Aggregator

CVE-2025-52163 | Agorum Core Open 11.9.2/11.10.1 TunnelServlet server-side request forgery (EUVD-2025-21925)

2 months 1 week ago

A vulnerability, which was classified as critical, was found in Agorum Core Open 11.9.2/11.10.1. This affects an unknown part of the component TunnelServlet. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-52163. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2025-52166 | Agorum Core Open 11.9.2/11.10.1 access control (EUVD-2025-21912)

VulDB Recent Entries

2 months 1 week ago

A vulnerability, which was classified as critical, has been found in Agorum Core Open 11.9.2/11.10.1. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-52166. The attack needs to be done within the local network. There is no exploit available.

vuldb.com

Submit #616888: PHPGurukul Complaint Management System 2.0 Cross-Site Request Forgery [Accepted]

Vuldb Submit

2 months 1 week ago

Submit #616888 / VDB-316938

Submit #616919: code-projects Church Donation System V1.0 SQL Injection [Accepted]

Vuldb Submit

2 months 1 week ago

Submit #616919 / VDB-316937

n0name

Submit #616918: code-projects Church Donation System V1.0 SQL Injection [Accepted]

Vuldb Submit

2 months 1 week ago

Submit #616918 / VDB-316936

n0name

Submit #616917: code-projects Church Donation System V1.0 SQL Injection [Accepted]

Vuldb Submit

2 months 1 week ago

Submit #616917 / VDB-316935

n0name

Submit #616886: code-projects Church Donation System V1.0 SQL Injection [Accepted]

Vuldb Submit

2 months 1 week ago

Submit #616886 / VDB-316934

n0name

Submit #616884: code-projects Church Donation System V1.0 SQL Injection [Accepted]

Vuldb Submit

2 months 1 week ago

Submit #616884 / VDB-316933

n0name

CVE-2025-54309 | CrushFTP up to 10.8.4/11.3.4_22 DMZ Proxy Feature unprotected alternate channel (EUVD-2025-21909)

VulDB Recent Entries

2 months 1 week ago

A vulnerability classified as critical was found in CrushFTP up to 10.8.4/11.3.4_22. Affected by this vulnerability is an unknown functionality of the component DMZ Proxy Feature. The manipulation leads to unprotected alternate channel. This vulnerability is known as CVE-2025-54309. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

vuldb.com

Lumma Infostealer Steals Browser Data and Sells It as Logs on Underground Markets

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

2 months 1 week ago

Infostealers are specialized malware variants that routinely steal large amounts of sensitive data from compromised systems. This includes session tokens, login credentials, cryptocurrency wallet information, personally identifiable information (PII), multifactor authentication (MFA) artifacts, and pretty much any data stored in a browser. These threats propagate via phishing operations, social engineering tactics, malvertising, and SEO-manipulated campaigns, […]

The post Lumma Infostealer Steals Browser Data and Sells It as Logs on Underground Markets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2025-33014 | IBM Sterling B2B Integrator/Sterling File Gateway up to 6.1.2.7/6.2.0.4 reverse tabnabbing (EUVD-2025-21923)

VulDB Recent Entries

2 months 1 week ago

A vulnerability classified as problematic has been found in IBM Sterling B2B Integrator and Sterling File Gateway up to 6.1.2.7/6.2.0.4. Affected is an unknown function. The manipulation leads to use of web link to untrusted target with window.opener access. This vulnerability is traded as CVE-2025-33014. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

'PoisonSeed' FIDO Attack Turns Out to Be a Red Herring

darkreading

2 months 1 week ago

Expel retracted its "PoisonSeed" research, in which it said attackers could circumvent FIDO security keys, and apologized for any misunderstanding.

Alexander Culafi

New ChatGPT o3-alpha model hints at coding upgrade

Bleeping Computer.

2 months 1 week ago

ChatGPT's o3 is OpenAI's best model to date because it features reasoning, and it might get even better in the next update. [...]

Mayank Parmar

Google Sues the Operators Behind the BadBox 2.0 Botnet

Security Boulevard

2 months 1 week ago

Google is suing the operators behind BadBox 2.0, accusing multiple Chinese threat groups of playing different roles in the operation of the massive botnet that rolled up more than 10 million devices to run large-scale ad fraud and other malicious campaigns.

The post Google Sues the Operators Behind the BadBox 2.0 Botnet appeared first on Security Boulevard.

Jeffrey Burt

New Surge of Crypto-Jacking Hits Over 3,500 Websites

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

2 months 1 week ago

Cybersecurity experts at cside have discovered a clever campaign that infected over 3,500 websites with nefarious JavaScript miners, marking a startling return to crypto-jacking techniques reminiscent of the Coinhive heyday of 2017. This new wave, detected in late 2024, marks a departure from the resource-intensive miners of the past, which caused noticeable device slowdowns and […]

The post New Surge of Crypto-Jacking Hits Over 3,500 Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

China's Massistant Tool Secretly Extracts SMS, GPS Data, and Images From Confiscated Phones

The Hackers News

2 months 1 week ago

Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices. The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as Meiya Pico. It specializes in the

The Hacker News

Japanese police release decryptor for Phobos ransomware after February takedown

The Record

2 months 1 week ago

Victims of Phobos ransomware and its 8Base offshoot now have access to a decryptor released by Japanese law enforcement and backed by the FBI and European officials.

Fancy Bear Hackers Target Governments and Military Entities with Advanced Tools

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

2 months 1 week ago

Fancy Bear, designated as APT28 by cybersecurity experts, represents a sophisticated Russian cyberespionage collective operational since 2007, renowned for infiltrating governments, military organizations, and strategic entities globally. This group, also known under aliases such as Sofacy, Sednit, STRONTIUM, and Unit 26165, pursues motivations encompassing financial gain, reputational sabotage, espionage, and political agendas. Their operations frequently […]

The post Fancy Bear Hackers Target Governments and Military Entities with Advanced Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Interlock

Dark Feed IO

2 months 1 week ago

You must login to view this content

cohenido

UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns

The Hackers News

2 months 1 week ago

Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 (aka Unknown Group 0002) as part of a broader cyber espionage campaign. "This threat entity demonstrates a strong preference for using shortcut files (LNK), VBScript, and post-exploitation tools such as Cobalt Strike and Metasploit, while consistently deploying CV-themed

The Hacker News

Aggregator

Managed ad