Aggregator

Submit #558628 / VDB-306389

A vulnerability was found in 104 eHRMS up to 202412. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-3706. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in SIOS Quick Agent up to 2.9.7/3.2.0 and classified as problematic. This issue affects some unknown processing. The manipulation leads to improper restriction of communication channel to intended endpoints. The identification of this vulnerability is CVE-2025-31144. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Cybercriminals have begun openly marketing a powerful new variant of the HiddenMiner malware on underground dark web forums, raising alarms within the cybersecurity community. The malware, a heavily modified Monero (XMR) cryptocurrency miner, attracts buyers due to its advanced stealth capabilities and ease of use, even for less technically skilled threat actors. A New Breed […]

The post Cybercriminals Selling Sophisticated HiddenMiner Malware on Dark Web Forums appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in SIOS Quick Agent up to 2.9.7/3.2.0 and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2025-27937. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Security researchers at Shelltrail have discovered three significant vulnerabilities in the IXON VPN client that could allow attackers to escalate privileges on both Windows and Linux systems. The vulnerabilities, temporarily designated as CVE-2025-ZZZ-01, CVE-2025-ZZZ-02, and CVE-2025-ZZZ-03, affect the widely used VPN solution that provides remote access to industrial systems. While official CVE IDs have been […]

The post Three IXON VPN Client Vulnerabilities Let Attackers Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, was found in SIOS Quick Agent up to 2.9.7/3.2.0. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-26692. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

80 岁的乔治卢卡斯（George Lucas）在《星球大战之帝国反击战》上映 45 周年的纪念活动上解释了为什么尤达大师总是说倒装句：此举是为了确保尤达话中所蕴含的重要信息能传递给观众。尤达的说话方式是刻意的，如果他说的是常规的英文，观众可能不太会仔细聆听，但如果他有口音，或者说的话很难理解，那么观众就会认真听他说了什么。在星球大战电影里尤达基本上是一位哲学家，对白很长，所以必须想办法让观众仔细聆听，尤其是对 12 岁的儿童而言。

In a world where organizations’ digital footprint is constantly changing and attackers regularly capitalize on security failings in exposed IT assets, making the effort to minimize your external attack surface is a no-brainer. The goal is simple: Make your organization a hard nut to crack and thus force attackers to look for easier targets. To do that, you must be able to see the entirety of your organization’s external attack surface as threat actors see … More →

The post Threat actors are scanning your environment, even if you’re not appeared first on Help Net Security.

Discover the Blue Shield of California data breach affecting 4.7M members. Learn about the risks and essential security measures to protect your data.

The post Blue Shield of California Data Breach Exposes 4.7M Members’ Info appeared first on Security Boulevard.

Discover Google's Firestore with MongoDB compatibility, enhancing cloud database functionality with serverless architecture. Explore the future of data storage.

The post Google Cloud Enhances Databases with Firestore and MongoDB Features appeared first on Security Boulevard.

Jeffrey Bowie, the CEO of a local cybersecurity firm, has been arrested for allegedly planting malware on computers at SSM St. Anthony Hospital. Bowie, who until recently touted himself as a leader in protecting businesses from cyber threats, now faces charges that he became the very threat he promised to prevent. Police say the incident […]

The post Cybersecurity Firm CEO Arrested for Planting Malware in Hospital Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Linux Kernel up to 6.14.1 and classified as critical. Affected by this issue is the function table_sz of the component remoteproc. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-38152. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.133/6.6.86/6.12.22/6.13.10/6.14.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component AMD Display. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-22093. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.1. It has been rated as problematic. This issue affects the function vkms_exit. The manipulation leads to improper initialization. The identification of this vulnerability is CVE-2025-22097. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.133/6.6.86/6.12.22/6.13.10/6.14.1. It has been declared as critical. This vulnerability affects the function regulator_bulk_get. The manipulation leads to denial of service. This vulnerability was named CVE-2025-22095. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms. GoSearch incorporates data from Hudson Rock’s Cybercrime Database, offering detailed insights into potential cybercrime connections. It also draws from BreachDirectory.org and ProxyNova databases, providing extensive access to breached data, including plain-text and hashed passwords associated with usernames. For investigators who need reliable results without … More →

The post GoSearch: Open-source OSINT tool for uncovering digital footprints appeared first on Help Net Security.