Aggregator

Submit #596681 / VDB-313692

Submit #596615 / VDB-313691

A vulnerability classified as problematic was found in Visionatrix up to 2.5.0. Affected by this vulnerability is the function get_swagger_ui_html of the file /docs/flows of the component ComfyUI. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-49126. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

 

With daring military attacks, kinetic warfare is shifting the balance of power in regions across the globe, upending the perception of power projection. Powerful nations are reeling from the impacts of bold assaults and seeking additional methods to drive foreign policy — cyber may look as an appealing asymmetric warfare capability that is worth doubling-down on.

Powerful militaries were traditionally believed to be a stabilizing force that possessed depth for protection of key political assets, national critical infrastructures, and powerful weapon systems that influence geopolitics.

Times change.

Fall of the Mighty

We have seen two of the most powerful nations have their military severely degraded by kinetic attacks from much smaller adversaries. In Europe, Ukraine has punched well above its weight class. It has gutted the world’s largest tank force, air defenses, and injured or killed upwards of a million Russian soldiers — which was considered the 2nd most formidable military force before the shooting began.

The recent spectacular attack, Operation Spiders Web, leveraged Ukrainian domestically produced weaponized drones to strike against Russian long-range bomber aircraft at their airbases, far from the front lines, seriously impacting Russia’s strategic military capability. The covert attack involved over 100 drones, targeted five Russian airbases, and destroyed or damaged at least 20 strategic bombers, including deep strikes into Siberia.

In the Middle East, Isreal has swept aside Iran’s missile defense and air force to dominate the skies above a nation that possesses the 8th largest military. It is striking targets day and night with impunity, even in the capital of Tehran. In addition to targeting military aircraft, air defenses, ballistic missile launch sites, and leadership personnel, the focus has been to destroy the massive uranium enrichment capabilities that Iran has been maturing for decades. Iran has spent enormous resources on refinement facilities and now possesses a significant quantity, well over 800 pounds, of 60% enriched nuclear material. This uranium is very close to the 90% grade needed for nuclear weapons and far from the 3% refinement needed for fuel in nuclear power plants.

In both regions, powerful air campaigns from smaller adversaries have decimated the capabilities and strategic assets of the powerhouses in their region.

So, what is a nation to do when their superior conventional weapons are either woefully insufficient or significantly degraded to strike back?

As it turns out, the asymmetric characteristics of cyber warfare begins to look like a very appealing strategic investment to support desirable outcomes.

Nation State Cyberattacks Are Not New

Russia, Iran, China, and North Korea are well known to be the most aggressive nations that back offensive cyberattacks against their adversaries. They undermine national critical infrastructures, commit fraud and extortion to fund operations, and steal intellectual property to advance domestic industries. Russia and Iran have also conducted or attempted cyberattacks that targeted the military industrial base, misinformation to manipulate national policies and garner public sympathy, and impactful hacks on the critical infrastructures of their adversaries — essentially committing acts of cyberwar against their stated enemies.

Such attacks have had less than desired and limited impacts in the past. It has not brought adversaries to their knees, changed political landscapes, or created significant barriers to military operational effectiveness. The potential is there, but no nation has proven a grasp of the perfect tactics to wield cyber-attacks in devastating ways. Not yet anyways.

This is where an increase in investment and research, loosening of the rules-of-engagement, and fostering innovation with less-than-scrupulous partners, may open new avenues for greater impacts.

Cyber operations are relatively inexpensive as compared with kinetic based heavy-metal weapon systems. They easily cross borders and can attack anyone around the globe. The experts are often well protected and the talent pipeline is easily sustainable for autocratic regimes. Most importantly, they hold the potential to disproportionately impact western countries, as their reliance on Information & Communications Technology (ICT) is must higher. Everything from food distribution, electrical power, shipping logistics, financial services, healthcare, and government operations are heavily dependent on relatively fragile computing systems and networks.

Cyber as the Next Frontier

If such nations choose to deeply expand their current investments into cyberattacks, it could push past a tipping point. As more serious vulnerabilities are discovered, they are exploited faster, and the damages become more severe. All this for a fraction of the cost of replacing destroyed military aircraft.

In the end, both military and cyber attacks are simply tools for nations to push their national and foreign policy agendas. Military assets are expensive, vulnerable, and have a very limited range of influence. The current events may be a catalyst for shifting the defense economics of warfare.

Cybersecurity professionals must be prepared and vigilant. Offensive cyber, orchestrated from powerful nation states, may become a top tier investment that has a force multiplier impact for future battles and conflicts. The impacts of such stratagems will impact every public and private sector. Cybersecurity must be ready.

For more cybersecurity insights, follow me:

• LinkedIn: https://www.linkedin.com/in/matthewrosenquist/
• YouTube: https://www.youtube.com/CybersecurityInsights
• Substack: https://substack.com/@matthewrosenquist
• Cybersecurity Insights: https://www.cybersecurityinsights.us

The post Successful Military Attacks are Driving Nation States to Cyber Options appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in NCR Terminal Handler 1.5.1. Affected is an unknown function of the component UserService. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-47029. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in NCR Terminal Handler 1.5.1. It has been rated as critical. This issue affects some unknown processing of the component UserService SOAP API. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2023-47032. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in WhiteBeam 0.2.0/0.2.1. It has been declared as problematic. This vulnerability affects the function OpenFileDescriptor. The manipulation leads to incorrect behavior order. This vulnerability was named CVE-2021-47688. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17. It has been classified as problematic. This affects an unknown part of the component LL_Pause_Enc_Req Packet Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-44528. It is possible to initiate the attack remotely. There is no exploit available.

IBM is integrating its governance and AI security tools to address the risks associated with the AI adoption boom.

A vulnerability was found in pbkdf2 up to 3.1.2 and classified as critical. Affected by this issue is some unknown functionality in the library lib/to-buffer.Js. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2025-6545. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in NCR Terminal Handler 1.5.1 and classified as critical. Affected by this vulnerability is the function grantRolesToUsers/grantRolesToGroups/grantRolesToOrganization of the component SOAP API. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2023-47031. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Mitel OpenScape Xpressions up to V7R1 FR5 HF43 P913. Affected is an unknown function of the component WebApl. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-48026. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in quarkusio quarkus up to 3.23.x. This issue affects some unknown processing. The manipulation leads to exposure of resource. The identification of this vulnerability is CVE-2025-49574. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in ClickHouse 25.7.1.557. This vulnerability affects the function Executable. The manipulation leads to unprotected alternate channel. This vulnerability was named CVE-2025-52969. Attacking locally is a requirement. There is no exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability was found in notepad-plus-plus Notepad++ up to 8.8.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Installer. The manipulation leads to least privilege violation. This vulnerability is handled as CVE-2025-49144. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in NCR Terminal Handler 1.5.1. This affects an unknown part of the component UserService SOAP API. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2023-47030. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file update-teacher-pic.php. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-50349. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. Affected is an unknown function of the file update-class-pic.php. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-50348. It is possible to launch the attack remotely. There is no exploit available.

APT36, also known as Transparent Tribe, a Pakistan-based cyber espionage group, has launched a highly sophisticated phishing campaign targeting Indian defense personnel. According to recent findings by CYFIRMA, this group has meticulously crafted phishing emails that deliver malicious PDF attachments disguised as official government documents. Cyber Espionage Group Transparent Tribe Strikes Again These deceptive files […]

The post APT36 Hackers Target Indian Defense Personnel with Sophisticated Phishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.