Aggregator

A vulnerability, which was classified as critical, was found in chaos-mesh up to 2.7.2. This affects an unknown function of the component Chaos Controller Manager. The manipulation results in os command injection. This vulnerability is reported as CVE-2025-59360. The attack can be launched remotely. No exploit exists. It is advisable to implement a patch to correct this issue.

For the latest discoveries in cyber research for the week of 15th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Panama’s Ministry of Economy and Finance (MEF) was hit by a ransomware attack that resulted in the theft of more than 1.5TB of data, including emails, financial documents, and budgeting details. The […]

The post 15th September – Threat Intelligence Report appeared first on Check Point Research.

A vulnerability categorized as problematic has been discovered in Payoneer Checkout Plugin up to 3.4.0 on WordPress. This affects an unknown part. The manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-58795. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Campcodes Computer Sales and Inventory System 1.0. It has been rated as critical. The impacted element is an unknown function of the file /pages/sup_searchfrm.php?action=edit. This manipulation of the argument ID causes sql injection. The identification of this vulnerability is CVE-2025-10436. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. This vulnerability is listed as CVE-2025-10440. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. This vulnerability is cataloged as CVE-2025-10441. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. This vulnerability is documented as CVE-2025-10443. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /advancesearch.php. Performing manipulation of the argument Username results in sql injection. This vulnerability is reported as CVE-2025-10444. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Genians observed the Kimsuky group impersonate a defense institution in a spear-phishing attack, leveraging ChatGPT to create fake military ID cards

A vulnerability identified as critical has been detected in JCcorp URLshrink 1.3.1. The affected element is an unknown function of the file createurl.php. This manipulation of the argument formurl causes file inclusion. The identification of this vulnerability is CVE-2007-1416. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in JCcorp URLshrink 1.3.1. This impacts an unknown function. This manipulation causes improper privilege management. This vulnerability is registered as CVE-2007-1795. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability identified as problematic has been detected in Jeeblestechnology Jeebles Directory 2.9.60. This issue affects some unknown processing of the file download.php. The manipulation leads to path traversal. This vulnerability is documented as CVE-2007-5706. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in Browser. Affected is an unknown function. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2007-1156. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Jax Jax Petition Book 1.0.3.06. The impacted element is an unknown function of the file jax_petitionbook.php. The manipulation of the argument languagepack leads to path traversal. This vulnerability is documented as CVE-2007-0335. The attack can be initiated remotely. Additionally, an exploit exists.

New research from Red Canary and Zscaler shows phishing lures now drop RMM tools like ITarian and Atera,…

SSL/TLS certificates are no longer just a technical detail, they’re now a strategic driver of crypto agility. With certificate lifespans shortening to just 47 days by 2029, organizations must adopt automation, certificate visibility, and lifecycle management to stay secure. This shift, alongside the coming impact of quantum computing, forces leadership to treat certificate agility as a core business priority for resilience, compliance, and post-quantum readiness.

The post Why 47-day SSL/TLS certificates can be used as a driver for crypto agility appeared first on Security Boulevard.

Накрыт крупный ресурс, где торговали наркотиками и оружием.

Burger King has invoked the Digital Millennium Copyright Act to force the removal of a security researcher’s blog post that disclosed serious vulnerabilities in its new drive-thru “Assistant” system. Ethical hacker BobDaHacker published a report showing how attackers could bypass authentication, listen in on customer orders, and access employee records before a takedown notice took […]

The post Burger King Uses DMCA to Remove Blog Exposing Drive-Thru System Security Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The cybersecurity landscape witnessed a significant escalation in July 2025 when the China-aligned threat actor Hive0154, commonly known as Mustang Panda, deployed sophisticated new malware variants designed to breach air-gapped systems. This advanced persistent threat group introduced SnakeDisk, a novel USB worm, alongside an updated Toneshell9 backdoor, representing a calculated evolution in their cyber espionage […]

The post Mustang Panda With SnakeDisk USB Worm and Toneshell Backdoor Seeking to Penetrate Air-Gap Systems appeared first on Cyber Security News.

Red AI Range (RAR), an open-source AI red teaming platform, is transforming the way security professionals assess and harden AI systems.  Designed to simulate realistic attack scenarios, RAR streamlines the discovery, analysis, and mitigation of AI-specific vulnerabilities by leveraging containerized architectures and automated tooling.  Key Takeaways1. Arsenal/Target buttons spin up isolated AI testing containers.2. Recording, […]

The post New Red Teaming Tool “Red AI Range” Discovers, Analyzes, and Mitigates AI Vulnerabilities appeared first on Cyber Security News.