Aggregator

A vulnerability was found in OpenText Service Manager 9.70/9.71/9.72/9.80. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Error Message Web Page. The manipulation leads to improper neutralization of script in an error message web page. This vulnerability is handled as CVE-2025-0883. The attack may be launched remotely. There is no exploit available.

Cahokia Unit School District #187 Allegedly Falls Victim to Qilin Ransomware Attack

Брайан Кребс подтвердил арест администратора Garantex во время семейного отдыха.

A vulnerability was found in Schneider Electric EcoStruxure Panel Server. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive information in log files. This vulnerability is known as CVE-2025-2002. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

Phishing is one of the most common and dangerous cyber threats facing organizations today. Despite growing awareness, employees often still fall victim to these attacks. Even worse, cybercriminals now have more sophisticated tools at their disposal fueled by artificial intelligence (AI). What once required a team of attackers to conduct a spear-phishing attack can [...]

The post Phishing: A Persistent Threat in the Age of AI appeared first on Hurricane Labs.

The post Phishing: A Persistent Threat in the Age of AI appeared first on Security Boulevard.

In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it's being used once more for another botnet campaign with its own malware.

微软官方宣布从 2025 年 5 月 27 日起，Microsoft Store 中的 Remote Desktop app 不再支持或提供下载。要继续访问 Windows 365、Azure Virtual Desktop 和 Microsoft Dev Box 的用户需要过渡到 Windows App。微软称 Windows App 相比 Remote Desktop app 有诸多改进，包括通过单一界面访问多项服务如 Cloud PC 和虚拟桌面；支持自定义主屏幕、多显示器和动态显示分辨率。微软称，5 月 27 日之后，通过 Microsoft Store 中的 Remote Desktop app 访问 Windows 365、Azure Virtual Desktop 和 Microsoft Dev Box 将被阻止。这一限制不适用于通过 MSI 安装的 Remote Desktop 客户端。

A vulnerability was found in Koha up to 21.11. It has been classified as critical. Affected is an unknown function of the file /serials/lateissues-export.pl. The manipulation of the argument supplierid leads to sql injection. This vulnerability is traded as CVE-2025-22954. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in XPixelGroup BasicSR up to 1.4.2 and classified as problematic. This issue affects some unknown processing of the component Environment Variable Handler. The manipulation of the argument SLURM_NODELIST leads to Local Privilege Escalation. The identification of this vulnerability is CVE-2024-27763. An attack has to be approached locally. There is no exploit available.

Rocket Stores Allegedly Falls Victim to Cactus Ransomware Attack

A vulnerability has been found in Apache Camel up to 3.22.3/4.8.4/4.10.1 and classified as problematic. This vulnerability affects unknown code of the component Header Handler. The manipulation leads to improper neutralization of internal special elements. This vulnerability was named CVE-2025-29891. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Private 5G networks were once heralded as the future of enterprise connectivity, offering unprecedented flexibility, faster speeds, and freedom from the limitations of wired networks. Yet, despite optimistic forecasts, the widespread adoption of private 5G has encountered significant roadblocks. This begs the burning...

僧侣坐在书桌前抄写手稿是一种典型的中世纪画面，但修女抄写员呢？根据近期的估计，西方拉丁世界（Latin West）在公元 400-1500 年间抄写了逾千万份手稿，其中约 75 万份保存完好。挪威卑尔根大学的研究人员尝试量化了修女对手稿抄写的贡献。研究分析是基于手稿上的题跋，抄写员会在手稿上留下个人名字、委托人名字、地点和日期等信息，有时还会留下个人感悟。分析显示 1.1% 的手稿是修女抄写的。根据这一比例，西方拉丁世界的手稿有至少 11 万份是女性抄写的，而目前保留的手稿有大约 8000 份是女性抄写的。

Компания испытала сотовую сеть на спутнике Земли.

Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates. [...]

A vulnerability, which was classified as critical, has been found in Conversios.io Plugin up to 4.6.1 on WordPress. Affected by this issue is the function tvcajax_product_sync_bantch_wise of the component SQL Statement Handler. The manipulation of the argument sync_progressive_data leads to sql injection. This vulnerability is handled as CVE-2021-24952. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple iOS and iPadOS up to 15.3.1. This issue affects some unknown processing of the component Wi-Fi. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2022-22668. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple macOS. This vulnerability affects unknown code of the component Wi-Fi. The manipulation leads to information disclosure. This vulnerability was named CVE-2022-22668. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple macOS up to 12.5.1 and classified as problematic. This vulnerability affects unknown code of the component iMovie. The manipulation leads to information disclosure. This vulnerability was named CVE-2022-32896. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS up to 16.2 and classified as problematic. This issue affects some unknown processing of the component Kernel. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2023-23502. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.