Aggregator

A vulnerability was found in Fortinet FortiIsolator and FortiSandbox. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to session expiration. This vulnerability was named CVE-2024-27779. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Identity Services Engine Software and classified as problematic. This issue affects some unknown processing of the component Web-based Management Interface. The manipulation leads to basic cross site scripting. The identification of this vulnerability is CVE-2025-20267. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft reveals Chinese state-backed hacker groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, are exploiting SharePoint flaws, breaching over 100 organisations. Discover threat actors, their tactics and Microsoft's urgent security guidance.

The rise of clandestine “travel agencies” on darknet forums has reshaped the cyber-crime landscape, morphing traditional card-skimming into a full-fledged service economy that sells half-priced flights, five-star hotels, and even yacht charters. What unsuspecting buyers see as a bargain is merely the last hop of a criminal supply chain that begins with credential theft and […]

The post Dark Web Travel Agencies Offering Cheap Travel Deals to Steal Credit Card Data appeared first on Cyber Security News.

H4X-Tools: Open source toolkit for scraping, OSINT and more

Исследование показало: в мире ИИ добрые алгоритмы всегда проигрывают злым.

A vulnerability classified as problematic has been found in Zimbra Collaboration Suite up to 8.x/10.0.14/10.1.8. Affected is an unknown function of the component Webmail Interface/Admin Console. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2025-53645. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in intlify vue-i18n up to 9.14.4/10.0.7/11.0.x. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-53892. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was suspected in Realtek AmebaD up to 3.1.8. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability has been found in Cisco Identity Services Engine Software 3.3.0/3.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component API Handler. The manipulation leads to injection. This vulnerability is known as CVE-2025-20284. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Identity Services Engine Software 3.3.0/3.4.0. It has been classified as problematic. This affects an unknown part of the component API Handler. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2025-20283. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Identity Services Engine Software. It has been declared as problematic. This vulnerability affects unknown code of the component IP Access Restriction Feature. The manipulation leads to authentication bypass by assumed-immutable data. This vulnerability was named CVE-2025-20285. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Indico up to 3.3.6. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-53640. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Microsoft ASP.NET Core, .AspNetCore.Identity, .AspNetCore.App.Runtime.win-arm, .AspNetCore.App.Runtime.win-arm64, .AspNetCore.App.Runtime.win-x64, .AspNetCore.App.Runtime.win-x86, .AspNetCore.App.Runtime.linux-arm, .AspNetCore.App.Runtime.linux-arm64, .AspNetCore.App.Runtime.linux-musl-arm, .AspNetCore.App.Runtime.linux-musl-arm64, .AspNetCore.App.Runtime.linux-musl-x64, .AspNetCore.App.Runtime.linux-x64, .AspNetCore.App.Runtime.osx-arm64 and .AspNetCore.App.Runtime.osx-x64 up to 6.0.36. Affected by this issue is some unknown functionality. The manipulation leads to weak authentication. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-7326. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Fortinet FortiOS and FortiProxy and classified as problematic. Affected by this vulnerability is an unknown functionality of the component DNS Filter. The manipulation leads to security check for standard. This vulnerability is known as CVE-2024-55599. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft said previously known Chinese nation-state operations that it tracks as Linen Typhoon and Violet Typhoon — as well as a third, less-known group — were among those exploiting serious bugs in SharePoint server software.

列夫·托尔斯泰（Leo Tolstoy）在《安娜·卡列尼娜》的开场白中写道：“幸福的家庭都是相似的，不幸的家庭各有各的不幸。”研究乐观主义和悲观主义的神经学家发现了一个类似的现象：在想象未来事件时，乐观主义者大脑一个关键区域的活动模式都是相似的；而悲观主义者的大脑活动模式各有各的不同。研究报告发表在 PNAS 期刊上。研究人员让参与者想象未来发生在自己或配偶身上的特定事件，同时使用 fMRI 对他们的大脑进行扫描。想象的事件部分是积极的，部分中性或消极。研究团队之后让参与者填写问卷以确定其乐观或悲观程度。他们进行了两次研究，一次参与者有 37 人，另一次 50 人。研究人员针对了一个在想象未来事件时特别活跃的区域：前额叶内侧皮质。对于结果，研究人员认为一个人可能有很多不同的方式变得悲观，而乐观者倾向于对充满希望的未来共享心智模式(Shared mental models)。

A vulnerability, which was classified as problematic, was found in Ubertec Help Center Live up to 2.0.2. This affects an unknown part. The manipulation of the argument File leads to path traversal. This vulnerability is uniquely identified as CVE-2005-3639. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Sitecore Experience Manager and Experience Platform up to 7.0. Affected by this vulnerability is an unknown functionality of the component Powershell Extension. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-34511. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Cisco Unified Contact Center Express. Affected is an unknown function of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-20279. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.