Aggregator

A vulnerability was found in Icinga icingaweb2 up to 2.11.4/2.12.2. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-27404. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Trend Micro Apex One and Apex One as a Service. It has been rated as critical. This issue affects some unknown processing of the component Plug-in User Interface Manager. The manipulation leads to incorrect user management. The identification of this vulnerability is CVE-2024-58105. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed

Hackers have leaked flight records allegedly belonging to the CEO of the Russian airline Aeroflot following a major cyberattack that grounded flights.

Времена доверия прошли. Ни одна внешняя ссылка больше не пересечёт периметр.

A vulnerability was found in Cisco IOS and IOS XE and classified as critical. Affected by this issue is some unknown functionality of the component SSH. The manipulation leads to handling of exceptional conditions. This vulnerability is handled as CVE-2022-20920. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Icinga icingaweb2 up to 2.11.4/2.12.2. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-27405. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Icinga icingaweb2 up to 2.11.4/2.12.2. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-27609. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Cisco Secure Network Analytics 7.4.1/7.4.2/7.5.0/7.5.1/7.5.2. This vulnerability affects unknown code of the component Web-based Management Interface. The manipulation leads to injection. This vulnerability was named CVE-2025-20256. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco SocialMiner and Unified Contact Center Express. It has been classified as problematic. This affects an unknown part of the component Web-based Chat Interface. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-20129. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Check Point Research (CPR) has delved into the operations of Storm-2603, a recently identified threat actor linked to Chinese advanced persistent threat (APT) groups, amid widespread exploitation of Microsoft SharePoint Server vulnerabilities known as “ToolShell.” This campaign exploits four critical CVEs CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771 to facilitate intrusions, with Storm-2603 deploying a custom command-and-control […]

The post Storm-2603 Deploys Custom Malware Using BYOVD to Bypass Endpoint Protections appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Woffice Core Plugin up to 5.4.26 on WordPress and classified as problematic. Affected by this issue is the function woffice_file_manager_delete. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-7694. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in jose 6.0.10 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to inadequate encryption strength. This vulnerability is known as CVE-2025-45767. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Hangzhou Shunwang Rentdrv2. Affected is an unknown function. The manipulation leads to exposed ioctl with insufficient access control. This vulnerability is traded as CVE-2023-44976. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco IOS XR. It has been rated as critical. Affected by this issue is some unknown functionality of the component IKEv2 Handler. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2025-20209. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Icinga icingaweb2 up to 2.11.4/2.12.2. This vulnerability affects unknown code of the component Command-Line Interface. The manipulation leads to open redirect. This vulnerability was named CVE-2025-30164. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

In this post we demonstrate how a bypass in OpenAI’s “safe URL” rendering feature allows ChatGPT to send personal information to a third-party server. This can be exploited by an adversary via a prompt injection via untrusted data.

If you process untrusted content, like summarizing a website, or analyze a pdf document, the author of that document can exfiltrate any information present in the prompt context, including your past chat history.

Шатдауны бьют рекорды, власти говорят — «детокс».

Security Expert Silke Holtmanns on Telecom Threats, Data Challenges and Zero Trust
Telecom firms face rising cyberthreats, growing regulatory pressure and shrinking budgets. But instead of chasing flashy solutions, the industry should focus on strengthening its security fundamentals, said Silke Holtmanns, telecommunication and critical infrastructure security expert at Blue Hour.

Investor Umesh Padval on Platform Power, Scaling Fast and Global AI Plays
Q2 2025 saw AI dominate global VC funding, grabbing $47.5 billion of the $94.6 billion raised. AI Investor Umesh Padval breaks down what makes AI infrastructure startups worth betting on - from platform depth and speed to regional ecosystems and exit timing.