Aggregator

A vulnerability has been found in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af and classified as critical. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. This vulnerability is referenced as CVE-2025-9801. Remote exploitation of the attack is possible. Furthermore, an exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in RemoteClinic 2.0 and classified as critical. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2025-9802. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20 and classified as problematic. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The identification of this vulnerability is CVE-2025-9806. The attack can only be executed locally. Furthermore, there is an exploit available.

Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems. The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, and README descriptions, attracting a total of 347

研究人员发现恶意npm包nodejs-smtp伪装nodemailer，注入恶意代码至Atomic和Exodus钱包应用。该包利用Electron解包、替换文件并重新打包，篡改收款地址以窃取比特币等加密货币。

A vulnerability was found in Basilix Webmail 1.1.0 and classified as problematic. This vulnerability affects unknown code of the component HTTP POST Handler. Such manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2002-1710. Local access is required to approach this attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Basilix Webmail 1.1.0. It has been classified as problematic. This issue affects some unknown processing of the file /tmp/BasiliX of the component Attachment Handler. Performing manipulation results in improper privilege management. This vulnerability was named CVE-2002-1711. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability identified as problematic has been detected in SSH up to 3. This affects an unknown function. This manipulation causes improper privilege management. This vulnerability is tracked as CVE-2002-1715. The attack is restricted to local execution. Moreover, an exploit is present.

In this Help Net Security video, Dwayne McDaniel, Senior Developer Advocate at GitGuardian, presents findings from The State of Secrets Sprawl 2025. McDaniel explains why generic secrets are especially difficult to detect, why private repositories pose an even greater risk, and how collaboration tools and Docker images have become overlooked sources of exposure. He also discusses the impact of AI coding assistants on security practices and the dangers of long-lived secrets and excessive permissions. The … More →

The post What the GitGuardian secrets sprawl report reveals about leaked credentials appeared first on Help Net Security.

Некрасивые парни становятся объектом циничного социального эксперимента.

Researchers at Stripe OLT’s SOC have uncovered a large-scale, targeted phishing campaign aimed at senior executives and top

The post Warning: A New Phishing Campaign Is Targeting Senior Executives appeared first on Penetration Testing Tools.

Researchers at Kaspersky Lab have reported the resurgence of ransomware operations by the group OldGremlin, which has once

The post OldGremlin Ransomware Returns to Haunt Russian Businesses appeared first on Penetration Testing Tools.

​软硬一体的 AI，缓解了我的牛马焦虑。

The North Korean threat group APT37 (also known as ScarCruft, InkySquid, Reaper, and Ricochet Chollima) has launched a

The post North Korean Hackers Launch Widespread Cyberespionage Campaign appeared first on Penetration Testing Tools.

Between June and July 2025, researchers recorded hundreds of thousands of password brute-force attempts targeting SSL VPN and

The post Anatomy of an Attack: Inside a Massive Brute-Force Campaign appeared first on Penetration Testing Tools.

On August 26, China hosted the 2025 China Operating System Industry Conference, jointly organized by the China Copyright

The post China Unveils a New Operating System to Challenge Windows and macOS appeared first on Penetration Testing Tools.

Entrepreneur Dan Shapiro encountered an unexpected obstacle: a popular AI chatbot refused to transcribe business documents, citing copyright

The post Call Me an Idiot: How to Persuade an AI to Break Its Rules appeared first on Penetration Testing Tools.

Austria’s Federal Ministry of the Interior (BMI) has fallen victim to a targeted cyberattack, details of which emerged

The post Austria’s Ministry of the Interior Hit by Targeted Cyberattack appeared first on Penetration Testing Tools.

CISO Shift Technology | France | Remote – View job details As a CISO, you will develop and execute a comprehensive enterprise information security strategy aligned with company goals and risk tolerance. Lead incident response efforts and continuously improve detection, response, and recovery capabilities. Conduct risk assessments and implement appropriate mitigation strategies. CISO Demandbase | USA | On-site – View job details As a CISO, you will establish governance and technical controls to ensure safe … More →

The post Cybersecurity jobs available right now: September 2, 2025 appeared first on Help Net Security.

On July 24, 2025, the cryptocurrency platform WOO X suffered a sophisticated targeted attack in which $14 million

The post Lazarus Group’s New Target: How North Korean Hackers Stole $14M from WOO X appeared first on Penetration Testing Tools.