Aggregator

A vulnerability, which was classified as critical, has been found in AdPortal 3.0.39. Affected by this issue is some unknown functionality of the file updateuserinfo.html of the component Template Handler. The manipulation of the argument shippingAsBilling/firstname leads to injection. This vulnerability is handled as CVE-2024-50658. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in JATOS 3.9.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Authentication System. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-55008. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Versa Director up to 22.1.4. Affected by this issue is some unknown functionality of the component Websockify Service. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-23173. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

银狐黑产组织最新免杀变种样本分析

A vulnerability has been found in Aquatronica Controller System up to 5.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file tcp.php of the component Web Interface. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-25037. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in slui Media Hygiene Plugin up to 4.0.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-49979. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-6510. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in eyecix JobSearch Plugin up to 2.9.0 on WordPress. This affects an unknown part. The manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2025-49978. It is possible to initiate the attack remotely. There is no exploit available.

A single SQL injection bug in Anthropic’s SQLite MCP server—forked over 5,000 times—can seed stored prompts, exfiltrate data, and hand attackers the keys to entire agent workflows. This entry unpacks the attack chain and lays out concrete fixes to shut it down.

国际权威认证！

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Threat Attack Daily - 23rd of June 2025

See how Grip’s Jira integration automates SaaS security workflows, removes manual gaps, streamlines follow-up, and helps teams stay efficient and ahead of risk.

The post Bulletproof Security Workflows with Grip’s Jira Integration appeared first on Security Boulevard.

MCP Server Paused for Days After Bug Risked Data Leakage Between Users
Asana patched a vulnerability in an artificial intelligence integration feature that could have allowed users to view data from other organizations. The time management company paused the use of Asana Model Context Protocol for nearly two weeks to apply the fix.

Analysts Say CYBERCOM Likely Played a Major Role in Strike on Iranian Nuclear Sites
The United States' "Midnight Hammer" missile strike that hit three key Iranian nuclear sites likely involved significant support from U.S. Cyber Command, analysts told Information Security Media Group, after officials credited the unit for taking part in the military operation.

Frustrations Over Preauthorization Denials Have Led to 'Violence in Streets'
A dozen health insurance giants that provide coverage for about 80% of Americans with Medicare, Medicaid and commercial plans have agreed to work the U.S. Department of Health and Human Services to voluntarily streamline and improve their preauthorization processes.

Proxies Prioritize Psychological Effects Over Real Life Effects in Cyberspace
Warnings about Iranian hacking following the United States' Saturday bombing of Iranian nuclear weapon development sites ratcheted sharply upward even after weeks of admonitions that Iran could respond to ongoing missile strikes with virtual assaults.

本期周报简介：1、等保三级要求下，银行与基金行业在密评实施中面临哪些加密挑战和策略选择？ 2、MCP安全问题中，身份验证及命令执行存在哪些隐患，如何有效应对？ 3、针对服务器LAST_ACK连接积压问题，有哪些优化技术可以提升系统性能？

Ransomware Attack Update for the 23rd of June 2025