Aggregator

A vulnerability, which was classified as problematic, was found in Sinatra up to 2.1.x. This affects an unknown part of the component Static File Handler. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2022-29970. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sinatra up to 2.2.2/3.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Header Handler. The manipulation of the argument Content-Disposition leads to download of code without integrity check. This vulnerability is known as CVE-2022-45442. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SonicWALL SMA 100 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-40597. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in SonicWALL SMA 100 and classified as critical. This issue affects some unknown processing of the component Web Interface. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-40596. The attack may be initiated remotely. There is no exploit available.

Some crisis pregnancy centers (CPCs) still tell visitors that their data is protected under the HIPAA privacy law — despite guidance to the contrary from the government and CPCs' own umbrella organizations. Data privacy and abortion-rights groups want states to do more to end those claims.

Researchers identified 13 critical vulnerabilities in Tridium’s widely-deployed Niagara Framework that could allow attackers to compromise building automation systems and collect sensitive network data.  The vulnerabilities, affecting versions 4.10u10 and earlier, as well as 4.14u1 and earlier, enable attackers with network access to execute sophisticated attack chains resulting in complete system compromise, including root-level remote […]

The post Multiple Vulnerabilities in Tridium Niagara Framework Let Attacker to Collect Sensitive Data from the Network appeared first on Cyber Security News.

美陆军第3多域特遣部队在美海军陆战队、美海军以及澳大利亚陆军的联合协作下，在澳大利亚北领地使用“堤丰”系统实弹发射1枚“标准-6”导弹，成功击沉海上目标靶船。现根据卫星影像结合开源信息，对美军本次实弹试射的地理位置信息和技术特点进行深度解析

速更新

作为国内网络安全行业的领军企业，奇安信旗下代码安全实验室深度参与了本次报告的编制工作，并指出，开源软件的漏洞问题日益严峻，整体安全风险仍在持续。

A hacker injected a malicious prompt into Amazon Q via GitHub, aiming to delete user files and wipe AWS data, exposing a major security flaw.

Christina Marie Chapman, an Arizona resident, was sentenced to 8.5 years in prison for her role in a wide-ranging North Korean IT worker scam that sent $17 million to the outlaw country. Chapman ran a laptop farm from her home, validated stolen U.S. identities for the scammers, and transferred money overseas to the bad actors.

The post U.S. Woman Sentenced to 8.5 Years for Role in North Korean Worker Scam appeared first on Security Boulevard.

A 50-year-old Arizona woman who pleaded guilty in February to her role in a massive North Korean

Two critical vulnerabilities in the VMware Guest Authentication Service (VGAuth) component of VMware Tools allow local attackers to escalate privileges from any user account to SYSTEM-level access on Windows virtual machines.  The vulnerabilities, tracked as CVE-2025-22230 and CVE-2025-22247, affect VMware Tools installations across ESXi-managed environments and standalone VMware Workstation deployments. Key Takeaways1.  VMware Tools VGAuth […]

The post Critical VMware Tools VGAuth Vulnerabilities Enable Full System Access for Attackers appeared first on Cyber Security News.

Добро пожаловать в новую бюрократию.

Russian aerospace and defense industries have become the target of a cyber espionage campaign that delivers a backdoor called EAGLET to facilitate data exfiltration. The activity, dubbed Operation CargoTalon, has been assigned to a threat cluster tracked as UNG0901 (short for Unknown Group 901). "The campaign is aimed at targeting employees of Voronezh Aircraft Production Association (VASO), one

Cybersecurity firm Sygnia has been tracking and mitigating a sophisticated espionage operation dubbed Fire Ant, which zeroes in on virtualization and networking infrastructure, particularly VMware ESXi hypervisors and vCenter management servers, alongside network appliances. The threat actors behind Fire Ant employ multilayered kill chains, blending advanced persistence mechanisms with stealthy techniques to breach segmented networks […]

The post Fire Ant Hackers Target VMware ESXi and vCenter Flaws to Infiltrate Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

r/HowToHack 是一个开放的黑客社区，旨在帮助新手成长为地下技能领域的资深人士。用户可以在此提问、解答问题并学习相关知识。社区还提供 Discord 服务器链接供进一步交流。

Authorities release a free ransomware decryptor, Lumma infostealer regroups post-takedown, and ToolShell zero-day spurs urgent patching.