Aggregator

A vulnerability marked as critical has been reported in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. This vulnerability is listed as CVE-2025-10440. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. This vulnerability is cataloged as CVE-2025-10441. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. This vulnerability is documented as CVE-2025-10443. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /advancesearch.php. Performing manipulation of the argument Username results in sql injection. This vulnerability is reported as CVE-2025-10444. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Genians observed the Kimsuky group impersonate a defense institution in a spear-phishing attack, leveraging ChatGPT to create fake military ID cards

A vulnerability identified as critical has been detected in JCcorp URLshrink 1.3.1. The affected element is an unknown function of the file createurl.php. This manipulation of the argument formurl causes file inclusion. The identification of this vulnerability is CVE-2007-1416. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in JCcorp URLshrink 1.3.1. This impacts an unknown function. This manipulation causes improper privilege management. This vulnerability is registered as CVE-2007-1795. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability identified as problematic has been detected in Jeeblestechnology Jeebles Directory 2.9.60. This issue affects some unknown processing of the file download.php. The manipulation leads to path traversal. This vulnerability is documented as CVE-2007-5706. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in Browser. Affected is an unknown function. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2007-1156. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Jax Jax Petition Book 1.0.3.06. The impacted element is an unknown function of the file jax_petitionbook.php. The manipulation of the argument languagepack leads to path traversal. This vulnerability is documented as CVE-2007-0335. The attack can be initiated remotely. Additionally, an exploit exists.

New research from Red Canary and Zscaler shows phishing lures now drop RMM tools like ITarian and Atera,…

SSL/TLS certificates are no longer just a technical detail, they’re now a strategic driver of crypto agility. With certificate lifespans shortening to just 47 days by 2029, organizations must adopt automation, certificate visibility, and lifecycle management to stay secure. This shift, alongside the coming impact of quantum computing, forces leadership to treat certificate agility as a core business priority for resilience, compliance, and post-quantum readiness.

The post Why 47-day SSL/TLS certificates can be used as a driver for crypto agility appeared first on Security Boulevard.

Накрыт крупный ресурс, где торговали наркотиками и оружием.

Burger King has invoked the Digital Millennium Copyright Act to force the removal of a security researcher’s blog post that disclosed serious vulnerabilities in its new drive-thru “Assistant” system. Ethical hacker BobDaHacker published a report showing how attackers could bypass authentication, listen in on customer orders, and access employee records before a takedown notice took […]

The post Burger King Uses DMCA to Remove Blog Exposing Drive-Thru System Security Flaws appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The cybersecurity landscape witnessed a significant escalation in July 2025 when the China-aligned threat actor Hive0154, commonly known as Mustang Panda, deployed sophisticated new malware variants designed to breach air-gapped systems. This advanced persistent threat group introduced SnakeDisk, a novel USB worm, alongside an updated Toneshell9 backdoor, representing a calculated evolution in their cyber espionage […]

The post Mustang Panda With SnakeDisk USB Worm and Toneshell Backdoor Seeking to Penetrate Air-Gap Systems appeared first on Cyber Security News.

Red AI Range (RAR), an open-source AI red teaming platform, is transforming the way security professionals assess and harden AI systems.  Designed to simulate realistic attack scenarios, RAR streamlines the discovery, analysis, and mitigation of AI-specific vulnerabilities by leveraging containerized architectures and automated tooling.  Key Takeaways1. Arsenal/Target buttons spin up isolated AI testing containers.2. Recording, […]

The post New Red Teaming Tool “Red AI Range” Discovers, Analyzes, and Mitigates AI Vulnerabilities appeared first on Cyber Security News.

Attacks that target users in their web browsers have seen an unprecedented rise in recent years. In this article, we’ll explore what a “browser-based attack” is, and why they’re proving to be so effective.  What is a browser-based attack? First, it’s important to establish what a browser-based attack is. In most scenarios, attackers don’t think of themselves as attacking your web browser.

Learn how to migrate from Akamai Identity Cloud before shutdown. Explore alternatives, reduce risk, and future-proof your identity strategy.

The post Akamai Identity Cloud Retirement — What’s Next for Your Identity and Access Management? appeared first on Security Boulevard.

Один отель в Тиморе способен ударить по региональной безопасности сильнее, чем армия.