Aggregator

Submit #628871 / VDB-320039

A vulnerability, which was classified as problematic, was found in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. This vulnerability is traded as CVE-2025-9005. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #628867 / VDB-320036

Submit #628845 / VDB-320035

A vulnerability, which was classified as problematic, has been found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The identification of this vulnerability is CVE-2025-9004. The attack may be initiated remotely. Furthermore, there is an exploit available.

In general, cryptographic agility refers to a system’s ability to replace or adapt cryptographic algorithms, parameters, or protocols—like key lengths or hashing methods—smoothly and without interruptions. This capability is especially critical when vulnerabilities emerge or when migrating to quantum-resistant algorithms.

The post What Is Crypto-Agility? appeared first on TrustFour: Workload and Non-Human Identity Attack Surface Security.

The post What Is Crypto-Agility? appeared first on Security Boulevard.

Submit #628837 / VDB-311105

Submit #628787 / VDB-320034

Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s security appliances.

The post Fortinet SIEM issue coincides with spike in brute-force traffic against company’s SSL VPNs appeared first on CyberScoop.

Submit #628785 / VDB-320033

Artificial Intelligence (AI) is quickly changing modern enterprises, but harnessing its full potential demands not only excellent models, but infrastructure expertise. Google Kubernetes Engine (GKE) has emerged as a foundation for AI innovation, providing a platform that combines cloud-native flexibility, enterprise-grade security, and seamless access to advanced accelerators. In a recent webinar, I joined Tom Viilo (Head of Alliances) and Guilhem Tesseyre (CTO and Co-Founder) of Zencore for a deep dive into how technical leaders can design, optimize, and operate GKE environments for AI at scale.

The post How to Build, Optimize, & Manage AI on Google Kubernetes Engine appeared first on Security Boulevard.

Submit #628770 / VDB-290790

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. [...]

A vulnerability classified as problematic was found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-9003. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-49457: Zoom Clients for Windows: Untrusted Search Path Vulnerability

According to a recent Forescout analysis, open source models were significantly less successful in vulnerability research than commercial and underground models.

Submit #628334 / VDB-320032

Submit #626114 / VDB-319128

Good, bad, puzzling — a March order and June order could have bigger ripples than realized when the president signed them.

The post The overlooked changes that two Trump executive orders could bring to cybersecurity appeared first on CyberScoop.

Submit #625698 / VDB-319333