Aggregator

A vulnerability was found in PHP Jabbers Business Directory Script 3.2. It has been declared as problematic. This affects an unknown function. The manipulation of the argument keyword results in cross site scripting. This vulnerability is identified as CVE-2023-41537. The attack can be executed remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in NETGEAR RAX30 and RAXE300. Affected is an unknown function of the component Firmware Update Handler. Such manipulation leads to improper certificate validation. This vulnerability is referenced as CVE-2025-12943. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in NETGEAR WAX610 and WAX610Y. This affects an unknown part of the component Syslog Server. Executing manipulation can lead to sensitive information in log files. The identification of this vulnerability is CVE-2025-12940. The attack can only be executed locally. There is no exploit available. The affected component should be upgraded.

Select researchers and academic teams will get access to Amazon’s NOVA models next year as the tech giant continues to integrate the AI tools into its own tech stack.

The post Amazon rolls out AI bug bounty program  appeared first on CyberScoop.

A vulnerability was found in Siemens POWER METER SICAM Q100 2.41. It has been rated as problematic. The affected element is an unknown function of the component Web Interface. Performing manipulation of the argument EndTime results in improper input validation. This vulnerability is reported as CVE-2022-43546. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Siemens POWER METER SICAM Q100 2.41. It has been declared as problematic. Impacted is an unknown function of the component Web Interface. Such manipulation of the argument RecordType leads to improper input validation. This vulnerability is documented as CVE-2022-43545. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens POWER METER SICAM Q100 2.41. It has been classified as problematic. This issue affects some unknown processing of the component Web Interface. This manipulation of the argument Language causes improper input validation. This vulnerability is registered as CVE-2022-43439. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability has been found in Siemens POWER METER SICAM Q100 2.41 and classified as critical. Impacted is an unknown function of the component Session Cookie Handler. This manipulation causes session fixiation. This vulnerability is tracked as CVE-2022-43398. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

Hackers exploited a critical vulnerability and the built-in antivirus feature in Gladinet's Triofox file-sharing and remote-access platform to achieve remote code execution with SYSTEM privileges. [...]

Nacha's Devon Marsh on Banks Proving They 'Reasonably Intended' to Identify Fraud
Nacha's 2026 rule amendments pivot from "commercially reasonable" to "reasonably intended" fraud detection standards. Nacha's Devon Marsh explains what this shift means for RDFIs and ODFIs and how banks and financial institutions can define and demonstrate reasonable practices.

Why Traditional Logs Can't Explain What Happens Inside a Rogue AI Model
Logs are where cybersecurity teams spot how and when the break in occurred. For a new type of attack, logs will be worthless - a condition that will especially challenge digital responders as artificial intelligence systems become more ubiquitous.

Lawmakers Include Extension of Cyberthreat Sharing Law in Shutdown Resolution
A statute underpinning corporate cybersecurity information sharing may come back into effect along with funding to reopen the U.S. federal government after six weeks of being shutdown. The Cybersecurity Information Sharing Act of 2015 expired the same day Washington shut down on Oct. 1.

Cl0p ransomware lists NHS UK as a victim days after The Washington Post confirms a major Oracle E-Business breach linked to CVE-2025-61882.

Alleged Data Breach of International Kiteboarding Organization (IKO)

A new wave of security alert-themed phishing emails has recently surfaced, causing concern within both enterprise and personal email environments. These malicious emails cleverly impersonate official security notifications, often appearing to come from the victim’s own domain. Their main objective is to instill panic by warning users about “blocked messages” and prompt recipients to take […]

The post Beware of Security Alert-Themed Malicious Emails that Steal Your Email Logins appeared first on Cyber Security News.

The digital engineering services firm said human resources data on nearly 10,500 current and former employees was exposed.

The post Hitachi subsidiary GlobalLogic impacted by Clop’s attack spree on Oracle customers appeared first on CyberScoop.

Microsoft has reminded customers today that systems running Home and Pro editions of Windows 11 23H2 have stopped receiving security updates. [...]

BABAYO EROR SYSTEM DDoS'd the Website of Meir Children's Channel

A vulnerability was found in Axis AXIS OS up to 12.6.27. It has been classified as critical. The impacted element is an unknown function of the component ACAP Application Handler. Performing manipulation results in improper validation of specified type of input. This vulnerability was named CVE-2025-6298. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is recommended.