Aggregator

Транспорт, скидка, подарок — а в финале вы без аккаунта.

Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed. The flaw, tracked as CVE-2025-47812, has received the maximum CVSS score of 10.0 and enables unauthenticated remote code execution with root or SYSTEM privileges. The vulnerability was first disclosed by security researcher […]

The post Wing FTP Server Vulnerability Actively Exploited – 2000+ Servers Exposed Online appeared first on Cyber Security News.

A vulnerability, which was classified as critical, has been found in One Identity Password Manager up to 5.14.3. This issue affects the function window.print. The manipulation leads to inclusion of functionality from untrusted control sphere. The identification of this vulnerability is CVE-2025-27582. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping

A vulnerability classified as critical was found in Alone Plugin up to 7.8.3 on WordPress. This vulnerability affects the function alone_import_pack_install_plugin. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-5394. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Alone Plugin up to 7.8.3 on WordPress. This affects the function alone_import_pack_restore_data. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-5393. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in NanoMQ 0.21.10. It has been rated as critical. Affected by this issue is some unknown functionality of the component Message Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2024-42646. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in NanoMQ 0.22.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PUBLISH Message Handler. The manipulation leads to memory leak. This vulnerability is known as CVE-2024-42649. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in NanoMQ 0.22.10. It has been classified as problematic. Affected is an unknown function of the component CONNECT Message Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-42648. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Wavlink WN535K3 20191010 and classified as critical. This issue affects the function set_sys_adm. The manipulation of the argument newpass leads to command injection. The identification of this vulnerability is CVE-2025-50756. The attack needs to be approached within the local network. There is no exploit available.

Online privacy, security, and performance today are more important than ever. For professionals and businesses working online, it’s…

A sophisticated malware campaign targeting Generation Z gamers has emerged, leveraging weaponized versions of popular games to infiltrate gaming communities and steal sensitive information. The campaign, which has recorded over 19 million malware distribution attempts in a single year, demonstrates how cybercriminals are increasingly exploiting the digital native generation’s passion for gaming to execute large-scale […]

The post Threat Actors Attacking Gen Z Gamers With Weaponized Versions of Popular Games appeared first on Cyber Security News.

Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix. "Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters," The DFIR Report said in a technical

Получили ссылку на дешёвый билет? Стоп! Это может быть ловушка

Critical security vulnerabilities have been discovered in Gigabyte UEFI firmware that could allow attackers to execute arbitrary code in System Management Mode (SMM), one of the most privileged execution environments in modern processors.  The vulnerabilities, disclosed by the Software Engineering Institute’s CERT Coordination Center on July 11, 2025, affect multiple Gigabyte systems and could enable […]

The post Gigabyte UEFI Firmware Vulnerability Let Attackers Execute Arbitrary Code in the SMM Environment appeared first on Cyber Security News.