Aggregator

A vulnerability was found in campcodes School File Management System 1.0. It has been classified as critical. The affected element is an unknown function of the file /save_file.php. The manipulation of the argument File leads to unrestricted upload. This vulnerability is listed as CVE-2025-15404. The attack may be initiated remotely. In addition, an exploit is available.

Threat Attack Update - January 6th, 2026

Ransomware Attack Update - January 6th, 2026

Currently trending CVE - Hype Score: 7 - An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

Deal Represents Return to Tuck-In M&A for Palo After 3 Multi-Billion Dollar Deals
Palo Alto Networks is in talks to buy Washington D.C-based endpoint security startup Koi for $400 million. Koi is focused on securing extensions, AI models, code packages and containers, and its differentiation lies in mapping, assessing risk and govern the software landscape at enterprise scale.

Terabytes of Data Stolen From Cloud-Based Collaboration Tools, Researchers Warn
Dozens of organizations that use real-time content collaboration platforms appear to have lost not only credentials but also terabytes of hosted data to information-stealing malware being wielded by an initial access broker with a sideline in auctioning large volumes of stolen data.

Why Are Third-Party Vendor Breaches So Hard to Figure Out?
The victim tally of a 2024 hacking incident at back office services provider Conduent again soared after a new regulatory disclosure by the company, in this case to Texas authorities. The company told Lone Star state officials the breach affected nearly 14.8 million Texans, alone.

Chipmaker CEO Huang Launches Alpamayo Models, Rubin Platform
Nvidia CEO Jensen Huang launched Alpamayo, an open reasoning AI model family for autonomous vehicles, and Rubin, a six-chip platform promising AI tokens at one-tenth prior costs. Mercedes Benz CLA will feature the technology in the US this year.

The regulations, put in place after President Joe Biden’s voice was cloned, imposes $10,000 fines on telecoms that file false or late caller information.

The post FCC finalizes new penalties for robocall violators appeared first on CyberScoop.

The National Security Bureau in Taiwan says that China's attacks on the country's energy sector increased tenfold in 2025 compared to the previous year. [...]

A vulnerability classified as problematic has been found in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-15219. The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as problematic was found in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-15220. The attack may be launched remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as problematic, has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2025-15221. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability, which was classified as problematic, has been found in Delta Electronics DVP-12SE11T up to 2.15. Affected by this vulnerability is an unknown functionality of the component Password Handler. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2025-15103. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability has been found in Delta Electronics DVP-12SE11T up to 2.15 and classified as critical. This affects an unknown part. The manipulation leads to authentication bypass using alternate channel. This vulnerability is uniquely identified as CVE-2025-15102. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-15201. The attack is possible to be carried out remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability described as problematic has been identified in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-15202. The attack may be performed from remote. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as problematic has been found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing a manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-15203. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as problematic was found in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing a manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-15204. It is possible to launch the attack remotely. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.