Aggregator

A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component V8. The manipulation leads to type confusion. This vulnerability was named CVE-2024-9603. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Security researchers have uncovered a sophisticated malware campaign where threat actors are coercing popular YouTubers to distribute SilentCryptoMiner malware disguised as restriction bypass tools. This campaign has already affected more than 2,000 victims in Russia, with the actual number potentially much higher. The malware leverages Windows Packet Divert drivers, a technology increasingly used in utilities […]

The post Threat Actors Leverage YouTubers to Attack Windows Systems Via SilentCryptoMiner appeared first on Cyber Security News.

A vulnerability classified as problematic was found in Perl always uses Perl Net::EasyTCP Package up to 0.26. This vulnerability affects the function rand. The manipulation leads to cryptographically weak prng. This vulnerability was named CVE-2024-56830. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.9. This affects the function platform_device_register_full of the component virtuser. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2025-21661. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome and classified as critical. Affected by this issue is some unknown functionality of the component V8. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-5841. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in grafana-plugin-sdk-go Grafana Plugin SDK up to 0.249.0. Affected is an unknown function. The manipulation leads to insufficiently protected credentials. This vulnerability is traded as CVE-2024-8986. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Google Go up to 1.23.6/1.24.0. This vulnerability affects unknown code of the component IPv6 Zone ID Handler. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2025-22870. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Bootstrap Lite Theme on Backdrop. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-27826. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Bootstrap 5 Lite Theme on Backdrop. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-27825. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mail Disguise Module on Backdrop. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-27823. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Docmosis Tornado up to 2.9.7. It has been classified as critical. Affected is an unknown function of the component UNC Path Handler. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2024-42733. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Link iframe Formatter Module on Backdrop and classified as problematic. This issue affects some unknown processing of the component iFrame Field Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-27824. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Masquerade Module on Backdrop and classified as problematic. This vulnerability affects unknown code. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-27822. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Physical penetration testing provides crucial insights into real-world security vulnerabilities that might be overlooked in purely digital assessments. A recent case study conducted by Hackmosphere for a furniture retailer, referred to as ExCorp, revealed how physical access to facilities could compromise internal networks despite robust cybersecurity measures. The penetration test identified four critical vulnerabilities that […]

The post Getting Access to Internal Networks Via Physical Pentest – Case Study appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in Embed PDF Viewer Plugin up to 2.4.4 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument height/width leads to cross site scripting. This vulnerability is handled as CVE-2024-9451. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Auto iFrame Plugin up to 1.7 on WordPress. This affects an unknown part. The manipulation of the argument tag leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9449. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Smart Post Show Plugin up to 3.0.0 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Pagination Color Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-8187. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Adobe Dimension and classified as critical. Affected by this issue is some unknown functionality of the component SKP File Parser. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-45146. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.