Aggregator

A vulnerability, which was classified as critical, has been found in iqonicdesign KiviCare Plugin up to 3.6.4 on WordPress. Affected by this issue is the function visit_type[service_id]. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-11728. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in evilnapsis Inventio Lite up to 4. This issue affects some unknown processing of the file /?action=processlogin. The manipulation of the argument Username leads to sql injection. The identification of this vulnerability is CVE-2024-44541. The attack may be initiated remotely. Furthermore, there is an exploit available.

Everest ransomware claims Mailchimp breach, leaks 943,000 lines of data. While limited in size, it adds to a spike in global ransomware activity this July.

A vulnerability, which was classified as problematic, was found in Mozilla Thunderbird up to 140. Affected is an unknown function of the component XSLT Document Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is traded as CVE-2025-8032. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 140. This issue affects some unknown processing of the component XSLT Document Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The identification of this vulnerability is CVE-2025-8032. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 140 and classified as problematic. This vulnerability affects unknown code of the component CSP Report Handler. The manipulation leads to information exposure through debug log file. This vulnerability was named CVE-2025-8031. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 140 and classified as problematic. This issue affects some unknown processing of the component CSP Report Handler. The manipulation leads to information exposure through debug log file. The identification of this vulnerability is CVE-2025-8031. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 140. This affects an unknown part of the component Copy as cURL Handler. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2025-8030. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox up to 140. Affected by this issue is some unknown functionality of the component Copy as cURL Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-8030. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mozilla Firefox up to 140. Affected is an unknown function of the component javascript URL Handler. The manipulation leads to code injection. This vulnerability is traded as CVE-2025-8029. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Thunderbird up to 140. Affected by this vulnerability is an unknown functionality of the component javascript URL Handler. The manipulation leads to code injection. This vulnerability is known as CVE-2025-8029. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A person called me on the phone a few moments ago claiming to be from US Bank. He said there was some fraud detected on my account: someone created a new checking account with my identity information. “So, you have my identity information?” I asked. “Yes,” he replied. “Can you prove who you say you […]

The post Another Telephone Phish appeared first on Security Boulevard.

Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON)  targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This […]

A vulnerability classified as problematic has been found in HPE Telco Service Activator up to 10.3.1. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-37109. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HPE Telco Service Activator up to 10.3.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-37108. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in golang-jwt jwt 5.4.3. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to inadequate encryption strength. This vulnerability was named CVE-2025-45770. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in Archer RSA Archer 6.11.00204.10014. It has been classified as critical. This affects an unknown part. The manipulation leads to csv injection. This vulnerability is uniquely identified as CVE-2025-50572. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Apple visionOS. It has been rated as problematic. This issue affects some unknown processing of the component App. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2025-43234. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple watchOS. Affected is an unknown function of the component App. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-43234. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple iOS and iPadOS. Affected by this vulnerability is an unknown functionality of the component App. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-43234. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.