Aggregator

We released the XST Format package, which adds support for Microsoft Outlook PST and OST email

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world. Criminals are getting creative — using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. Governments and security teams are fighting back, shutting down fake

Подросток оказался администратором одной из самых громких вымогательских группировок года — Scattered LAPSUS$ Hunters, и теперь утверждает, что сотрудничает с полицией.

Online disagreements among young people can easily spiral out of control. Parents need to understand what’s at stake.

一次付费：终身学习 + 持续更新

假冒《战地6》游戏传播恶意软件，玩家数据面临严重威胁。

看雪论坛作者ID：王cb

In the final Fusion Fireside episode of 2025, we sit down with John Fokker, Vice President of

iOS iPhone

Slop Evader позволяет серфить по YouTube и Reddit так, будто ChatGPT ещё не запустили — без синтетических лиц и текстов из генеративного ИИ.

New phishing domains point to a campaign from the notorious Scattered Lapsus$ Hunters collective

A vulnerability was found in icret EasyImages up to 2.8.6. It has been classified as problematic. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. This vulnerability is traded as CVE-2025-13415. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Lynxtechnology Twonky Server 8.5.2. It has been rated as problematic. Impacted is an unknown function. Performing manipulation results in use of hard-coded cryptographic key . This vulnerability is reported as CVE-2025-13316. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability marked as critical has been reported in anthropics claude-code up to 1.0.38. This impacts an unknown function of the component Yarn. This manipulation causes code injection. This vulnerability is handled as CVE-2025-65099. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. This vulnerability is known as CVE-2025-13443. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability identified as problematic has been detected in Revive Adserver up to 5.5.2/6.0.1. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-48987. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin up to 3.3.1 on WordPress. This affects the function eh_crm_remove_agent of the component Role Handler. Performing manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-10054. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checklogin.php. Executing manipulation of the argument myusername can lead to sql injection. This vulnerability is tracked as CVE-2025-13556. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads to sql injection. This vulnerability is listed as CVE-2025-13557. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. This vulnerability is cataloged as CVE-2025-13560. The attack may be launched remotely. Furthermore, there is an exploit available.