Aggregator

A vulnerability, which was classified as problematic, has been found in Mobile Industrial Robots MiR Robots and MiR Fleet up to 2.x. This affects an unknown function. This manipulation causes information exposure through error message. This vulnerability appears as CVE-2025-9229. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in magepeopleteam Taxi Booking Manager for WooCommerce Plugin up to 1.3.0 on WordPress. This impacts an unknown function. Such manipulation leads to authentication bypass using alternate channel. This vulnerability is traded as CVE-2025-54713. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in FunnelKit Funnel Builder Plugin up to 3.11.1 on WordPress. The impacted element is an unknown function. The manipulation results in improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is reported as CVE-2025-54750. The attack can be launched remotely. No exploit exists.

苹果正在印度而不是中国组装更多新款 iPhone 17 手机，且首次所有 iPhone 新机型在印度组装出货。苹果正在开发 iPhone 16E 后续机型，计划由印度组装。为了减少对中国制造的依赖，苹果正将 iPhone 大部分的组装转移到印度。苹果预计本季度将缴纳 11 亿美元的关税，而目前从印度向美国出口的 iPhone 可享受关税豁免。分析师称，iPhone 的组件仍然主要在中国生产，然后运往印度进行最终组装。

North Korean threat actors have been attributed to a coordinated cyber espionage campaign targeting diplomatic missions in their southern counterpart between March and July 2025. The activity manifested in the form of at least 19 spear-phishing emails that impersonated trusted diplomatic contacts with the goal of luring embassy staff and foreign ministry personnel with convincing meeting invites

Microsoft has issued an emergency patch to fix Windows recovery problems for some users

首个无需伪造基站的5G通信流量实时嗅探框架

Хакер так хотел славы, что оставил полиции свой имейл, адрес и номер телефона.

TrafficGPT是一种基于生成式预训练和线性注意力的模型，将token长度扩展至12,032，在五个公开数据集上分类性能优于现有方法，并能生成高度逼真的网络流量，突破了长流量分析与生成的瓶颈。

安全重构，智启未来 ！期待您的声音，与我们一同勾勒安全防御的未来图景！

XSSky：融合动静态分析，精准狙击XSS漏洞的新一代“利剑”

A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in deserialization. This vulnerability is identified as CVE-2025-5497. The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to upgrade the affected component.

A sophisticated campaign uncovered where adversaries are exploiting CVE-2023-46604, a critical remote code execution vulnerability in Apache ActiveMQ, to compromise cloud-based Linux systems. In this case, attackers are patching the very vulnerability they exploited to maintain exclusive access and evade detection, demonstrating advanced operational security practices typically reserved for nation-state actors. Key Takeaways1. Attackers exploit […]

The post Hackers Exploiting Apache ActiveMQ Vulnerability to Gain Access to Cloud Linux Systems appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in Mobile Industrial Robots MiR Robots and MiR Fleet up to 2.x. The affected element is an unknown function of the component Note Handler. The manipulation leads to incorrect authorization. This vulnerability is documented as CVE-2025-9228. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in Mobile Industrial Robots MiR Robots and MiR Fleet up to 2.x. This issue affects some unknown processing of the component Web Interface. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-9225. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Pik Online Yazılım Çözümleri Pik Online up to 3.1.4. Impacted is an unknown function. Executing manipulation can lead to server-side request forgery. This vulnerability is registered as CVE-2025-5260. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

Cybersecurity researchers have uncovered a sophisticated campaign by the Paper Werewolf threat actor group, also known as GOFFEE, targeting Russian organizations through the exploitation of critical vulnerabilities in WinRAR archiving software. The campaign, active since July 2025, demonstrates the group’s advanced capabilities in leveraging both known and previously undiscovered security flaws to establish persistent access […]

The post Paper Werewolf Exploiting WinRAR Zero‑Day Vulnerability to Deliver Malware appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. This vulnerability is listed as CVE-2025-9167. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.