Aggregator

A vulnerability classified as critical was found in code-projects Mobile Shop 1.0. This vulnerability affects unknown code of the file /EditMobile.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-7459. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #609795 / VDB-254582

Security researchers have discovered two critical vulnerabilities in RapidFire Tools Network Detective, a widely-used network assessment and reporting tool developed by Kaseya, that expose sensitive credentials to potential attackers. The flaws, disclosed on July 10th, 2025, affect organizations using the tool for network security assessments and could enable threat actors to access administrative credentials and […]

The post RapidFire Network Detective Vulnerabilities Expose Sensitive Data to Threat Actors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

任何以高收益为噱头，需拉人头才能获利的平台，都应高度警惕。

Submit #609657 / VDB-316108

A vulnerability classified as problematic has been found in Schneider Electric EcoStruxure IT Data Center Expert. This affects an unknown part of the component SOAP API. The manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2025-6438. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Schneider Electric EcoStruxure IT Data Center Expert. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-50123. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Schneider Electric EcoStruxure IT Data Center Expert. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Installation/Upgrade. The manipulation leads to insufficient entropy. This vulnerability is known as CVE-2025-50122. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Schneider Electric EcoStruxure IT Data Center Expert. It has been classified as critical. Affected is an unknown function of the component Web Interface. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-50121. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in huggingface transformers up to 4.52.0 and classified as problematic. This issue affects the function token2json of the component API Service. The manipulation leads to inefficient regular expression complexity. The identification of this vulnerability is CVE-2025-3933. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Млечный Путь оказался тем самым другом, который забирает всё внимание. Остальные — в тени.

关键词勒索软件2025年6月21日，年仅26岁的俄罗斯职业篮球运动员达尼尔·卡萨特金（Daniil Kasat

关键词Microsoft2025年7月10日，Microsoft Exchange Online 出现严重全球

关键词网络攻击据网络安全公司 Cyfirma 于 2025 年 6 月 7 日发布的最新报告，一个被称为 AP

关键词ChatGpt近期安全研究者通过一种复杂的提示注入（prompt injection）技巧，成功绕过 C

文章介绍了如何利用HEVD中的Race Condition（Double-Fetch）漏洞进行攻击。通过分析漏洞机制和源代码，展示了如何在Windows 10中绕过保护并执行Shellcode。

The man was handed a suspended prison sentence for offenses relating to the hack of Network Rail public Wi-Fi, exposing customers to offensive messaging

2025数据风险报告显示，企业面临由AI工具引发的严重数据丢失风险。报告指出，AI应用、SaaS平台、电子邮件和文件共享是主要数据泄露源。建议企业采取统一的AI驱动安全方法应对挑战。

The 2025 Data Risk Report: Enterprises face potentially serious data loss risks from AI-fueled tools. Adopting a unified, AI-driven approach to data security can help. As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes for safeguarding sensitive enterprise data have reached unprecedented levels. The Zscaler ThreatLabz

A critical vulnerability in eSIM technology enables attackers to clone mobile subscriber profiles and hijack phone identities.  AG Security Research revealed they broke the security of Kigen eUICC cards with GSMA consumer certificates, marking what they claim is the first successful public hack against consumer GSMA eUICC and EAL-certified GSMA security chips. The research team […]

The post New eSIM Hack Lets Attackers Clone Profiles and Hijack Phone Identities appeared first on Cyber Security News.