Aggregator

A Threat Actor Claims to be Selling Access to Descon

A vulnerability classified as critical has been found in Gerapy up to 0.9.7. Affected is an unknown function. The manipulation leads to os command injection. This vulnerability is traded as CVE-2021-43857. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

6 min readFrom dynamic workloads to API-driven systems, managing non-human identities requires a new approach to security at scale.

The post Why Scalability Matters in Non-Human Identity and Access Management appeared first on Aembit.

The post Why Scalability Matters in Non-Human Identity and Access Management appeared first on Security Boulevard.

Experts Weigh the Pros and Cons of Work Culture and Merging AML and Fraud Teams
A recent report found that more than 57,000 Americans fall victim to scams every day. Financial fraud is rising globally. In response, the National Automated Clearinghouse Association is pushing for real-time fraud monitoring by 2026, requiring closer collaboration between fraud and AML teams.

​CISA tagged a vulnerability in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks, ordering agencies to secure their systems within three weeks. [...]

FunkSec, a new ransomware group that attacked more than 80 victims in December 2024, was developed using AI tools. The FunkSec ransomware-as-a-service (RaaS) group has been active since late 2024, the gang published over 85 victims in December 2024. The group likely used AI-based systems to quickly develop advanced tools, blending hacktivism and cybercrime. However, […]

The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.

Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. [...]

A vulnerability was found in Venki Supravizio BPM up to 18.1.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-46481. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in NamelessMC Nameless up to 2.1.2 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-22142. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in NamelessMC Nameless up to 2.1.2 and classified as critical. This vulnerability affects the function reset_code. The manipulation leads to externally controlled reference. This vulnerability was named CVE-2025-22144. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Venki Supravizio BPM up to 18.0.1. This affects an unknown part. The manipulation leads to insufficiently protected credentials. This vulnerability is uniquely identified as CVE-2024-46480. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Royal Elementor Addons and Templates up to 1.7.1006 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-0393. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Cfxre FXServer 9601. Affected by this vulnerability is an unknown functionality of the component API Endpoint. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-46310. The attack can only be initiated within the local network. There is no exploit available.