Aggregator

Threat actors have stolen data on at least half a million cancer screening patients

A vulnerability, which was classified as problematic, was found in Microsoft Windows NT 4.0. Affected is an unknown function of the component File Management. The manipulation leads to denial of service. This vulnerability is traded as CVE-2003-0525. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft ISA Server and classified as critical. Affected by this vulnerability is an unknown functionality of the file 400.htm/500.htm of the component Error Page. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2003-0526. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年8月4日至2025年8月10日）安全漏洞情况如下

Редкий взгляд на кибершпионаж изнутри.

A vulnerability classified as problematic was found in Canon IJ Network Tool 4.7.5. This vulnerability affects unknown code of the component Wi-Fi Connection Setup. The manipulation leads to information disclosure. This vulnerability was named CVE-2023-1764. The attack needs to be done within the local network. There is no exploit available.

Security researchers and cybersecurity professionals are highlighting the growing sophistication of payload obfuscation techniques that allow malicious actors to bypass traditional defense mechanisms. As organizations increasingly rely on web application firewalls (WAFs) and automated security tools, attackers are developing more creative methods to disguise their malicious code as harmless data, presenting significant challenges for enterprise […]

The post Researchers Detail Script-Masking Tactics That Bypass Defenses appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Apache HTTP Server up to 2.0.47 and classified as critical. Affected by this vulnerability is an unknown functionality of the component mod_cgid. The manipulation leads to information disclosure. This vulnerability is known as CVE-2003-0789. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in phpSysInfo 2.0/2.1. It has been classified as problematic. This affects an unknown part. The manipulation of the argument template/lng leads to path traversal. This vulnerability is uniquely identified as CVE-2003-0536. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The Dutch National Cyber Security Centre (NCSC-NL) has warned of cyber attacks exploiting a recently disclosed critical security flaw impacting Citrix NetScaler ADC products to breach organizations in the country. The NCSC-NL said it discovered the exploitation of CVE-2025-6543 targeting several critical organizations within the Netherlands, and that investigations are ongoing to determine the

A vulnerability was found in Linux Kernel up to 5.12.10. It has been declared as critical. This vulnerability affects the function cdnsp_thread_irq_handler of the component usb. The manipulation leads to denial of service. This vulnerability was named CVE-2021-47271. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.15.82/6.0.12 and classified as critical. Affected by this vulnerability is the function otx2_init_tc. The manipulation leads to memory leak. This vulnerability is known as CVE-2022-48968. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle MySQL Server up to 8.0.29. It has been rated as critical. Affected by this issue is some unknown functionality of the component InnoDB. The manipulation leads to an unknown weakness. This vulnerability is handled as CVE-2022-21635. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.0.8. It has been rated as critical. Affected by this issue is the function am65_cpsw_nuss_phylink_cleanup of the component net. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2022-49847. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Redis up to 7.4.3. It has been declared as problematic. This vulnerability affects unknown code of the component Multi-bulk Command Argument Handler. The manipulation leads to uncontrolled memory allocation. This vulnerability was named CVE-2025-46686. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Linux Kernel up to 5.4.123/5.10.41/5.12.8 and classified as critical. Affected by this issue is some unknown functionality of the component ad7124. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2021-47172. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.12. It has been classified as critical. This affects the function nbd_add_socket of the file drivers/block/nbd.c of the component IO Request Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2021-3348. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Canon IJ Network Tool 4.7.5. This affects an unknown part of the component Wi-Fi Connection Setup. The manipulation leads to missing password field masking. This vulnerability is uniquely identified as CVE-2023-1763. The attack can only be initiated within the local network. There is no exploit available.

Google has awarded a record-breaking $250,000 bug bounty to security researcher Micky for discovering a critical remote code execution vulnerability in Google Chrome that could allow attackers to escape the browser’s sandbox protection. The flaw, tracked internally as issue 412578726, represents one of the most severe Chrome vulnerabilities discovered in recent years and highlights the […]

The post Record $250K Bug Bounty Awarded for Discovering Critical Chrome RCE Flaw appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Open Bullet 2 is an open-source tool built for credential stuffing attacks, automated attempts to gain access to user accounts using stolen credentials from data breaches. It supports both website and mobile application targets and has become a staple in the fraud ecosystem due to its flexibility, extensibility, and active

The post How to detect Open Bullet 2 bots running in Puppeteer mode appeared first on Security Boulevard.