Aggregator

A vulnerability was found in ABO.CMS 5.9.3. It has been classified as problematic. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Referer leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-46952. It is possible to initiate the attack remotely. There is no exploit available.

Currently trending CVE - Hype Score: 20 - CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows SSRF via the host and port parameters in a command=telnetSocket request to the /WebInterface/function/ URI.

Currently trending CVE - Hype Score: 1 - An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.

太阳黑子区域 AR 4100 上周末释放出了 M8.2 级太阳耀斑，朝地球方向喷出了日冕物质抛射，引发了 G4 级地磁风暴。地磁风暴强度范围从 G1 到 G5，其中 G5 为最高等级。此次地磁风暴是第 25 太阳周期最瞩目的太空天气事件之一，在北方产生了大范围极光。在加拿大 Alberta 省，极光覆盖了整个天空。

A vulnerability was found in Agares Media Arcadem 2.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument blockpage leads to sql injection. This vulnerability is handled as CVE-2007-4552. The attack may be launched remotely. Furthermore, there is an exploit available.

Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows - CVE-2024-13915 (CVSS score: 6.9) - A pre-installed "com.pri.factorytest" application on Ulefone and

On May 30, 2025, CERT Polska coordinated the public disclosure of three significant security vulnerabilities affecting preinstalled Android applications on smartphones from Ulefone and Krüger&Matz. These flaws, tracked as CVE-2024-13915, CVE-2024-13916, and CVE-2024-13917, expose users to risks ranging from unauthorized device resets to theft of sensitive PIN codes and privilege escalation by malicious applications. Technical […]

The post Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

According to recent industry analysis, cybersecurity professionals are overwhelmed by a flood of security alerts. Organizations process an average of 569,354 alerts annually, yet only 2-5% require immediate action, highlighting the importance of prioritizing vulnerabilities. This overwhelming volume of notifications has created a critical challenge for security teams worldwide. They must now navigate massive amounts […]

The post Prioritizing Vulnerabilities in a Sea of Alerts appeared first on Cyber Security News.

Two local information disclosure flaws in Linux crash-reporting tools have been identified exposing system data to attackers

A vulnerability, which was classified as critical, has been found in Wasmi 128. This issue affects some unknown processing of the component Host Handler. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-28123. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in argocd up to 2.8.11/2.9.0/2.9.7/2.10.0/2.10.2. This issue affects some unknown processing. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2023-50726. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. This vulnerability was named CVE-2025-5447. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Cybersecurity researchers have identified a sophisticated new malware campaign leveraging the deceptive ClickFix technique to distribute EddieStealer, a dangerous information-stealing malware built using the Rust programming language. This emerging threat represents a significant evolution in social engineering tactics, exploiting user trust through fake CAPTCHA verification systems to trick victims into executing malicious commands. The attack […]

The post Threat Actors Using ClickFix Technique to Deliver EddieStealer Malware appeared first on Cyber Security News.

Ubuntu security advisory (AV25-305)

Fplus показал, что бывает без PlayStation.

Alleged database leak of National Agency for Land Conservation, Cadastre, and Cartography (ANCFCC)

A new and sophisticated malware distribution framework dubbed “HuluCaptcha” has emerged, leveraging fake CAPTCHA verification pages to trick users into executing malicious PowerShell commands through Windows Run dialogs. This advanced threat represents a significant evolution in social engineering attacks, combining legitimate-looking security verification interfaces with complex multi-stage infection chains that have successfully compromised high-value targets […]

The post HuluCaptcha – A FakeCaptcha Kit That Trick Users to Run Code via The Windows Run Command appeared first on Cyber Security News.

A vulnerability was found in Microsoft Windows Vista. It has been rated as critical. Affected by this issue is some unknown functionality of the component SMBv2 Signing Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2007-5351. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Windows and classified as problematic. Affected by this issue is some unknown functionality of the component LSASS. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2007-5352. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Sun Solaris 10.0. This vulnerability affects unknown code of the component Trusted Extension Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2007-5368. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.