Aggregator

A vulnerability, which was classified as critical, was found in Mitel OpenScape Xpressions up to V7R1 FR5 HF43 P913. Affected is an unknown function of the component WebApl. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-48026. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in quarkusio quarkus up to 3.23.x. This issue affects some unknown processing. The manipulation leads to exposure of resource. The identification of this vulnerability is CVE-2025-49574. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in ClickHouse 25.7.1.557. This vulnerability affects the function Executable. The manipulation leads to unprotected alternate channel. This vulnerability was named CVE-2025-52969. Attacking locally is a requirement. There is no exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability was found in notepad-plus-plus Notepad++ up to 8.8.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Installer. The manipulation leads to least privilege violation. This vulnerability is handled as CVE-2025-49144. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in NCR Terminal Handler 1.5.1. This affects an unknown part of the component UserService SOAP API. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2023-47030. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file update-teacher-pic.php. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-50349. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. Affected is an unknown function of the file update-class-pic.php. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-50348. It is possible to launch the attack remotely. There is no exploit available.

APT36, also known as Transparent Tribe, a Pakistan-based cyber espionage group, has launched a highly sophisticated phishing campaign targeting Indian defense personnel. According to recent findings by CYFIRMA, this group has meticulously crafted phishing emails that deliver malicious PDF attachments disguised as official government documents. Cyber Espionage Group Transparent Tribe Strikes Again These deceptive files […]

The post APT36 Hackers Target Indian Defense Personnel with Sophisticated Phishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

1inch, the leading DeFi aggregator, has launched an upgraded bug bounty initiative, covering five key areas of its platform, with rewards of up to $500,000. Through this initiative 1inch demonstrates its commitment to maintaining the highest level of security across its smart contracts, wallet, dApp, developer tools and infrastructure. As DeFi continues to mature, so […]

The post 1inch rolls out expanded bug bounties with rewards up to $500K appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

1inch, the leading DeFi aggregator, has launched an upgraded bug bounty initiative, covering five key areas of its platform, with rewards of up to $500,000. Through this initiative 1inch demonstrates its commitment to maintaining the highest level of security across its smart contracts, wallet, dApp, developer tools and infrastructure. As DeFi continues to mature, so […]

The post 1inch rolls out expanded bug bounties with rewards up to $500K appeared first on Cyber Security News.

The 2025 JWT vulnerabilities remind us that security is not a destination—it's an ongoing journey that requires expertise, vigilance, and the right tools. The question is: do you want to make that journey alone, or do you want a trusted partner who specializes in exactly this challenge?

The post JWT Security in 2025: Critical Vulnerabilities Every B2B SaaS Company Must Know appeared first on Security Boulevard.

Currently trending CVE - Hype Score: 16 - A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to ...

Currently trending CVE - Hype Score: 25 - A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS ...

Currently trending CVE - Hype Score: 1 - A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory ...

When the NICT CSRI analysis team presented their three-year investigation into the RapperBot virus at Botconf 1, an international conference on botnets and malware hosted in Angers, France in May 2025, they made a startling discovery. This Mirai variant has evolved into a sophisticated threat specifically targeting Digital Video Recorders (DVRs), devices connected to surveillance […]

The post RapperBot Targets DVRs to Hijack Surveillance Cameras and Record Video appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Citrix is recommending its customers upgrade their appliances to mitigate potential exploitation of the vulnerabilities.

Author/Presenter: Chris Beckman (Principal Security Engineer At Taxbit)

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: Applying The Hybrid Threat Modeling Method appeared first on Security Boulevard.

DUBAI, United Arab Emirates, 23rd June 2025, CyberNewsWire

DUBAI, United Arab Emirates, 23rd June 2025, CyberNewsWire

The post 1inch rolls out expanded bug bounties with rewards up to $500K appeared first on Security Boulevard.