Aggregator

A vulnerability classified as critical has been found in LibTIFF up to 4.7.0. This affects the function get_histogram of the file tools/tiffmedian.c. Performing manipulation results in use after free. This vulnerability is cataloged as CVE-2025-8176. The attack must be initiated from a local position. Furthermore, there is an exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as critical was found in LibTIFF up to 4.7.0. This impacts the function setrow of the file tools/thumbnail.c. Executing manipulation can lead to buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is registered as CVE-2025-8177. The attack needs to be launched locally. No exploit is available. It is best practice to apply a patch to resolve this issue.

US Senator Ron Wyden urges the FTC to investigate Microsoft after its software contributed to a major ransomware…

Penetration Testing as a Service (PTaaS) is a modern approach to offensive security that combines the best of human-led penetration testing with the efficiency of an automated platform. Unlike traditional, project-based penetration tests, a PTaaS model provides continuous, on-demand testing, real-time collaboration, and a centralized dashboard for managing findings. In 2025, this agile approach is […]

The post Top 10 Best Penetration Testing as a Service (PTaaS) Companies in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

To ensure the security of sensitive internet data, it takes more than encryption; it requires clear principles, careful design, and evidential support. Naman Jain is a Senior Software Development Engineer and a leading practitioner in secure systems for fintech and digital payments. At Amazon, he has led the architecture of an enterprise tokenization and sensitive […]

The post Business speed, lasting security: Conversation with Amazon’s Senior Software Development Engineer Naman Jain appeared first on Cyber Security News.

A targeted supply chain compromise of an open-source node package manager (npm) resulted in malicious updates to widely used packages, enabling cryptocurrency theft through traffic interception and transaction manipulation of browser-based crypto wallets.

The post 16 Minutes to Impact: npm Supply Chain Abuse Deploys crypto-draining malware appeared first on Sygnia.

Специалисты предупреждают — следующим может оказаться ваш сайт.

A vulnerability described as problematic has been identified in yangzongzhuan RuoYi up to 4.8.1. Impacted is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. Executing manipulation of the argument configUrl can lead to cross site scripting. The identification of this vulnerability is CVE-2025-7901. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. Affected by this vulnerability is the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. Executing manipulation of the argument File can lead to unrestricted upload. This vulnerability is registered as CVE-2025-7906. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in eosphoros-ai db-gpt 0.7.0. Impacted is the function editor_sql_run/query_ex of the file /v1/editor/sql/run. Executing manipulation can lead to sql injection. This vulnerability appears as CVE-2025-51458. The attack may be performed from remote. There is no available exploit. It is best practice to apply a patch to resolve this issue.

A vulnerability classified as problematic has been found in aimhubio aim 3.28.0. This affects the function pyodide.code.run_js of the file /api/reports. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2025-51464. The attack can be initiated remotely. There is not any exploit available. It is suggested to install a patch to address this issue.

A vulnerability identified as critical has been detected in eosphoros-ai db-gpt 0.7.0. The impacted element is the function agent.hub.controller.refresh_plugins of the file /v1/personal/agent/upload of the component ZIP File Handler. The manipulation leads to unrestricted upload. This vulnerability is documented as CVE-2025-51459. The attack can be initiated remotely. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability classified as critical was found in cvat-ai cvat up to 2.41.x. This affects an unknown function. Executing manipulation can lead to improper authentication. The identification of this vulnerability is CVE-2025-54573. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability described as problematic has been identified in yangzongzhuan RuoYi up to 4.8.1. The affected element is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent results in cross site scripting. This vulnerability is known as CVE-2025-8847. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability categorized as problematic has been discovered in freescout-help-desk freescout up to 1.8.185. This issue affects the function Helper::decrypt. Executing manipulation can lead to deserialization. The identification of this vulnerability is CVE-2025-54366. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability described as critical has been identified in RooCodeInc Roo-Code up to 3.23.18. Impacted is an unknown function. Executing manipulation can lead to command injection. This vulnerability is handled as CVE-2025-54377. It is possible to launch the attack on the local host. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. The impacted element is an unknown function of the component Image Source Handler. The manipulation results in improper restriction of rendered ui layers. This vulnerability is identified as CVE-2025-7903. The attack can be executed remotely. Additionally, an exploit exists.

The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. [...]

The pervasive Vidar infostealer has evolved with a suite of new evasion techniques and covert data exfiltration methods, according to researchers.

Cyber attackers constantly refine their evasion methods. That’s what makes threats, including phishing, increasingly hard to detect and investigate. Kits like Tycoon 2FA regularly evolve with new tricks added to their arsenal. They slip past defenses and compromise companies, demonstrating great adaptivity in modern cyber threats.  Let’s review three key evasion techniques of Tycoon 2FA […]

The post PhishKit Evasion Tactics: What You Need to Pay Attention to Right Now  appeared first on Cyber Security News.