Aggregator

A vulnerability has been found in Mozilla Firefox up to 139 and classified as problematic. This vulnerability affects unknown code of the component File Extension Handler. The manipulation leads to an unknown weakness. This vulnerability was named CVE-2025-6435. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Mozilla Firefox up to 139. This affects an unknown part of the component HTTPS-Only Feature. The manipulation leads to clickjacking. This vulnerability is uniquely identified as CVE-2025-6434. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

ManageEngine launched a MSP Central, a unified platform designed to help MSPs streamline service delivery, device management, threat protection, and infrastructure monitoring from a single interface. ManageEngine focuses on addressing specific operational models and business challenges of MSPs, developing tools that support multi-client environments, technician efficiency, and service scalability. MSP Central brings together these capabilities into a unified platform tailored to how MSPs deliver and manage IT services today. Meeting the evolving needs of MSPs … More →

The post ManageEngine helps MSPs manage day-to-day operations appeared first on Help Net Security.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 139. Affected by this issue is some unknown functionality of the component TLS Handler. The manipulation leads to improper certificate validation. This vulnerability is handled as CVE-2025-6433. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mozilla Firefox up to 139. Affected by this vulnerability is an unknown functionality of the component Multi-Account Container Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-6432. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Firefox up to 139. Affected is an unknown function of the component Embed Tag Handler. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2025-6429. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 139. It has been rated as problematic. This issue affects some unknown processing of the component Content Security Policy Handler. The manipulation of the argument connect-src leads to improper restriction of rendered ui layers. The identification of this vulnerability is CVE-2025-6427. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 139 on macOS. It has been declared as problematic. This vulnerability affects unknown code of the component Executable File Handler. The manipulation leads to improper restriction of rendered ui layers. This vulnerability was named CVE-2025-6426. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 139 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2025-6436. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 139. It has been classified as critical. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2025-6436. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 139 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component WebCompat Extension. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-6425. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Hitachi Energy MicroSCADA X SYS600 up to 10.6. Affected is an unknown function of the component TLS Protocol Handler. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2025-39205. It is possible to launch the attack remotely. There is no exploit available.

Самый популярный мессенджер Meta больше не жалуют во власти. Может,  нам стоит бояться?

Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new analysis published last week, said it identified two different kinds of keylogger code written in JavaScript on the Outlook login page - Those that save collected data to a local file

A critical security vulnerability has been discovered in Performave Convoy that allows unauthenticated remote attackers to execute arbitrary code on affected servers.  The vulnerability, identified as CVE-2025-52562, affects all versions from 3.9.0-rc.3 through 4.4.0 of the ConvoyPanel/panel package.  Security researcher AnushK-Fro reported the vulnerability five days ago, receiving a critical severity rating with a perfect […]

The post Critical Convoy Vulnerability Let Attackers Execute Remote Code on Affected Servers appeared first on Cyber Security News.

A notorious threat actor known as “xperttechy” is actively promoting a new version of the EagleSpy remote access Trojan (RAT), dubbed EagleSpy v5, on a prominent dark web forum. Marketed as a “lifetime activated” tool, EagleSpy v5 is raising alarms within the cybersecurity community due to its extensive feature set and its ability to operate […]

The post EagleSpy v5 RAT Promoted by Hacker for Stealthy Android Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Хакеры обчистили британский ритейл за одну ночь.

Defensie en de Delftse startup Lobster Robotics gaan samenwerken met een onderwaterdrone, Scout genaamd. De marine gebruikt deze als onderdeel van een speciaal project: het Rapid Adoption Action Plan (RAAP). Dit is bedoeld om nieuwe technologieën snel voor de NAVO in te zetten. 

Four convicted members of the REvil cybercrime gang were released from custody after being sentenced in St. Petersburg for offenses related to payment card fraud.

Contrast Security launched Application Detection and Response (ADR) in August of 2024, and now, in a new Gartner research note, ADR is a topic. The 2025 Gartner® Implement Effective Application and API Security Controls (accessible to Gartner clients only)*, by William Dupre, discusses today’s complex problem: 

The post Application and API Security Can’t Rely Solely on Perimeter Defenses or Scanners | Notes on Gartner AppSec Research | Contrast Security appeared first on Security Boulevard.