Aggregator

A vulnerability has been found in Extensiondepot Com Jsupport 1.5.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index2.php. The manipulation of the argument subject leads to cross site scripting. This vulnerability is known as CVE-2010-4837. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Extensiondepot Com Jsupport 1.5.6 and classified as critical. Affected by this issue is some unknown functionality of the file administrator/index.php. The manipulation of the argument alpha leads to sql injection. This vulnerability is handled as CVE-2010-4838. The attack may be launched remotely. Furthermore, there is an exploit available.

MCP (Model Control Plane) Server is a centralized platform that orchestrates, manages, and secures the lifecycle of AI models deployed across an organization’s infrastructure. By providing integration, management, and real-time monitoring of models, MCP servers enable enterprises to defend against sophisticated, AI-powered cyberattacks. This article explores MCP server integration and usage, its core workings, the […]

The post What is MCP Server – How it is Powering AI-Driven Cyber Defense appeared first on Cyber Security News.

该漏洞利用难度极低，利用代码据称已在地下论坛流传

A vulnerability classified as critical was found in Tutor LMS Pro Plugin up to 3.7.0 on WordPress. This vulnerability affects the function get_submitted_assignments. The manipulation leads to sql injection. This vulnerability was named CVE-2025-6184. The attack can be initiated remotely. There is no exploit available.

随着品牌数字化发展，AI驱动的威胁如高管 impersonation 和数据泄露增多，损害企业声誉和客户信任。Styx Intelligence 提供解决方案以应对这些挑战。

A critical zero-click NTLM credential leakage vulnerability that circumvents Microsoft’s recent patch for CVE-2025-24054.  The newly identified flaw, assigned CVE-2025-50154, allows attackers to extract NTLM hashes from fully patched Windows systems without any user interaction, demonstrating that Microsoft’s April security update was incomplete. Key Takeaways1. CVE-2025-50154 bypasses Microsoft's recent patch, enabling zero-click NTLM credential theft.2. […]

The post New Windows 0-Click NTLM Credential Leakage Vulnerability Bypasses Microsoft’s Patch appeared first on Cyber Security News.

Curly COMrades закрепляются в сетях Грузии и Молдавии, не используя ни одной нулевой уязвимости.

如何将组织最深的痛苦、最棘手的挑战，系统性地转化为最强竞争优势的现代炼金术

Microsoft on Tuesday rolled out fixes for a massive set of 111 security flaws across its software portfolio, including one flaw that has been disclosed as publicly known at the time of the release. Of the 111 vulnerabilities, 16 are rated Critical, 92 are rated Important, two are rated Moderate, and one is rated Low in severity. Forty-four of the vulnerabilities relate to privilege

微软修复了111个安全漏洞，包括零日漏洞CVE-2025-53779（BadSuccessor），该漏洞允许攻击者利用dMSA对象提升权限至域管理员。此外还修复了多个高危远程代码执行和权限提升漏洞。

网络钓鱼和诈骗利用AI技术生成逼真内容，如语音克隆、深度伪造视频和个性化攻击；攻击者还滥用合法平台隐藏钓鱼网站，并转向窃取生物识别数据等不可变信息；提醒用户警惕异常信息并核实来源。

Microsoft announced updates for 107 vulnerabilities on Patch Tuesday, including one zero-day

朝鲜黑客组织 Kimsuky 遭白帽黑客攻击，泄露 8.9GB 数据，包含网络钓鱼工具包、攻击日志及韩国政府机构信息等敏感内容。

网络安全团队面临人才短缺和复杂威胁的双重挑战。高管与一线员工对威胁检测、团队 staffing 和自动化工具的看法存在显著分歧。人才缺口持续扩大，而低代码安全自动化被视为提升应对能力的关键解决方案。

A high-severity authentication bypass vulnerability affecting multiple Fortinet security products, including FortiOS, FortiProxy, and FortiPAM systems.  The flaw, designated as CVE-2024-26009 with a CVSS score of 7.9, enables unauthenticated attackers to seize complete control of managed devices through exploitation of the FortiGate-to-FortiManager (FGFM) communication protocol. Key Takeaways1. CVE-2024-26009 allows authentication bypass in Fortinet products.2. Attackers […]

The post FortiOS, FortiProxy, and FortiPAM Auth Bypass Vulnerability Allows Attackers to Gain Full Control appeared first on Cyber Security News.

研究显示网络安全威胁准备情况严峻：高管与一线安全人员对威胁检测和应对能力存在严重分歧；人才短缺问题持续加剧；低代码安全自动化成为高效团队的关键因素。

国家计算机病毒应急处理中心通报70款移动应用存在违法违规收集使用个人信息问题，涉及隐私政策不透明、未获用户同意收集信息、缺乏撤回同意途径等问题。部分应用还存在未制定未成年人信息处理规则或未采取安全技术措施等情况。