving millions of users unable to access essential productivity applications. The company has confirmed the issue and is actively investigating the root cause to restore service as quickly as possible. The disruption, which began escalating earlier […]

The post Microsoft Office.com Suffers Major Outage, Investigation Underway – Updated appeared first on Cyber Security News.

A vulnerability was found in Tenda AC6 02.03.01.110. It has been declared as critical. The affected element is an unknown function of the component HTTP Request Handler. Executing manipulation can lead to authentication bypass using alternate channel. This vulnerability appears as CVE-2025-27129. The attack may be performed from a remote location. There is no available exploit.

A vulnerability was found in Tenda AC6 02.03.01.110. It has been classified as critical. Impacted is an unknown function of the file /goform/getproductInfo. Performing manipulation results in authentication bypass using alternate channel. This vulnerability is reported as CVE-2025-24496. The attack is possible to be carried out remotely. No exploit exists.

A survey of 370 IT and cybersecurity decision makers in organizations with at least 100 employees published today finds, on average, enterprise IT organizations are spending 11 person-hours investigating and remediating each critical identity-related security alert. Conducted by Enterprise Strategy Group (ESG) on behalf of Teleport, a provider of a platform for securing access to..

The post Survey: Enterprise IT Teams Spend 11 Hours Investigating Identity Incidents appeared first on Security Boulevard.

A vulnerability was found in Tenda AC6 02.03.01.110 and classified as critical. This issue affects some unknown processing of the component Network Handler. Such manipulation leads to missing critical step in authentication. This vulnerability is documented as CVE-2025-24322. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in Liferay Portal and DXP and classified as critical. This vulnerability affects unknown code of the component Attachment Field Handler. This manipulation causes unrestricted upload. This vulnerability is registered as CVE-2025-43750. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, was found in Schneider Electric Saitel DR RTU and Saitel DP RTU. This affects an unknown part of the component Configuration File Handler. The manipulation results in improper privilege management. This vulnerability is cataloged as CVE-2025-8453. The attack must be initiated from a local position. There is no exploit available. Applying a patch is advised to resolve this issue.

A new report from Red Canary reveals a clever Linux malware called DripDropper that exploits a flaw and…

В Шахтах задержан посредник иностранных мошенников.

软件密集型系统通常会生成控制台日志，用于故障排除。日志解析旨在将日志消息解析为特定的日志模板，通常是实现自动化日志分析的第一步。

The Russian platform Investment Projects said it is working to restore its infrastructure following a cyberattack claimed by the pro-Ukraine group Cyber Anarchy Squad.

The company said no critical data was accessed, but the hacker "gained access to one of our IT systems that contains the following data: name, first name, telephone number, SIM card number, PUK code, tariff plan.”

LastPass announced passkey support, giving users and businesses a simpler, more secure way to log in across a variety of devices, browsers, and operating systems. Starting now, passkeys can be created, stored, and managed directly in the LastPass vault, alongside passwords, making secure access easier than ever. This release marks a major step in LastPass’s Secure Access Experiences strategy, designed to help users and businesses move beyond password fatigue, phishing risks, and ecosystem lock-in. “Passkeys … More →

The post LastPass now supports passkeys appeared first on Help Net Security.