Aggregator

A vulnerability marked as critical has been reported in Eaton Galileo Software up to 11.1.1. Impacted is an unknown function. The manipulation leads to path traversal. This vulnerability is documented as CVE-2025-59890. The attack needs to be performed locally. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in Open-Xchange OX App Suite up to 8.35.110/8.39.85/8.40.73/8.41.67. This issue affects some unknown processing of the component File Handler. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-59026. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Open-Xchange OX App Suite up to 8.35.110/8.39.85/8.40.73/8.41.50. This vulnerability affects unknown code of the component E-Mail Content Handler. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-59025. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Open-Xchange OX App Suite up to 8.35.1513817/8.39.1565928/8.40.1565934/8.41.1523927. This affects an unknown part. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-30190. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

De zogenoemde Quick Reaction Alert (QRA) is vanaf vandaag weer in Nederlandse handen. Voor de bewaking van het luchtruim van België, Nederland en Luxemburg staan permanent 2 F-35’s paraat om te worden ingeschakeld.  

A vulnerability was found in Open-Xchange OX App Suite up to 8.35.107/8.38.89/8.39.83/8.40.68/8.41.60. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-30186. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

Власти Мьянмы отчитываются о сотнях снесенных зданий и тысячах изъятых устройств, но специалисты уверены: ключевые скам-центры в KK Park продолжают жить.

RingReaper is a simple post-exploitation agent for Linux designed for those who need to operate stealthily, minimizing the chances

The post RingReaper: Stealthy Linux Agent Abuses io_uring to Bypass EDR System Call Monitoring appeared first on Penetration Testing Tools.

OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. [...]

The hacker collective known as Scattered LAPSUS$ Hunters — which has spent this year extorting dozens of corporations

The post Confirmed: 15-Year-Old Jordanian is The Leader of Scattered LAPSUS$ Hunters appeared first on Penetration Testing Tools.

Hackers breached U.S. radio stations and broadcast fabricated alerts and streams of obscenities live on air, prompting the

The post Hackers Breach U.S. Radio Stations to Broadcast Fake EAS Tones & Obscenities appeared first on Penetration Testing Tools.

A malicious extension has been discovered in the Chrome catalog — an add-on that, without the owner’s knowledge,

The post Malicious ‘Crypto Copilot’ Chrome Extension Steals Hidden Fee from Solana Swaps appeared first on Penetration Testing Tools.

Censys researchers have detailed a new web-attack technique known as EtherHiding, in which attackers conceal malicious code inside

The post EtherHiding: New Stealth Attack Hides Malware C2 in Binance Smart Chain Smart Contracts appeared first on Penetration Testing Tools.

ASUS continues to patch dangerous flaws in its home routers following a wave of attacks targeting the AiCloud

The post ASUS Patches Critical AiCloud Flaw (CVE-2025-59366) Allowing Remote Router Takeover appeared first on Penetration Testing Tools.

The breach may have exposed OpenAI API customers’ data

Cato Networks has unveiled a new attack technique, dubbed HashJack, which conceals malicious AI prompts behind the “#”

The post HashJack Attack: New Technique Weaponizes URLs to Hijack AI Browser Assistants appeared first on Penetration Testing Tools.

The CodeRED alert platform operated by OnSolve and maintained by the risk-management firm Crisis24 has fallen victim to

The post INC Ransom Attack Disrupts US Emergency Alerts, Exposes Clear-Text Passwords appeared first on Penetration Testing Tools.

水果发霉、衣物破洞、化妆品损坏……近期，在一些电商平台，有买家利用AI技术制作假图，伪造商品质量问题，向商家骗取“仅退款”，引发大家关注。