Aggregator

Users Download Malware in Bid to Placate Meta
A newly surfaced FileFix social engineering campaign puts a new spin on ClickFix attacks by goading users into loading malware under the guise of reporting a wrongful account suspension to social media giant Facebook. Victims likely get sucked into the scam by following a link from a phishing email.

Also, Colt Services Outage Persists, Finland Charges Americans in Vastaamo Hack
This week, Microsoft hit RaccoonO365, Colt Technology Services, Finland charged a U.S. citizen in Vastaamo hack. RevengeHotels hackers used AI, Meta can't overturn a privacy case verdict. Chinese hackers unleashed spear phishing emails. Prosper confirmed a data breach, as did Kering fashion houses.

Silicon Valley Startup Brings AI Agent and Prompt Injection Protections to Falcon
CrowdStrike plans to purchase Pangea to add native AI detection and response capabilities to its Falcon platform. The company says the acquisition will help secure AI models and users alike from preventing prompt injection to tracking agent activity across enterprise environments.

Senate Homeland Security Cancels Markup Session
Lawmakers are racing to extend a key cyber sharing law before it expires Sept. 30, but partisan gridlock and proposed restrictions on the U.S. cyber defense agency's disinformation work threaten reauthorization - risking federal insight into active threats and chilling private cooperation.

本文件确立了人工智能计算平台的安全框架，规定了安全功能、安全管理和角色安全职责。

数千账户令牌及仓库密钥泄露，影响持续发酵。

A vulnerability marked as problematic has been reported in Red Hat Ansible. This impacts an unknown function of the component event-driven-ansible. Performing manipulation results in information disclosure. This vulnerability was named CVE-2025-9907. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability labeled as critical has been found in miniOrange OTP Verification with Firebase Plugin up to 3.1.0/3.6.2 on WordPress. This affects the function handle_mofirebase_form_options. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-7665. The attack can be launched remotely. No exploit exists.

A vulnerability identified as problematic has been detected in Red Hat Ansible. The impacted element is an unknown function of the component aap-gateway. This manipulation causes information disclosure. This vulnerability is handled as CVE-2025-9909. The attack can only be done within the local network. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in Red Hat Ansible. The affected element is an unknown function of the component event-driven-ansible. The manipulation results in information disclosure. This vulnerability is known as CVE-2025-9908. Access to the local network is required for this attack. No exploit is available.

A vulnerability was found in Embed PDF for WPForms Plugin up to 1.1.5 on WordPress. It has been rated as critical. Impacted is the function ajax_handler_download_pdf_media. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-10647. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in zephyrproject-rtos Zephyr up to 4.1.0. It has been declared as problematic. This issue affects some unknown processing of the component Bluetooth Low Energy Handler. Executing manipulation can lead to integer overflow. This vulnerability appears as CVE-2025-10456. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability was found in aonetheme Service Finder Bookings Plugin up to 6.0 on WordPress. It has been classified as critical. This vulnerability affects the function claim_business. Performing manipulation results in authorization bypass. This vulnerability is reported as CVE-2025-5948. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in zephyrproject-rtos Zephyr up to 4.1 and classified as critical. This affects the function bt_conn_tx_processor. Such manipulation leads to write-what-where condition. This vulnerability is documented as CVE-2025-7403. The attack requires being on the local network. There is not any exploit available.

A vulnerability has been found in zephyrproject-rtos Zephyr up to 4.1.0 and classified as critical. Affected by this issue is some unknown functionality. This manipulation causes improper handling of length parameter inconsistency. This vulnerability is registered as CVE-2025-10458. The attack requires access to the local network. No exploit is available.

文章介绍了HIBP新增的演示页面和YouTube频道，提供教学视频以简化API使用和基础操作教程，并展示域名监控功能的广泛应用。

A vulnerability, which was classified as problematic, was found in zephyrproject-rtos Zephyr up to 4.1.0. Affected by this vulnerability is an unknown functionality of the component BLE Connection Response Handler. The manipulation results in security check for standard. This vulnerability is cataloged as CVE-2025-10457. The attack must originate from the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in SMSEagle up to 6.10. Affected is an unknown function of the component Phone Number Handler. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-59715. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.