Aggregator

A critical vulnerability has been discovered in the Android spyware app known as Catwatchful, resulting in a significant data breach that compromised the personal information of thousands of users—including the administrator of the service...

The post Catwatchful Spyware Hacked: Critical Flaw Exposes 62,000 User Logins & Victim Data appeared first on Penetration Testing Tools.

FTX破产后拒绝向49国债权人分配资产，包括中国和俄罗斯等国。因加密货币法律不明确或限制性，可能影响跨境法律风险。中国投资者债券占比达82%，或无法获赔或需复杂流程。

A vulnerability classified as critical has been found in Cerulean Portal System 0.7b. This affects an unknown part of the file portal.php. The manipulation of the argument phpbb_root_path leads to file inclusion. This vulnerability is uniquely identified as CVE-2007-0684. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A major investigation into large-scale SMS fraud has concluded in London, culminating in the conviction of Chinese student Ruichen Xiong, who has been sentenced to over a year in prison for orchestrating an elaborate smishing...

The post Chinese Student Jailed for Smishing: Operated Covert “SMS Blaster” in Car for Mass Phishing appeared first on Penetration Testing Tools.

A critical vulnerability has been discovered in the popular WordPress plugin Forminator, enabling unauthenticated attackers to arbitrarily delete files from a website. This flaw poses a significant threat, potentially allowing full compromise of targeted...

The post Forminator WordPress Plugin Flaw (CVE-2025-6463, CVSS 8.8): Unauthenticated Arbitrary File Deletion Leads to Site Takeover appeared first on Penetration Testing Tools.

关键的安全软件并不完全安全，它更需要被保护～

Key Takeaways1. Next.js versions 15.1.0-15.1.8 have a cache poisoning bug causing DoS attacks through blank page delivery.2. Needs affected Next.js version + ISR with cache revalidation + SSR with CDN caching 204 responses.3. Race condition allows HTTP 204 responses to be cached for static pages, serving empty content to all users.4. Update to Next.js 15.1.8+ […]

The post Next.js Cache Poisoning Vulnerability Let Attackers Trigger DoS Condition appeared first on Cyber Security News.

A vulnerability was found in X.org X Server up to 21.1.13 and classified as critical. This issue affects the function _XkbSetCompatMap of the component Bitmap Handler. The manipulation of the argument sym_interpret leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2024-9632. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Red Hat Enterprise Linux 7/8/9. It has been rated as critical. This issue affects some unknown processing of the component libreswan Client Plugin for NetworkManager. The manipulation leads to code injection. The identification of this vulnerability is CVE-2024-9050. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in McAfee ePolicy Orchestrator up to 4.6.6 Build 176. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ComputerMgmt/sysDetPanelSummary.do. The manipulation of the argument uid/orion.user.security.token/ajaxMode as part of GET Request leads to cross site scripting (Reflected). This vulnerability is handled as CVE-2013-4883. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

网络监控工具对OSINT调查员至关重要，用于系统收集、分析和实时跟踪公开信息。这些工具提供实时警报以应对威胁，并帮助企业快速响应数据泄露或声誉风险。它们是现代OSINT工作的基础。

文章揭示了一个安全漏洞：通过“忘记密码”链接可绕过密码和MFA直接登录账户。

用户尝试注册东南亚某打车应用时，发现自己的手机号已被占用，并显示了一个旧的Yahoo邮箱账户。这表明该平台可能存在数据管理问题和用户信息泄露风险。

用户在注册东南亚某打车应用时，发现其手机号已被他人注册，并显示了一个旧的Yahoo邮箱账户信息。用户从未注册过司机账户，也未使用过该邮箱。这表明该应用可能保留了早期用户的旧数据。

研究人员利用工具扫描预生产环境时发现 staging 服务器意外暴露了真实生产数据。

一位安全研究人员在预生产环境中发现敏感信息泄露问题。通过工具扫描和Google搜索，识别出 staging 服务器暴露了生产环境的机密数据。案例强调了即使在非正式环境中也需重视安全防护的重要性。

一家公司遭遇攻击,尽管所有用户都启用了多因素认证(MFA),但攻击者仍轻松入侵。MFA不再是万能的解决方案,网络犯罪分子已转向利用人性和技术漏洞,而非传统密码攻击。

网络犯罪分子通过"勒索软件即服务"（RaaS）模式迅速扩张，使普通罪犯也能轻松发起大规模攻击。2024年 ransomware 攻击激增41%，损失超2650亿美元。

量子计算即将打破现代加密基础。传统加密依赖复杂数学问题,但量子计算机可迅速破解,威胁通信、金融等领域安全,多数机构尚未准备就绪。