Aggregator

CVE-2025-65237 | Opencode USSD Gateway OC cross site scripting

3 weeks ago

A vulnerability, which was classified as problematic, was found in Opencode USSD Gateway OC. This vulnerability affects unknown code. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-65237. The attack can be launched remotely. No exploit exists.

vuldb.com

CVE-2025-65238 | OpenCode USSD Gateway OC 6.13.11 getSubUsersByProvider access control

VulDB Recent Entries

3 weeks ago

A vulnerability, which was classified as problematic, has been found in OpenCode USSD Gateway OC 6.13.11. This affects the function getSubUsersByProvider. Performing manipulation results in improper access controls. This vulnerability is identified as CVE-2025-65238. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

CVE-2025-2486 | Ubuntu edk2 up to 2024.02-2ubuntu0.2/2024.05-2ubuntu0.2 on aarch64 debug code

VulDB Recent Entries

3 weeks ago

A vulnerability classified as critical was found in Ubuntu edk2 up to 2024.02-2ubuntu0.2/2024.05-2ubuntu0.2 on aarch64. Affected by this issue is some unknown functionality. Such manipulation leads to active debug code. This vulnerability is referenced as CVE-2025-2486. The attack can only be performed from a local environment. No exploit is available. Upgrading the affected component is advised.

vuldb.com

CVE-2025-65236 | Opencode USSD Gateway OC index.php Session ID sql injection

VulDB Recent Entries

3 weeks ago

A vulnerability classified as critical has been found in Opencode USSD Gateway OC. Affected by this vulnerability is an unknown functionality of the file /occontrolpanel/index.php. This manipulation of the argument Session ID causes sql injection. The identification of this vulnerability is CVE-2025-65236. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

The Trust Crisis: Why Digital Services Are Losing Consumer Confidence

Security Boulevard

3 weeks ago

According to the Thales Consumer Digital Trust Index 2025, global confidence in digital services is slipping fast. After surveying more than 14,000 consumers across 15 countries, the findings are clear: no sector earned high trust ratings from even half its users. Most industries are seeing trust erode — or, at best, stagnate. In an era..

The post The Trust Crisis: Why Digital Services Are Losing Consumer Confidence appeared first on Security Boulevard.

Ammar Faheem

32 года — точка невозврата. Ученые выяснили, когда мозг перестает развиваться

Securitylab.ru

3 weeks ago

От рождения до 90 лет наш разум проходит 5 эпох — каждая решает, как вы будете думать и стареть.

Multiple London councils' IT systems disrupted by cyberattack

Bleeping Computer.

3 weeks ago

The Royal Borough of Kensington and Chelsea (RBKC) and the Westminster City Council (WCC) announced that they are experiencing service disruptions following a cybersecurity issue. [...]

Bill Toulas

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

Ransomware – Krebs on Security

3 weeks ago

A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.

BrianKrebs

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

Krebs on Security

3 weeks ago

BrianKrebs

BioPharma Services Inc. has been Claimed a Victim by Qilin Ransomware

Dark Web Informer - Cyber Threat Intelligence

3 weeks ago

BioPharma Services Inc. has been Claimed a Victim by Qilin Ransomware

Dark Web Informer

Digital Fraud at Industrial Scale: 2025 Wasn't Great

darkreading

3 weeks ago

Advanced fraud attacks surged 180% in 2025 as cyber scammers used generative AI to churn out flawless IDs, deepfakes, and autonomous bots at levels never before seen.

Jai Vijayan, Contributing Writer

How to Protect from Online Fraud This Holiday Season

Security Boulevard

3 weeks ago

Peak e-commerce season hits retailers every year just as the Halloween decorations start to come down. Unsurprisingly, cyber criminals see this time as an opportunity to strike, and criminal activity online spikes alongside sales. Shockingly, 4.6% of attempted e-commerce transactions during the 2024 Black Friday period were suspected to be digital fraud. In the UK..

The post How to Protect from Online Fraud This Holiday Season appeared first on Security Boulevard.

Vaidotas Sedys

Вузы США возвращают мел и бумагу, чтобы не вырастить поколение жертв цифровой лоботомии

Securitylab.ru

3 weeks ago

Отказ от электронных девайсов стал единственным способом доказать существование интеллекта.

AI Meeting Assistants Are Rising – But Is Your Data Safe? A Deep Look at TicNote AI

Hack Read

3 weeks ago

AI meeting assistants have become essential tools for professionals who want fast, accurate, and automated transcription. Yet behind…

Owais Sultan

著名歌星的平均寿命较短

Solidot

3 weeks ago

德国研究人员回顾性对比了 648 名歌手的死亡风险，其中一半是明星，另一半则未成名。研究人员将 324 名明星与名气较小的同行在年龄、性别、国籍、种族、音乐流派以及是否为乐队独唱/主唱等方面进行了匹配。数据分析显示，著名歌手的平均寿命为 75 岁，而名气较小的歌手平均寿命为 79 岁。尽管与独唱艺人相比，乐队成员的死亡风险低 26%，但并未影响名气的整体效应——著名歌手的早逝风险仍比名气较小的同行高 33%。研究人员提出，一个可能解释是“名气带来的独特社会心理压力，例如强烈的公众审视、表演压力和隐私丧失”。“这些压力源可能引发心理困扰和有害的应对行为，使名气成为一种慢性负担，加剧了已有的职业风险。”

CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems

Security Boulevard

3 weeks ago

3 min readAs AI platforms grow more complex and interdependent, small failures can cast long shadows. That’s what happened inside the open-source CrewAI platform, where a vulnerability in its error-handling logic surfaced during a provisioning failure. The resulting “exception response” – the message a service returns when it encounters an unhandled error during a request – contained […]

The post CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems appeared first on Aembit.

The post CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems appeared first on Security Boulevard.

Dan Kaplan

LeakedData

Dark Feed IO

3 weeks ago

You must login to view this content

cohenido

CVE-2025-13680 | Tiger Plugin up to 101.2.1 on WordPress set_role privileges management

VulDB Recent Entries

3 weeks ago

A vulnerability described as critical has been identified in Tiger Plugin up to 101.2.1 on WordPress. Affected is the function set_role. The manipulation results in improper privilege management. This vulnerability was named CVE-2025-13680. The attack may be performed from remote. There is no available exploit.

vuldb.com

CVE-2025-13538 | FindAll Listing Plugin up to 1.0.5 on WordPress privileges management

VulDB Recent Entries

3 weeks ago

A vulnerability marked as critical has been reported in FindAll Listing Plugin up to 1.0.5 on WordPress. This impacts the function findall_listing_user_registration_additional_params. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2025-13538. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

CVE-2025-13539 | FindAll Membership Plugin up to 1.0.4 on WordPress Social Login findall_membership_check_google_user improper authentication

VulDB Recent Entries

3 weeks ago

A vulnerability labeled as critical has been found in FindAll Membership Plugin up to 1.0.4 on WordPress. This affects the function findall_membership_check_google_user of the component Social Login. Executing manipulation can lead to improper authentication. This vulnerability is handled as CVE-2025-13539. The attack can be executed remotely. There is not any exploit available.

vuldb.com

Aggregator

Managed ad