Aggregator

A vulnerability has been found in Omnissa Workspace ONE UEM and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2025-25229. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in libcsp 2.0. Affected is the function csp_eth_init. The manipulation of the argument ifname leads to buffer overflow. This vulnerability is traded as CVE-2025-51823. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Arigato Autoresponder and Newsletter 2.5.1.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file list-user.html.php. The manipulation of the argument offset as part of GET Request leads to cross site scripting (Reflected). This vulnerability is known as CVE-2018-1002008. The attack can be launched remotely. Furthermore, there is an exploit available.

От исхода процесса зависит, останутся ли миллионы устройств в строю.

A vulnerability was found in Bentley View and classified as critical. Affected by this issue is some unknown functionality of the component SKP File Parser. The manipulation leads to use after free. This vulnerability is handled as CVE-2022-43651. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Bentley View. Affected is an unknown function of the component SKP File Parser. The manipulation leads to use after free. This vulnerability is traded as CVE-2022-43652. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Themewinter Eventin Plugin up to 3.3.57 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-37507. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Themewinter Eventin Plugin up to 4.0.5 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-39648. The attack may be launched remotely. There is no exploit available.

CastleLoader, a sophisticated malware loader that emerged in early 2025, has successfully compromised 469 devices out of 1,634 infection attempts since May 2025, achieving an alarming 28.7% infection rate. This versatile threat has primarily targeted U.S. government entities through advanced phishing campaigns that exploit user trust in legitimate platforms and services. The malware employs two […]

The post CastleLoader Malware Infected Over 400+ Devices Using Cloudflare-Themed ClickFix Phishing Attack appeared first on Cyber Security News.

The Netherlands' National Cyber Security Centre (NCSC) is warning that a critical Citrix NetScaler vulnerability tracked as CVE-2025-6543 was exploited to breach "critical organizations" in the country. [...]

A vulnerability classified as critical was found in Apache HTTP Server up to 2.4.52. This vulnerability affects unknown code of the component Request Body Handler. The manipulation leads to integer overflow. This vulnerability was named CVE-2022-22721. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apache HTTP Server up to 2.4.52. This issue affects some unknown processing of the component Request Body Handler. The manipulation leads to improper initialization. The identification of this vulnerability is CVE-2022-22719. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple macOS up to 12.3. This vulnerability affects unknown code of the component Apache. The manipulation leads to improper initialization. This vulnerability was named CVE-2022-22719. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache HTTP Server up to 2.4.46 and classified as critical. This vulnerability affects unknown code of the component mod_auth_digest. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2020-35452. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache HTTP Server up to 2.4.46. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component mod_session. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2021-26690. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Outlook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper input validation. This vulnerability was named CVE-2025-47171. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

DataDome’s server-side behavioral detection blocked over 214 million malicious requests from a single IP targeting a global travel platform without downtime or disruption.

The post How DataDome Blocked 214M+ Malicious Requests With Server-Side Behavioral Detection appeared first on Security Boulevard.

Name: WHY2025 CTF (an WHY2025 CTF event.)
Date: Aug. 8, 2025, 4 p.m. — 11 Aug. 2025, 16:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.why2025.org/
Rating weight: 0.00
Event organizers: Eindbazen

Creator/Author/Presenter: Vlad Iliushin

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Netsec Is Dead(?): Modern Network Fingerprinting For Real-World Defense appeared first on Security Boulevard.