Aggregator

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8970. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument val-username leads to sql injection. This vulnerability was named CVE-2025-8971. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/page-login.php. The manipulation of the argument email leads to sql injection. The identification of this vulnerability is CVE-2025-8972. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. This vulnerability was named CVE-2025-8955. The attack can be initiated remotely. Furthermore, there is an exploit available.

In this Help Net Security video, Hal Lonas, CTO at Trulioo, talks about the rise of synthetic identity fraud and how it’s quickly becoming one of the biggest threats in financial crime. He breaks down how fraudsters are using generative AI to create fake but convincing documents and deepfakes that can fool both people and machines. Lonas also shares practical tips for fighting back, including smarter identity checks, AI-powered detection tools, and strategies that help … More →

The post Fighting fraud with AI: The new identity security playbook appeared first on Help Net Security.

Güralp Systems Ltd.が提供するGüralp FMUS SeriesおよびGüralp MIN Seriesには、重要な機能に対する認証の欠如の脆弱性が存在します。

A vulnerability described as problematic has been identified in HCL Connections 8.0. This affects an unknown part. The manipulation leads to insufficient granularity of access control. This vulnerability is uniquely identified as CVE-2025-31961. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in HCL Connections Docs 2.0.2. Affected by this issue is some unknown functionality. The manipulation leads to asymmetric resource consumption. This vulnerability is handled as CVE-2025-31987. The attack may be launched remotely. There is no exploit available.

A vulnerability labeled as critical has been found in Lotus Cars App 1.2.8 on Android. Affected by this vulnerability is an unknown functionality of the component com.lotus.carsdomestic.intl. The manipulation leads to improper authentication. This vulnerability is known as CVE-2025-50861. The attack needs to be approached locally. There is no exploit available.

A vulnerability identified as problematic has been detected in Lotus Cars App 1.2.8 on Android. Affected is an unknown function of the component com.lotus.carsdomestic.intl. The manipulation leads to storage of sensitive data in a mechanism without access control. This vulnerability is traded as CVE-2025-50862. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability categorized as problematic has been discovered in OURPHP up to 8.6.1. This issue affects some unknown processing of the component My User Center Page. The manipulation of the argument Name leads to cross site scripting. The identification of this vulnerability is CVE-2025-51965. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in IBM DB2 and DB2 Connect Server up to 10.5.0.11/11.1.4.7/11.5.9/12.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Query Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-51473. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The Trustwave SpiderLabs research team has documented a fresh wave of EncryptHub attacks, in which the human element and the exploitation of a Microsoft Management Console (MMC) vulnerability converge into a single, cohesive campaign....

The post A New Wave of EncryptHub Attacks: How a Microsoft Vulnerability and Social Engineering Collide appeared first on Penetration Testing Tools.

A newly discovered attack on the HTTP/2 protocol, dubbed MadeYouReset, has been unveiled by researchers from Tel Aviv University and disclosed following coordinated reporting through Akamai’s bug bounty program. Although Akamai’s own HTTP/2 implementation...

The post “MadeYouReset”: A New HTTP/2 DDoS Attack Bypasses Rapid Reset Defenses appeared first on Penetration Testing Tools.

The Muddled Libra network—also known as Scattered Spider or Octo Tempest—lacks the rigid hierarchy and centralized control typical of many cybercriminal organizations. Instead, it resembles a loosely connected community of individual threat actors, bound...

The post Muddled Libra: The Evolving Cybercrime Collective That is a “Fool’s Errand” to Predict appeared first on Penetration Testing Tools.

Researchers from University College London and the University of the Mediterranean in Reggio Calabria, Italy, have conducted the first large-scale investigation into privacy practices among generative AI assistants for web browsers, revealing that even...

The post AI Browser Assistants Secretly Harvest Your Data, Study Finds appeared first on Penetration Testing Tools.

1.Qilin勒索团伙公布了新的受害者 2.Play勒索团伙公布新的受害公司 3.Dire Wolf勒索团伙公布新的受害公司

Israel’s military intelligence unit, Unit 8200—specializing in cyber-espionage and electronic surveillance—has been using Microsoft’s cloud servers to store a vast archive of data on residents of Gaza and the West Bank. This trove, leveraged...

The post Microsoft Azure Used to Store Vast Trove of Palestinian Surveillance Data, Investigation Reveals appeared first on Penetration Testing Tools.

Google has announced that the protected KVM (pKVM) hypervisor, used within the Android Virtualization Framework, has become the world’s first software component for mass-market consumer electronics to achieve the SESIP Level 5 security certification....

The post Google’s Android Hypervisor Achieves Highest Security Certification for Consumer Electronics appeared first on Penetration Testing Tools.

Компьютер слышит мозг напрямую — и начинает говорить вместо человека.