Aggregator

It’s the middle of the week, you are working on a project that needs to be done, and while you are trying to focus, you get the same phishing alert for the 10th time this week. Your team is drowning in noise, and you’re looking around thinking,  ‘It’s 2025. There has to be an [...]

The post Soar is your Safest Bet appeared first on Hurricane Labs.

The post Soar is your Safest Bet appeared first on Security Boulevard.

What do a pharma firm, a hospital service provider, and your smart doorbell have in common? They were all targets in cyberattacks last month. Here’s the August end-of-month threat rundown from the ColorTokens Threat Advisory Team, a peek into how threat actors are rewriting the rules, one zero-day or botnet at a time. And if […]

The post When Hackers Pivot and Hospitals Freeze: What the Latest Threats Reveal About Cybercrime’s New Playbook appeared first on ColorTokens.

The post When Hackers Pivot and Hospitals Freeze: What the Latest Threats Reveal About Cybercrime’s New Playbook appeared first on Security Boulevard.

Phishing has moved far beyond suspicious links. Today, attackers hide inside the files employees trust most; PDFs. On the surface, they look like invoices, contracts, or reports. But once opened, these documents can trigger hidden scripts, redirect to fake login pages, or quietly steal credentials. The danger lies in how convincing they are. PDFs often […]

The post Attackers Are Abusing Malicious PDFs: Here’s How to Spot Them Early appeared first on Cyber Security News.

A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown function of the file /OL_OprationLog/GetPageList. This manipulation of the argument optUser causes sql injection. The identification of this vulnerability is CVE-2025-8701. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as problematic has been identified in Check Point Harmony SASE. Affected by this issue is some unknown functionality of the component Harmony SASE Agent Handler. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-3831. The attack can be launched remotely. No exploit exists.

A vulnerability labeled as problematic has been found in MGeurts genealogy up to 4.3.x. The impacted element is an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-55287. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in MGeurts genealogy up to 4.3.x. This affects an unknown function. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-55288. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in n8n-io n8n up to 1.98.1. It has been classified as problematic. This issue affects some unknown processing. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-52478. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in IBM Edge Application Manager 4.5. This impacts an unknown function. Performing manipulation results in incorrect permission assignment. This vulnerability is known as CVE-2025-1139. Attacking locally is a requirement. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in zhenfeng13 My-Blog 1.0.0 and classified as problematic. This affects an unknown part of the file /blog/comment of the component Frontend Blog Article Comment Handler. Performing manipulation results in authentication bypass by capture-replay. This vulnerability is identified as CVE-2025-9100. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/tags/save of the component Tag Handler. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-9101. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This impacts an unknown function of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. Such manipulation of the argument ObjectID leads to sql injection. This vulnerability is referenced as CVE-2025-8702. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetAreaTrendChartData of the component Environmental Real-Time Data Module. Performing manipulation of the argument energyId results in sql injection. This vulnerability is identified as CVE-2025-8703. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability has been found in Check Point SmartConsole R81.10/R81.20/R82 and classified as problematic. Affected is an unknown function. This manipulation causes cleartext storage of sensitive information in memory. This vulnerability is handled as CVE-2024-24915. It is feasible to perform the attack on the physical device. There is not any exploit available.

A vulnerability identified as critical has been detected in Helm up to 3.17.2. The affected element is an unknown function of the component JSON Schema File Handler. Performing manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2025-32387. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Helm up to 3.17.2. The impacted element is an unknown function. Executing manipulation can lead to uncontrolled memory allocation. This vulnerability is registered as CVE-2025-32386. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

The Homeland Security Committee also voted out bills addressing pipeline cybersecurity and terrorists’ use of AI.

The post House panel approves cyber information sharing, grant legislation as expiration deadlines loom appeared first on CyberScoop.