Aggregator

A vulnerability, which was classified as critical, has been found in RTI Connext DDS Professional and Connext DDS Secure up to 6.1.0. This issue affects some unknown processing. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2021-38433. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in RTI Connext DDS Professional and Connext DDS Secure up to 6.1.0. Affected is an unknown function. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2021-38435. It is possible to launch the attack remotely. There is no exploit available.

Satori announced its new capabilities, enabling security teams to be in control of all customer data across the development lifecycle in a simple, cost-effective, and holistic way. These capabilities automate the daunting tasks of discovering data, risk assessment, providing granular access control, and mitigating security risks quickly across cloud platforms like AWS, Snowflake, Databricks, and MongoDB. A recent report by Gartner found that 75% of organizations are working to consolidate their cloud-native security vendors. Security … More →

The post Satori provides visibility into data store risk levels appeared first on Help Net Security.

A vulnerability was found in Sun Java Web Start. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2008-4910. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Submitty up to 20.04.01. It has been classified as problematic. Affected is an unknown function. The manipulation as part of SVG Document leads to cross site scripting. This vulnerability is traded as CVE-2020-12882. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

最近经历了一些事，一直在折腾 RTSP 协议的攻击可能性，市面上那些 RTSP 攻击工具很多都不太行，于是决定自己整一个。

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 16.9.6/16.10.4/16.11.1. It has been classified as problematic. This affects an unknown part of the component Public Project Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-3976. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 16.9.6/16.10.4/16.11.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2024-2878. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM Cloud Pak for Business Automation up to 22.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-52364. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM Cloud Pak for Business Automation up to 22.0.2. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-52365. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks. "Originally sourced from public

A critical vulnerability in Apple’s macOS kernel (XNU), tracked as CVE-2025-24118, has been disclosed, potentially allowing attackers to escalate privileges, corrupt memory, and even execute kernel-level code.  The flaw, affecting macOS Sonoma versions earlier than 14.7.3, macOS Sequoia versions earlier than 15.3, and iPadOS versions earlier than 17.7.4, was discovered by Joseph Ravichandran (@0xjprx), a […]

The post Apple’s macOS Kernel Vulnerability Let Attackers Escalate Privileges – PoC Released appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in IBM Cloud Pak for Business Automation up to 22.0.2. This issue affects some unknown processing. The manipulation leads to incorrect privilege assignment. The identification of this vulnerability is CVE-2024-49348. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Rhode Island disclosed in December that a ransomware attack had resulted in a data breach of its RIBridges social services database, exposing personal data of about 650,000 residents that included Social Security numbers, dates of birth, and individual bank account numbers. The impact was enormous — more than half of the state’s population was affected. 

The post Sandboxes Alone Won’t Stop the Malware Onslaught. Here’s What Will. appeared first on Security Boulevard.

A vulnerability was found in Survey Maker team Plugin Plugin up to 5.1.3.5 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-22664. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in bPlugins Alert Box Block up to 1.1.0 on WordPress. It has been classified as problematic. This affects an unknown part of the file notice/alerts. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-22675. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WP24 Domain Check Plugin up to 1.10.14 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-24602. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adiscon Winsyslog 4.21 Sp1/5.0 Beta. This affects an unknown part of the component Syslog Message Handler. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2003-1518. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Sophos, a global leader in cybersecurity solutions, has finalized its acquisition of SecureWorks, a prominent managed security services provider, in an all-cash transaction valued at $859 million.  Sophos is now the top pure-play provider of Managed Detection and Response (MDR) services, serving more than 28,000 businesses worldwide due to this strategic approach. The acquisition brings […]

The post Sophos Acquires Secureworks for $859 Million appeared first on Cyber Security News.