Aggregator

CVE-2025-43354 | Apple iOS/iPadOS up to 18.7 App information disclosure (EUVD-2025-29307)

3 weeks 5 days ago

A vulnerability, which was classified as problematic, was found in Apple iOS and iPadOS. Affected by this issue is some unknown functionality of the component App. The manipulation results in information disclosure. This vulnerability is known as CVE-2025-43354. Attacking locally is a requirement. No exploit is available. You should upgrade the affected component.

vuldb.com

CVE-2025-43354 | Apple tvOS up to 18.4 App information disclosure (EUVD-2025-29307)

Vuldb Updates

3 weeks 5 days ago

A vulnerability has been found in Apple tvOS and classified as problematic. This affects an unknown part of the component App. This manipulation causes information disclosure. This vulnerability is handled as CVE-2025-43354. It is possible to launch the attack on the local host. There is not any exploit available. The affected component should be upgraded.

vuldb.com

CVE-2025-43354 | Apple visionOS up to 18.4 App information disclosure (EUVD-2025-29307)

Vuldb Updates

3 weeks 5 days ago

A vulnerability was found in Apple visionOS up to 18.4 and classified as problematic. This vulnerability affects unknown code of the component App. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-43354. Local access is required to approach this attack. No exploit exists. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-43315 | Apple macOS up to 14.7/15.6 App information disclosure (EUVD-2025-29310)

Vuldb Updates

3 weeks 5 days ago

A vulnerability, which was classified as problematic, has been found in Apple macOS up to 14.7/15.6. Affected is an unknown function of the component App. Performing manipulation results in information disclosure. This vulnerability was named CVE-2025-43315. The attack needs to be approached locally. There is no available exploit. It is advisable to upgrade the affected component.

vuldb.com

Mydata

Dark Feed IO

3 weeks 5 days ago

You must login to view this content

cohenido

幻影|一款漏洞挖掘的浏览器扩展辅助工具|收集中的隐藏接口和敏感信息

先知技术社区

3 weeks 5 days ago

一款面向 SRC 场景的浏览器插件，自动收集页面及相关资源中的敏感信息与可疑线索，支持基础扫描、深度递归扫描、批量 API 测试及结果导出与自定义正则配置。可以帮助用户高效的测试api接口与探测目录

'SlopAds' Fraud Campaign Uses Novel Obfuscation Techniques

Ransomware DataBreachToday.com

3 weeks 5 days ago

Steganography, Mobile Marketing Attribution, Code Obfuscation Deployed for Ad Fraud
A cybercrime crew using Android mobile apps to conduct advertising fraud took unusual pains to hide its activity, concealing malicious code in downloadable digital images and holding off from infecting the subset of users who organically found their apps through the Google Play store.

Scattered Spider Tied to Fresh Attacks on Financial Services

Ransomware DataBreachToday.com

3 weeks 5 days ago

Recent, Targeted Attacks Suggest Undercut Group's Claimed 'Going Dark' Retirement
Elements of the notorious ransomware collective lately calling itself Scattered Lapsus$ Hunters appear to be targeting fresh victims, including a U.S. banking organization if not the sector at large, despite a member of the group claiming it would be "going dark" and retiring.

Jaguar Land Rover Extends Production Halt

Ransomware DataBreachToday.com

3 weeks 5 days ago

Economic Losses of Carmaker, Suppliers Piling Up
British auto manufacturer Jaguar Land Rover will extend a production pause until late September as it enters its third week of contending with a cyber incident that forced it to shut down assembly lines across the globe.

DEF CON 33: Illumicon

Security Boulevard

3 weeks 5 days ago

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 33: Illumicon appeared first on Security Boulevard.

Marc Handelman

大模型改击与传统攻击的进化图增(一)

先知技术社区

3 weeks 5 days ago

虽然大模型安全攻击的目标是模型的“认知”过程（理解、推理、生成），而传统攻击更多针对的是程序的执行流程、数据存储和网络通信，但许多底层的攻击哲学和策略是相通的。它们都涉及理解系统的工作原理，寻找其薄弱环节，并通过精心设计的输入或交互来操纵系统，使其偏离预期轨道，服务于攻击者的目的

Brain Cipher

Dark Feed IO

3 weeks 5 days ago

You must login to view this content

cohenido

Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs

CyberScoop

3 weeks 5 days ago

The tech giant doesn’t provide details about the severity of vulnerabilities it discloses, but none of the new defects are under active attack.

The post Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs appeared first on CyberScoop.

Matt Kapko

Раскрыта тайна «пятого элемента»: астрономы нашли виновника аномального «креста Эйнштейна»

Securitylab.ru

3 weeks 5 days ago

Астрономы нашли то, что скрывалось от глаз миллиарды лет.

CVE-2025-30075 | Alludo MindManager up to 25.0.207 on Windows uncontrolled search path

VulDB Recent Entries

3 weeks 5 days ago

A vulnerability marked as problematic has been reported in Alludo MindManager up to 25.0.207 on Windows. This issue affects some unknown processing. This manipulation causes uncontrolled search path. The identification of this vulnerability is CVE-2025-30075. The attack can only be executed locally. There is no exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-57624 | CYRISMA Agent up to 443 uncontrolled search path

VulDB Recent Entries

3 weeks 5 days ago

A vulnerability labeled as problematic has been found in CYRISMA Agent up to 443. This vulnerability affects unknown code. The manipulation results in uncontrolled search path. This vulnerability was named CVE-2025-57624. The attack needs to be approached locally. There is no available exploit. The affected component should be upgraded.

vuldb.com

CVE-2025-56557 | Tuya Smart Life App 5.6.1 Matter Protocol privilege escalation (EUVD-2025-29640)

VulDB Recent Entries

3 weeks 5 days ago

A vulnerability identified as critical has been detected in Tuya Smart Life App 5.6.1. This affects an unknown part of the component Matter Protocol Handler. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-56557. The attack can only be initiated within the local network. No exploit exists.

vuldb.com

CVE-2025-56562 | Signify Wiz Connected 1.9.1 denial of service

VulDB Recent Entries

3 weeks 5 days ago

A vulnerability categorized as problematic has been discovered in Signify Wiz Connected 1.9.1. Affected by this issue is some unknown functionality. Executing manipulation can lead to denial of service. This vulnerability is handled as CVE-2025-56562. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2025-58174 | LDAPAccountManager lam up to 9.2 Profile Section profile name cross site scripting (GHSA-6gqg-wm9x-5x3m)

VulDB Recent Entries

3 weeks 5 days ago

A vulnerability was found in LDAPAccountManager lam up to 9.2. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component Profile Section. Performing manipulation of the argument profile name results in cross site scripting. This vulnerability is known as CVE-2025-58174. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

vuldb.com

CVE-2025-59050 | Greenshot up to 1.3.300 WinForms WndProc Greenshot.exe deserialization (GHSA-8f7f-x7ww-xx5w)

VulDB Recent Entries

3 weeks 5 days ago

A vulnerability was found in Greenshot up to 1.3.300. It has been declared as problematic. Affected is an unknown function of the file Greenshot.exe of the component WinForms WndProc Handler. Such manipulation leads to deserialization. This vulnerability is traded as CVE-2025-59050. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Aggregator

Managed ad