Aggregator

A vulnerability, which was classified as problematic, was found in code16 sharp up to 9.11.0. Impacted is an unknown function of the component SharpShowTextField. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-62798. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

This morning, I tried to power down my Samsung S23 smartphone.

Related: Sam Altman seeks to replace the browser

I long-pressed the side key expecting the usual “Power off / Restart” menu. Instead, a small Gemini prompt window appeared towards … (more…)

The post MY TAKE: Have you noticed how your phone’s AI assistant is starting to remap what you trust? first appeared on The Last Watchdog.

The post MY TAKE: Have you noticed how your phone’s AI assistant is starting to remap what you trust? appeared first on Security Boulevard.

A vulnerability, which was classified as critical, has been found in HP ThinPro up to 8.1 SP7. This issue affects some unknown processing of the component System Management Application. Performing manipulation results in execution with unnecessary privileges. This vulnerability is known as CVE-2025-43017. Attacking locally is a requirement. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Kludex starlette up to 0.49.0. This vulnerability affects unknown code of the component FileResponse Range Parser. Such manipulation leads to inefficient algorithmic complexity. This vulnerability is traded as CVE-2025-62727. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in HashiCorp Consul and Consul Enterprise. This affects an unknown part of the component Header Handler. This manipulation of the argument Content-Length causes allocation of resources. This vulnerability appears as CVE-2025-11375. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in HashiCorp Consul and Consul Enterprise. Affected by this issue is some unknown functionality. The manipulation results in allocation of resources. This vulnerability is reported as CVE-2025-11374. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in PrivateBin up to 2.0.1. Affected by this vulnerability is an unknown functionality of the component Content Security Policy Handler. The manipulation of the argument attachment_name leads to basic cross site scripting. This vulnerability is documented as CVE-2025-62796. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in RichardoC github-workflow-updater-extension up to 0.0.6. Affected is an unknown function. Executing manipulation can lead to insufficiently protected credentials. This vulnerability is registered as CVE-2025-62794. The attack needs to be launched locally. No exploit is available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Dataphone A920 2025.07.161103. This impacts an unknown function. Performing manipulation results in improper authorization. This vulnerability is cataloged as CVE-2025-61235. The attack must originate from the local network. Furthermore, there is an exploit available.

A vulnerability categorized as problematic has been discovered in Discourse up to 3.6.0.beta1/3.6.1. This affects an unknown function of the component Response Header Handler. Such manipulation of the argument Cache-Control leads to use of cache containing sensitive information. This vulnerability is listed as CVE-2025-61598. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in taigaio taiga-back up to 6.8.x. It has been rated as critical. The impacted element is an unknown function of the component Taiga API. This manipulation causes sql injection. This vulnerability is tracked as CVE-2025-62367. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in taigaio taiga-back up to 6.8.x. It has been declared as critical. The affected element is an unknown function of the component Taiga API. The manipulation results in deserialization. This vulnerability is identified as CVE-2025-62368. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A sophisticated information-stealing malware named Anivia Stealer has emerged on underground forums, marketed by a threat actor known as ZeroTrace. The malware represents a dangerous evolution in credential theft operations, specifically designed to compromise Windows systems from legacy XP installations through the latest Windows 11 environments. Built using C++17, Anivia Stealer incorporates advanced evasion techniques […]

The post Threat Actors Advertising Anivia Stealer Malware on Dark Web bypassing UAC Controls appeared first on Cyber Security News.

A vulnerability has been found in ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1 and classified as problematic. This vulnerability affects unknown code. Performing manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2025-12202. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

IOC Alert: Quasar RAT Command-and-Control Domain via Ngrok Tunnel

Japanese advertising giant Dentsu has disclosed that its U.S.-based subsidiary Merkle suffered a cybersecurity incident  that exposed staff and client data. [...]

CEO Nikesh Arora: Next-Generation Security Play Ties Automation to Identity, Cloud
With new products set to launch, Palo Alto Networks is expanding its AI cybersecurity footprint. Chairman and CEO Nikesh Arora introduced the AgentiX platform, a retooled cloud approach, identity enhancements and a deal making Palo Alto the core security provider for Oracle Cloud.

Atlantic Council's Ray on How Geopolitics, Technology, Power Collide in the AI Era
Trisha Ray, associate director and resident fellow at the Atlantic Council's GeoTech Center, shares the risks countries face when relying heavily on a handful of global tech companies for AI infrastructure, chips and cloud services.

Digital Extortionists Try Recruiting Insiders, Email Barrages
Collective efforts to bolster cybersecurity defenses have been taking a big bite out of ransomware groups' earnings, leading groups to reach for new strategies, including social engineering, supply chain attacks, extortion services and bribing insiders, warn incident response experts.