Aggregator

McHire нанимает всех… включая хакеров с логином 123456.

A critical arbitrary file deletion vulnerability has been discovered in the SureForms WordPress plugin, affecting over 200,000 active installations and potentially enabling unauthenticated attackers to achieve full site takeover. The flaw, tracked as CVE-2025-6691 with a CVSS score of 8.8 (High), resides in versions up to 1.7.3 of the plugin, which is developed by Brainstorm […]

The post Severe WordPress Plugin Flaw Puts 200,000 Sites at Risk of Full Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

环境异常，需完成验证后继续访问。

中国继续以创纪录的速度增加太阳能和风能。根据旧金山 Global Energy Monitor 的数据，中国在建太阳能和风电装机容量占全球四分之三：中国在建装机容量为 510 GW，而全球在建总装机容量为 689GW。每 GW 发电量能为约 100 万户家庭供电。

关注公众号即可获取最新情报列表07-11

A vulnerability was found in Honeywell C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, C200E and Wireless Device Manager. It has been classified as critical. Affected is an unknown function of the component Control Data Access. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2025-2523. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Axis Device Manager. This vulnerability affects unknown code of the component Communication Protocol Handler. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2025-30024. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Axis Device Manager, Camera Station Pro and Camera Station. Affected is an unknown function of the component Communication Protocol Handler. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-30025. Local access is required to approach this attack. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Axis Camera Station Pro and Camera Station. This issue affects some unknown processing. The manipulation leads to authentication bypass using alternate channel. The identification of this vulnerability is CVE-2025-30026. Access to the local network is required for this attack to succeed. There is no exploit available.

Researchers have observed widespread exploitation attempts targeting a critical memory disclosure vulnerability in Citrix NetScaler devices, designated as CVE-2025-5777 and dubbed “CitrixBleed 2.”  This pre-authentication flaw enables attackers to craft malicious requests that leak uninitialized memory from affected NetScaler ADC and Gateway devices, potentially exposing sensitive data, including session tokens, passwords, and configuration values.  The […]

The post Hackers Actively Exploiting CitrixBleed 2 Vulnerability in the Wild appeared first on Cyber Security News.

作者制作视频时遇到困难，在多次尝试后决定通过三个事实和基本反思来表达观点。他认为这些事件间存在联系和趋势，值得关注。内容涉及网络安全、防御及组织等主题，并邀请读者关注其平台获取更多信息。

内有福利，送20个账号注册码或300论坛币，吾爱破解论坛开放注册时间：2025年7月21日 12：00 -- 14：00 和 20：00 -- 22：00，赶紧上好闹钟顺便告诉小伙伴吧。

当前环境异常，需完成验证后方可继续访问。

Security researchers have discovered a critical stack-based buffer overflow vulnerability in D-Link DIR-825 Rev.B 2.10 routers that allows remote attackers to crash servers without requiring authentication. The vulnerability, designated as CVE-2025-7206, affects the router’s httpd binary and can be exploited by manipulating the language parameter in the switch_language.cgi script. This flaw poses significant risks to […]

The post Critical D-Link Vulnerability Lets Remote Attackers Crash Servers Without Authentication appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in ESET NOD32 Antivirus, Internet Security, Smart Security Premium, Security Ultimate, Endpoint Antivirus for Windows, Endpoint Security for Windows, Small Business Security and Safe Server and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2025-5028. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability has been found in Qt up to 6.5.x/6.8.2/6.8.3/6.9.0/6.9.1 and classified as problematic. Affected by this vulnerability is the function QColorSpace::fromICCProfile of the component ICC Profile Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-5992. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apache Airflow up to 2.10.2. This affects an unknown part of the component UI. The manipulation of the argument sensitive leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2024-50378. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in infiniflow RAGFlow 0.13.0. Affected is an unknown function of the file document-hooks.ts. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-53450. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Google Android. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2018-9464. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.