Aggregator

安全公司工程师将恢复代码明文放在桌面上 系统被黑后导致客户数据泄露

不安全
9 months 1 week ago
安全公司Huntress因工程师将账户恢复代码以明文形式存储在桌面纯文本文件中遭黑客入侵。黑客利用恢复代码绕过MFA登录系统,并对客户环境发起攻击,导致数据泄露。此次攻击由Akira勒索软件团伙实施。事件提醒企业需加强安全意识,避免明文存储关键凭证,并建议使用加密密码管理器或存储设备。

微软与Cloudflare联手捣毁RaccoonO365钓鱼网络,查封338个域名

不安全
9 months 1 week ago
微软与Cloudflare合作查封338个钓鱼域名,打击RaccoonO365团伙,该团伙通过PhaaS工具窃取5,000多个Microsoft 365账户凭证。攻击者伪造知名品牌邮件诱导受害者,并利用AI提升攻击精准度。此次行动封禁域名、终止脚本并冻结账户,有效打击网络犯罪活动。

CVE-2025-10564 | Campcodes Grocery Sales and Inventory System 1.0 ajax.php?action=delete_category ID sql injection (EUVD-2025-29655)

Vuldb Updates
9 months 1 week ago
A vulnerability classified as critical has been found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_category. Performing manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2025-10564. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2025-10565 | Campcodes Grocery Sales and Inventory System 1.0 ajax.php?action=delete_receiving ID sql injection (EUVD-2025-29654)

Vuldb Updates
9 months 1 week ago
A vulnerability classified as critical was found in Campcodes Grocery Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_receiving. Executing manipulation of the argument ID can lead to sql injection. This vulnerability appears as CVE-2025-10565. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com

CVE-2025-10566 | Campcodes Grocery Sales and Inventory System 1.0 /index.php?page=users page cross site scripting (EUVD-2025-29659)

Vuldb Updates
9 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Campcodes Grocery Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=users. The manipulation of the argument page leads to cross site scripting. This vulnerability is traded as CVE-2025-10566. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-59161 | element-hq element-web up to 1.11.111 state issue (GHSA-m6c8-98f4-75rr)

Vuldb Updates
9 months 1 week ago
A vulnerability labeled as problematic has been found in element-hq element-web up to 1.11.111. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to state issue. The identification of this vulnerability is CVE-2025-59161. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.
vuldb.com

Managed ad