Aggregator

Крупнейшее обновление с 2022 года — что изменилось?

Singapore’s critical infrastructure is under siege from UNC3886, a sophisticated China-linked advanced persistent threat (APT) group. As of July 2025, the group has been actively targeting essential services like energy, water, telecommunications, and government systems, prompting urgent warnings from officials. This isn’t just another hack, it’s a calculated assault exploiting zero-day vulnerabilities in widely used […]

The post UNC3886 Hackers Exploiting 0-Days in VMware vCenter/ESXi, Fortinet FortiOS, and Junos OS appeared first on Cyber Security News.

KH-5000 превращает сервер в монстра вычислений с новым интерфейсом ZPI 5.0.

A vulnerability was found in GitLab Language Server up to 7.29.x. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component GraphQL Query Handler. The manipulation leads to missing authentication. This vulnerability is known as CVE-2025-8279. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Johnson Controls iSTAR Ultra up to 6.9.2. It has been classified as critical. Affected is an unknown function of the component Web Application. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-53695. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in IROAD FX2 and classified as critical. This issue affects some unknown processing of the component IROAD X View Registration. The manipulation leads to use of default password. The identification of this vulnerability is CVE-2025-30133. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability has been found in Marbella KR8s Dashcam FF 2.0.8 and classified as problematic. This vulnerability affects unknown code of the component SD Card Handler. The manipulation leads to missing encryption of sensitive data. This vulnerability was named CVE-2025-30124. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability, which was classified as critical, was found in Marbella KR8s Dashcam FF 2.0.8. This affects an unknown part of the component Service Port 7777. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2025-30126. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in MedDream PACS Premium 7.3.3.840. Affected by this issue is the function CServerSettings::SetRegistryValues. The manipulation leads to incorrect permission assignment. This vulnerability is handled as CVE-2025-26469. Attacking locally is a requirement. There is no exploit available.

A vulnerability classified as critical was found in MedDream PACS Premium 7.3.5.860. Affected by this vulnerability is an unknown functionality of the file cecho.php of the component HTTP Request Handler. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2025-24485. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in MedDream PACS Premium 7.3.3.840. Affected is an unknown function of the file login.php. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-27724. It is possible to launch the attack remotely. There is no exploit available.

Officials said thousands of people, typically between 11 and 25 years old, are engaged in a growing and evolving online threat to commit crime for money, retaliation, ideology, sexual gratification and notoriety.

The post FBI alerts tie together threats of cybercrime, physical violence from The Com appeared first on CyberScoop.

A vulnerability was found in MedDream PACS Premium 7.3.5.860. It has been rated as problematic. This issue affects some unknown processing of the file radiationDoseReport.php. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-32731. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Foobla Com Foobla Suggestions 1.5.1.2. This affects an unknown part of the file index.php. The manipulation of the argument controller leads to path traversal. This vulnerability is uniquely identified as CVE-2010-2920. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in DecryptWeb Com Dwgraphs 1.0. Affected is an unknown function of the file dwgraphs.php. The manipulation of the argument controller leads to path traversal. This vulnerability is traded as CVE-2010-1302. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Fabrikar Com Fabrikar 2.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument controller leads to path traversal. The identification of this vulnerability is CVE-2010-1981. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Dionesoft Com Dioneformwizard 1.0.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument controller leads to path traversal. This vulnerability is known as CVE-2010-2045. The attack can be launched remotely. Furthermore, there is an exploit available.